cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
ksunberg
ksunberg
Level 7
Report Inappropriate Content
Message 1 of 9
‎09-19-2007 12:33 AM

AdClicker-FC and Ultimate Defender, PCCleaner, etc

>>> For several days leading up to today, I had following symptoms...
- Fake "Spyware Alert" and "Windows Security Alert".

- IE Homepage that I attempted to set was overridden by ...softwarereferral.com... url that was redirected to Ultimate Defender, Ultimante PCCLeaner sites and the like.

- I detected a registry Start Page pointer to softwarereferral.com.

- I have not knowingly chosen to install any of these software offers.

- I found no evidence that Ultimate Defender, etc was "installed", i.e. no presence in "Add/Remove Programs" and no obvious evidence in "Program Files" directory.

- These Ultimate web pages say they're running a scan but there is never any listing of findings such as are shown of the bleepingcomputer doc about Ultimate Defender, PCCleaner.

- McAfee AntiVirus 10.0 with w/latest engine, dat files (from late last week) did not detect.

- It was annoying but I kept the problem at bay and and kept my PC usable by minimizing the fake alerts and bogus website windows ... waiting until I had some time to work on it.

>>> Today the VirusScan DAT file was updated to version 5122 (Build: 10.0.27 Engine 5100). Symptoms have changed...

- McAfee detects AdClicker-FC infection in "Documents and Settings ... \local settings\temp\ac8zt2\nsduo.dll"

- McAfee deletes nsduo.dll and all other files in the ac8zt2 folder, terminates all IE instances, and refreshes the desktop and screen.

- I confirmed that the files have in fact been deleted.

- Some minutes later this scenario is repeated, presumably because there is a program running that is rewritting those files. IE is rendered essentially unusable.

- There are now no Fake alerts or Ultimate Defender, PCCleaner web pages shown, but, I suppose that may simply be due to the repeated detection/deletion of files described above.

- The registry Start Page pointer to softwarereferral.com no longer exists.

Friends have recommended SPYBOT and I've seen the SmitfraudFix recommendations in these forums. I'm not that jazzed about using freeware and am kind of wondering why McAfee and/or Norton haven't provided such tools.

At any rate I'm looking for guidance specific to my problem and will then decide whether to attempt to remedy myself or hire an expert :-).

Thanks,
0 Kudos
Reply
8 Replies
paullotion
paullotion
Level 11
Report Inappropriate Content
Message 2 of 9
‎09-19-2007 02:05 AM

RE: AdClicker-FC and Ultimate Defender, PCCleaner, etc

I would recommend you follow instructions below,they`ll be able to assist you in removing those infections for no charge.

Register at this Forum then follow these Steps post the required log in that forum,not here.
0 Kudos
Reply
Jubo
Jubo
Level 9
Report Inappropriate Content
Message 3 of 9
‎09-19-2007 04:59 AM

RE: AdClicker-FC and Ultimate Defender, PCCleaner, etc

See also this thread: How to remove Ultimate Defender
0 Kudos
Reply
ksunberg
ksunberg
Level 7
Report Inappropriate Content
Message 4 of 9
‎09-19-2007 08:02 AM

RE: AdClicker-FC and Ultimate Defender, PCCleaner, etc

OK

BTW, I have a System Restore point from the day before I first experienced the infection. Would restoring to that point be at all likely to solve the problem? The reason I haven't already tried that is that there have been a couple Windows Updates completed since then and I'm not sure what will happen to them.
0 Kudos
Reply
ksunberg
ksunberg
Level 7
Report Inappropriate Content
Message 5 of 9
‎09-19-2007 11:43 AM

RE: AdClicker-FC and Ultimate Defender, PCCleaner, etc

I had made the following post in the Virus Scan 10 forum thinking it was really a McAfee product/service question but was asked to post it here...

=====
Virus Scan is detecting AdClicker-FC. The McAfee Virus Information web site offers info on a long list of AdClicker "trojans" but AdClicker-FC is not covered.

Is there a reason for that?

Am I looking in the wrong place?

Is there another of the AdClicker "trojans" that is similar?

Thanks,
=====
0 Kudos
Reply
paullotion
paullotion
Level 11
Report Inappropriate Content
Message 6 of 9
‎09-19-2007 12:08 PM

RE: AdClicker-FC and Ultimate Defender, PCCleaner, etc

ksunberg

You have at least two different infections,i would recommend you follow the advise in post 2.
0 Kudos
Reply
ksunberg
ksunberg
Level 7
Report Inappropriate Content
Message 7 of 9
‎10-29-2007 05:37 PM

Problem resolved

On 09/20, the day after my previous append, the Fake alerts and Ultimate Defender, PCCleaner web page symptoms resumed. I used the following techniques to reduce the impact/annoyance and to buy some time.

1. Used Task Manager to minimize those Fake Alert and Ultimate Defender, PcCleaner Web Page windows.

2. Created a desktop icon pointing to my desired homepage to bypass the overwritten home page in Internet Options.

3. Stopped the repeating AdClicker-FC detection and file deletions that was breaking IE, by blocking the IP address 81.29.248.50 that an instance of SVC Host was connecting to.

I ran Adaware somewhere along the way. It found a few things but did not fix any of the viruses I have reported.

The symptoms persisted until about somewhere around the end of the first week of October. It seems that around that time, McAffee began to "catch up" with the particular versions of virus that had infected my machine. For the last 2-3 weeks I have seen no evidence/symptions of these or any other viruses active on my machine.

Needless to say I am quite pleased.
0 Kudos
Reply
paullotion
paullotion
Level 11
Report Inappropriate Content
Message 8 of 9
‎10-29-2007 06:55 PM

RE: Problem resolved

From what you have said i do not believe the infection is gone,only hiding.

You have not removed files/folders and registry entries,as for the DNS address that belongs to somewhere in Russia(most likely fake).They can use more than one IP address even though you have blocked 81.29.248.50.At best what you have described is a workaround and those infections are still onboard.

If you had followed my advise on the 19-9 you would have been sure you where clean,i would advise you to follow those steps.
0 Kudos
Reply
HoaiDuyen
HoaiDuyen
Level 8
Report Inappropriate Content
Message 9 of 9
‎12-15-2018 12:55 AM

Do you thing about malware ?

https://fortinetvn.com/san-pham/fortigate-100d
Mỹ phẩm cho mẹ bầu
0 Kudos
Reply

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community


Corporate Headquarters
2821 Mission College Blvd.
Santa Clara, CA 95054 USA

Consumer Support   |   Enterprise Support   |   McAfee.com

Legal   |   Privacy   |   Copyright © 2019 McAfee, LLC