1. TechSpot is dedicated to computer enthusiasts and power users. Ask a question and give support. Join the community here.
    TechSpot is dedicated to computer enthusiasts and power users.
    Ask a question and give support.
    Join the community here, it only takes a minute.
    Dismiss Notice

Dcad ads spy/malware

By kenaki ยท 17 replies
Feb 7, 2008
  1. Hi anyone.... my laptop is infected by this "ads by Dcad" malware. I've tried all kinds of spy/mal/adware removal tools but to no avail.. Can any guru here help me with this ? I am using a window xp . Thanks.
  2. AlbertLionheart

    AlbertLionheart TechSpot Chancellor Posts: 2,026

    Have you tried pestpatrol - can be good at clearing difficult nasties.
    Also go to majorgeeks.com, download and run hijackthis and post a log,
  3. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

  4. kenaki

    kenaki TS Rookie Topic Starter Posts: 47

    Hijack this report and Pest patrol 8

    Dear Albert & Kimsland,

    Thank you for your quick responds. I did scan my compy with Pest Patrol 8 and found 3 malware but unfortunately the pest patrol just did scanning but doesn't want to remove them as it is only a trial version.

    I am attaching the Hijack this result below. Let me know what to do next .


  5. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Hi kenaki,

    I'm so sorry about that, I've used it myself before, but I thought AlbertLionheart, knew something I didn't, as when I used it, it was the same deal.

    At least you're positive now that you have issues (already Known)

    Anyway, you must follow these proceedures to the T, and then post back, to get support.

    More scans!! But these ones won't ask for payment

    Viruses/Spyware/Malware, preliminary removal instructions
  6. AlbertLionheart

    AlbertLionheart TechSpot Chancellor Posts: 2,026

    I have a copy of PestPatrol which I downloaded for free. It was a long time ago but I think it came from http://www.pestpatrol.com/home.htm - if this is same one as you have tried I am sorry!
    Your hijack this log has nothing sinister in it but please rename the program from hijackthis.exe to analyse.exe and run it again. There nasties that recognise hijack this and hide!
  7. kenaki

    kenaki TS Rookie Topic Starter Posts: 47

    New logs..

    I have downloaded and reinstalled the pest patrol link that you gave me, unfortunately, it's also a trial version now. Anyway, I already changed the hijack.exe to crusty.exe and did the preliminary scanning and now am attaching the new logs from Hi jack this, combo fix and AVGantispyware.

    The result of the panda anti rootkit and avg anti virus is clean and no threat found. I'm waiting for your next instruction...

    I don't know if this is related, but my laptop also shuts down frequently by itself when I do the scanning in safe mode. This also happens whenever I reinstall the windows xp but never happen when it is on normal mode after the installation is complete.

    After each shut down, the power management settting on the hard drive has always turned back to 30 minutes (my original setting) even though I did change it to never shut off previously ( I did click apply and ok).

    I did disable the Real time monitoring programs , should I turn it back on now ?

    Btw, I live in the U.S. .

  8. kenaki

    kenaki TS Rookie Topic Starter Posts: 47

    Also, I think my window xp has a built in fire wall but it seems like not working at all since I still get all these nasties.. Wondering if I should install other firewalls as well ?
    How do you make your compy immune to all kinds of pests.?
  9. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    I'm no expert on HijackThis logs, but I could not find any issues, except:
    I would remove this file "BrowsingProgram-2.dll"

    As for wondering about other firewalls to stop these nasties.
    Actually a firewall alone does not stop these nasties, generally they are from going on the web to places not normally visited. Including p0rn and gaming sites. Plus also receiving email attachments. And a large variety of other areas.

    Firewalls were made to stop either your programs and data from being sent online.
    Or other computer or malicious web based programs accessing you computer.
    They cannot stop harmful stuff that you allow to be downloaded to your computer, nor will they inform you of their existace on your drive.

    As your concern is about stopping "pests" on your computer.
    You could change your Internet behaviour, or you could use number of free Spyware/Malware tools available. But be aware that you would usually need to install at least 5 different Spyware programs, to actually be safe.
    Because each Spyware/Adware/Trojan/Malware/Rootkit/ (and others) program only specialize in one area, and also provide some (minimal) scanning of other areas. No one has made one, be all and end all, pests removal program (I'm positive) The only program that comes close is www.hitmanpro.com because this program runs a whole range of programs automatically (and scanning lasts hours)

    In saying this, it is still wise to have a firewall, Windows firewall (Accessed in Control Panel) being the worlds most used firewall, is counted as one of the weakest firewalls, allowing all your programs to access the Net, without question.
    Therefore most users use a personnal firewall some are Free (offering firewall protection Only) and some are Not Free (offering Firewall/Antivirus/Basic Spyware protection and more)
    The choice is yours, and this all depends on your Internet surfing behaviour.

    Did you want anymore information ?
  10. kenaki

    kenaki TS Rookie Topic Starter Posts: 47

    Thanks for your info kim.. so.. are you saying that there is no malware in my compy now ? I removed that browsing program already. Yes, I do have some more questions :

    1. I have downloaded the Zone alarm firewall, do I need to uninstall the windows xp firewall ? Is it necessary/better to have 2 or more firewall installed ?

