Join 3,433 readers in helping fund MetaFilter (Hide)


Adware problems
June 7, 2005 4:24 AM   Subscribe

I am experiencing a problem with adware. Several files are showing up on a regular basis with the designation "Booked Space." I can delete them using Ad-Aware, but they just turn up again (about fifteen files at a time) a few hours later, wreaking all kinds of havoc. Any idea where they come from or what to do about them?
posted by Secret Life of Gravy to Computers & Internet (13 answers total)
 
Just gotta ask: are you using Microsoft Internet Explorer? If so, try Firefox or Opera for a few days, even if you hate them. If the adware stops coming back, well, then you have to make a decision..

Also, try Spybot Search and Destroy. It gets a number of things Ad-aware doesn't (and vice-versa).

Lastly, maybe there's something resident in memory. Maybe a reboot right after running both Ad-aware and SS&D would help?
posted by Plutor at 4:52 AM on June 7, 2005


I've found the Microsoft Antispyware Beta to be good as well, and to catch things that have also been missed by Spybot.

Try running these tools in Safe Mode which will reduce the possibility that something resident in memory is resurrecting the malware after you remove it.
posted by grouse at 4:54 AM on June 7, 2005


Try running these tools in Safe Mode

That's your answer. The problem that you're encountering is that the spyware/adware/virus that you're trying to remove is actually running in memory at the moment. If you try to kill the process, it runs one last event before it dies that replicates itself to a random location and file name, and runs itself all over again.

Maybe a reboot right after running both Ad-aware and SS&D would help?

This is just bad advice. SS&D and Adware don't automatically remove spyware lines in the Startup file. That means a reboot after scanning means that nothing will actually happen to the virus, as the programs won't be able to delete files that are "in use" and then when the system reboots, they just start right up again.

If you reboot to safe mode, run your scans, remove the assembled masses of bad files, and edit the startup file (SS&D has a nice interface for this), you're good to go.

Just gotta ask: are you using Microsoft Internet Explorer? If so, try Firefox or Opera for a few days, even if you hate them.

Another rather limiting piece of advice. If you're running MSIE, and that's really your only option (typical for a corporate environment, for example), make sure you're upgraded to Windows XP SP2. SP2 incorporates security features that IE should have had all along: Pop up blocker and BHO enabler/disabler.

For all my random and sometimes dangerous surfing (I'm a habitual downloader, it's a disease), with XP SP2 in place and periodic safe mode scanning, I've been completely virus, spy, and adware free for months now. My scans come up empty, or with nothing more than tracking cookies to delete.
posted by thanotopsis at 5:30 AM on June 7, 2005


You might also try Ccleaner, which is really good, or the MS Antispyware Beta (or both).
SS&D does not do a very effective job, I've found, and neither does Ad-Aware compared to the above-linked guys. I have used and tossed both FWIW.
posted by nj_subgenius at 5:45 AM on June 7, 2005


..also echoing thanatopsis - SP2 upgrade is an absolute must if you haven't.
Avoid shit sites like limewire BTW.
posted by nj_subgenius at 5:48 AM on June 7, 2005


I've had better luck with PestPatrol than any of the other freebie antispywares. And switching to Firefox has also helped a lot.
posted by yoga at 5:50 AM on June 7, 2005


I recommend visiting tomcoyote.com. It is a forum site dedicated to removing damaging software from your computer. They will ask you to make a copy of an exec file and will troubleshoot for you. They'll tell you specifically what items to remove.

This worked for me and I'm pretty much computer semi-literate.
posted by aspenbaloo at 6:07 AM on June 7, 2005


Since I am running Windows 98, I live by this guide on how to take care of the computer. Some things on it won't apply to you (like using Firefox instead of Internet Explorer), but I'd suggest using Spybot Search and Destroy to find other malware programs, and Hijack This! to rid of any start-up programs that may be causing you some trouble that the malware may not pick up on.
posted by itchie at 9:35 AM on June 7, 2005


In addition to running Ad-Aware and Spybot, make sure you delete all your quarantined files (from those programs and from your AntiVirus software,) empty your Recycle/Trash bin, clear your Temporary Internet files, and --most importantly-- clear the cache in your Java console.

If none of that gets it, run through all that again in Safe mode. And if that still doesn't work, go with the Hijack This! recommendation. Used in conjunction with Google, it should help you figure out what to fix in your Registry and/or Start-Up.

Finally, as others have already said, consider switching to Firefox. I've had far fewer problems since I changed browsers.
posted by zueod at 10:56 AM on June 7, 2005


Good tips here - Firefox, AdAware, Spybot, MS Antispyware, and run the scans in safe mode. Also watch when you finish the scans - Spybot and AdAware will tell you if they cannot remove something (usually because it's currently running) and ask if you want to run a scan again the next time Windows starts. Say yes; the scan will run before (almost) anything else loads. Also check your Add/Remove Programs list to see if any spyware, adware, or toolbars are installed that the antispyware programs aren't catching (it happens). It's also a good idea to check for viruses, especially trojans. These often (as the name indicates) open a back door into your system that lets in all kinds of nasty stuff. I recommend AVG, I've heard good things about Anti-Vir and Nod32. If you already have Norton or McAfee, well, okay. Make sure the definitions are up to date and run a full scan (this should probably also be done in safe mode). Complement this with an online scan such as Trend Micro's House Call as necessary. Be careful with Hijack This! if you don't know what you're doing.
posted by attercoppe at 11:39 AM on June 7, 2005


Disable System Restore temporarily (WinXP & WinME only) if you are infected; Any trojans, spyware, etc. you may have picked up could have been saved in System Restore and are waiting to re-infect you.

Since System Restore is a protected directory, your tools cannot access it to delete files, trapping viruses/trojans inside. Please follow instructions to do that here.

Then run your chosen spyware scan/remove programme, delete any nasty files, re-enable System Restore and create a new restore point.
posted by essexjan at 1:01 PM on June 7, 2005


My page on it: http://www.doxdesk.com/parasite/BookedSpace.html

But if you've got BookedSpace you've likely got more problems that just that. BookedSpace loads other parasites and is itself loaded by yet other parasites. You may have quite a little culture in there.
posted by BobInce at 3:09 PM on June 7, 2005


Your computer is hijacked with malware. I've cleaned out many computers infected with malware and it is getting harder to do. Also, there are many types of malware out there and you will probably need specific or unique instructions for removal. Your best bet is to visit a forum such as Spywareinfo.com and ask the experts there. They will help identify it and tell you how to remove it for good. Also, I second the use of the Firefox browser.
posted by FakeOutdoorsman at 9:57 PM on June 10, 2005


« Older I found an enormous cockroach ...   |  Help me find housing in Tokyo.... Newer »
This thread is closed to new comments.