Search adware malware

Wednesday, December 30, 2015

Hello Guys

Here I am going to explain you Hows Adware and Malware are get installed in your PC without notifying you  and i am also going to explain how to Avoid them and How to remove them.

Before you read this Go to this url Malware is not only about viruses – companies preinstall it all the time

What is the Adware And how it gets installed in your PC


When you installed any product to you PC as trial or free. Then that company wants you to buy their paid version of that software or they wants you should try there other software also.
     For that purpose they attached or include some .dll's(IE add-on) files or .xpi(eg. firefox add-on) .crx(chrome add-on) in Main installer.

For eg. If you download any software from http://en.softonic.com/  from this website then it always contain some other software also
In Below image you can see Here the Main software is "Free PDF to Word Converter" but they forcing to install "Wajam" also which not necessary and also you have not asked it. But they are forcing you to install it by saying "It is recommended" In this way a normal user gets Adware or Malware infected
This one of the way of installing adware or malware in PC. But one good thing here is they are giving optional to not to install and they not silently installing it.






How softonic delivers adware:
http://www.intego.com/mac-security-blog/softonic-download-site-briefly-delivers-trojan-adware-installer/

But most of the Adwares and Malware are installed silently .
When Adware is installed Silently they will not ask any Agreement rather they will hidden copying of adware and malware files and some registry Entries . in case of Windows OS .

Now I will show you how to detect if any adware or malware is silently installed in you Computer
   Usually Adware or Malware targets the browsers in your PC by installing Add-on.
For eg.In Internet Explore a .dll file is registered, In Firefox .xpi file are extracted and for Chrome .crx files are installed as Adware or Malware.
 To Check in IE
First I am going to Explain about IE add-on as adware or malware how to detect and remove it. 
1 Click on Manage add-on as shown below

2. In below image you can see list of add-on installed in IE . But with only this information we did not come to know which is actual add-on and which is adware(harmful) add-on . As you read this blog you will be able to identify adware from it.


3.Now right click on add-on which you want to check and click on More information as shown below

Note : Fiddler is not a Adware or Malware for only example i am explaining .
 4. After Right click you will get following dialog . In that dialog you will get its File location and folder location.

   5. Now go to that file location , (note: above file location is not show for copyright issue)
Now to check whether that is adware or not close check publisher or search on google for that publisher and file if you found that particular publisher or file is not trusted then , Close IE Cut Paste that file and placed somewhere else  .
After removing file if you found that it is again present there then it's serious issue some updater(exe) is again downloading and placing files there.
In this case you should uninstall that software . and if after uninstalling still files are present then Shift+delete that file.

6. After doing these thing still files are coming there again and again then some hidden exe file is downloading them
To identify that exe we need search specious exe in following location
         Press WinKey+R  one window will open  in that type "msconfig" in that go to startup tab you will see the list of exe which automatically starts when PC reboots every time.

7. Using Class ID(see in above image) also you can search for add-on file location
  for that Press WinKey+R  one "Registry Editor" window will open  in that type "regedit" on window will open in that go Edit->Find Menu and search for that class ID.
For eg HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{768919B3-C6AD-47D4-94E9-A4A2FBAAAAAA}

Now i'll show how to detect add-on (adware) in Firefox and How to Remove It
1.As shown below in Firefox click on Add-on

2. After clicking on Add-on below window will open
In which you can see list of Add-on , In case of firefox there is bug that even if you disabled the add-on it still works if following registry entries are present in "Registry Editor"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control]
"fip"="C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\{88d83554-2fdc-4bb9-8dcd-f2d46d175fAA}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{88d83554-2fdc-4bb9-8dcd-f2d46d175fAA}"="C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\{88d83554-2fdc-4bb9-8dcd-f2d46d175fAA}"

if you delete these registry entry or folder location given in this registry entry then that add-on will be deleted



As far now we have discussed that how add-on are installed and how to remove them

Now Lets discuss how add-on(Adware or Malware) can badly steal you information or can harm you PC
1. Adware can track your google searches by sending whole google url and also can track your county and city location . Some of bad adware also inject there own adds on your google page but you will not come to by just seeing them.
2. Some adware does replace google ads with there own ads without user get noticed
3. Some adware reads your cookies and post Ads on website according to cookies
4. Some of can steals you all passwords also

One of the way to identify that whether the information is staled by any software or Browser add-on is by using a tool "fiddler2" http://www.telerik.com/fiddler
For this just install fiddler and open it while installing any software or
while browsing any website if url catch by fiddler are with different domain than url you have typed in browser then you are infect by adware or malware



List of Adware Companies and Its adware
DefaultTab by Search Results
http://pcdeck.com/ by http://www.brainvire.com/our-clients/
http://wscanner.com by js4mt and http://www.brainvire.com/our-clients/
EasyPcCleaner http://epcc.co  and http://www.brainvire.com/our-clients/
Adssite Toolbar
passwordboss by passwordboss
Bearshare
Bonzi Buddy 
BSplayer
ClipGenie 
Comet Cursor
Crazy Girls
drspeedypc by Ikan Media Inc(http://www.bbb.org/west-florida/business-reviews/advertising-companies/ikan-media-in-spring-hill-fl-90097865)

more list you can find here https://infectedbrowser.wordpress.com/list-of-adware/     

If you have any queries please feel free to reply
  

4 comments:

  1. Thanks this is very helpful to get away from Adware and Malware

    ReplyDelete
  2. Thanks this vary nice & help ful. Can u suggest how to recover memmory card.

    ReplyDelete
  3. Really helpful information..thanks amit.

    ReplyDelete