    2. Do you know any freeware that can convert all kinds of video format (divx, flv, avi, mpeg etc} and burn to DVD and VCD ? I guess I got all those pests when I downloaded some of these free converters. Do you know any that runs (convert) fast cause all the converters that i tried take hours just to convert and more hours to burn ?

    3. Is there any other action that I should take concerning the malware or my compy is already clean ?
  11. captaincranky

    captaincranky TechSpot Addict Posts: 12,514   +2,308

  12. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Zone Alarm firewall (or any third party firewall) will automatically (or at least prompt you) to disable Windows Firewall.
    No, you should not have more than one firewall installed. The reason being that one firewall may be set to allow communication, (on particular programs/ports) and the other firewall may be set to block this communication; thus causing errors.

    I agree that the best movie converters are the bought ones, the free ones have limitations (no ipod etc) the price of these converters are not all that high. You will need to shop around.
    Depending on the size and format of the original file, the converters can take a long time.

    As I mentioned, you could actually do a full scan with www.hitmanpro.com, it's slow, but it's thorough and free! It's stated that 99% of all computers have some malware present, on the smallest level this may be cookies.
    To safe gaurd against further malware on your computer, can be another exhaustive document. The general rule of thumb, is to do a full scan ONLY when you notice your computer has slowed or if you are aware of malware infection or every 3months (depending on web activity) I personnally do not believe that you need these scanners running all the time, slowing your system (but others do ie Spybots S&D teatimer, but I don't think so)

    Please continue to ask any further questions, relating to any other concern that is still bothering you.
    Note: General malware information can be a mile long, so if you would like to keep your questions more specific, the answers may given greater impact.
  13. kenaki

    kenaki TS Rookie Topic Starter Posts: 47

    Thank you

    I guess... my compy is now ok then. except from harmless cookies.. and you have answered all my questions very well

    So I'd like to thank all of you kimsland, albert lioneart for helping me. with this malware issue. Also to captaincranky, thanks for the site advisor.

    Keep up the good works bro....
  14. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Solved :)
  15. kenaki

    kenaki TS Rookie Topic Starter Posts: 47

    Trojans infection

    Dear all,

    Sorry to bug you again.

    When I ran the Hitman Pro, it detects a lot of infections though relatively low risk but one thing that worry me is the trojan PWS.Tanspy, Trojan.generic that were detected by Spyware Doctor but not cleaned/fixed. They are medium threat and attempt to steal password. Could you guys help me get rid of these 2 trojan pests ?

  16. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Name: Trojan-PWS.Tanspy
    Threat Level: High

    Description: Trojan.PWS.Tanspy will install itself on to an infected computer as a Browser Helper Object (BHO). This Trojan will then be activated each time an instance of Internet Explorer is launced and will attempt to steal passwords.
    Type: Keylogger, Trojan
    Also known as: Adware-BHO.dr[McAfee] Infostealer.Bzup[Symantec] Proxy-Agent.o

    Some filenames that PWS.Tanspy can be related to:
    And inside registry:

    Please view the HitmanPro log, does it refer to any particular file or location ?

    Usually it is just a matter of removing that file itself.

    Most likely cause that Spyware Doctor could not remove, was due to the fact that you have exceeded your trial period (ie you have run Spyware Doctor before)
    If it was the first time run of Spyware Doctor, the suspected files would have been removed automatically.

    Anyway, how did you feel about the program - worth doing ?
    Do you feel your system is better for it ?
  17. kenaki

    kenaki TS Rookie Topic Starter Posts: 47


    The hitman pro doesn't give me any info log, it just generated report . I can't attach the report as it is in html format and if I convert it to text, the words will be jumbled and confusing to read. but I learned about this virus from the spyware doctor scan result. It is located at the registry : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Current Version\Controlpanel\load
    Should I delete this whole registry ? and how do I do it safely without messing up my system ?

    I googled this trojan and some say they could be false positive. What do you think in my case ?

    I never installed spyware doctor before and it's not removing it because it is another version downloaded by hitman pro and it asked me to buy in order to fix the threats.

    I feel more secure after I installed all these spyware busters but am not really sure if hitman pro did get rid of the nasties because at the end it just showed that I had 6 files infected and many cookies but not specifically said they are fixed or removed/deleted. I wonder if it just scan and tell.
  18. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    I don't have the "Controlpanel" key under my registry.

    So what I'd suggest is to:

    Run Regedit:

    Locate (expand each plus sign)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Current Version\Controlpanel\load

    Right click on "Controlpanel" and select Export
    Type a name in like Backup.reg, and confirm where you are saving it to (My Documents?)
    Then once that registry is backed up
    Again right click on "Controlpanel" and select Delete
    (you may be prompted to confirm deletion - OK)

    Restart your computer and confirm all is OK

    Just another point in relation to HitmanPro (sorry after years of using it, and lots of information from the site and myself)
    I have found it is the number one Spyware/Malware/Virus remover
    The only issue is that when first starting the program, you must select automatically remove threats. If you did do this (the default setting mind you) then I have to say the spyware doctor believes it has been used before on your system, because HitmanPro have been given rights by spyware doctor to allow removal of found files (but once only rights) Unless this has changed recently.
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...