Opinari.net
Opinari - Latin term for Opinion. Opinari.net is just what it seems: a cornucopia of rants, raves and poignant soliloquy. |
Friday, April 23, 2004
Adware programs are becoming a big pain in the ass, especially on the enterprise level, when people unwittingly open themselves up to myriad nuisances like these. Such is the case with one I encountered this week. As of this moment, I have not figured out which website was responsible, but I do know the files, and how to remove them.
If, when closing your browser, you get a popup ad directing you to belgiandip.com, the culprit is a little 64K file called pup.exe, which runs in your WINNT directory (assuming that you run NT or 2000). This file creates a similar, but differently named file in SYSTEM32, with a seemingly random name (mine was bdsfk.exe). The file is 64K is size also. The way to tell that it does not belong is, 1) it has the Visual Basic executable icon, and 2) right-clicking it and viewing its properties will inform you that it was created by "werule", and its name is "totempole". Delete both of these files. The SYSTEM32 file cannot be deleted until you close the process (CTRL-ALT-DELETE | Task Manager | Process tab | Close Process). Then, go to the registry and delete all keys that refer to pup.exe, or any of its spawn.
I found that Spysweeper and Ad-aware do not recognize this software yet, so the above steps are needed to remove it. It's not going to crash your system, but it's damned annoying.Labels: Archives_2004
.: posted by
Dave
11:11 AM
| |
Recommended Reading
|
