Beware of this Adware from TrueAds

by on 10/23/2009 in Fake Antivirus, Security

Adware.TrueAds is an adware program that installs itself as a Browser Helper Object and periodically displays advertisements on the computer. The intent of this site is to sell advertisements for publishers through unethical practices. The program installs itself in IE and Firefox and displays pop ads to the end user.

Type: Adware
Publisher: www.trueads.com
Risk Impact: High
Systems Affected: Windows 98, Windows 95, Windows XP, Windows Me, Windows Vista, Windows NT, Windows Server 2003, Windows 2000.

When the program is executed, it creates the following files:

  • C:\WINDOWS\system32\a32dcf16-d5a9-3019-5a18-70941fbef85e.dll
  • C:\WINDOWS\system32\c3b6d924-15c0-624c-dfae-f58fcdebe4bd.exe
  • %ProgramFiles%\Mozilla Firefox\components\7e74b77f-7ac0-b030-cbd8-a7b88a7032e4.dll

Next, the program creates the following registry subkeys:

  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9b30742f-9605-6b67-4710-fc842c868a6e}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9b30742f-9605-6b67-4710-fc842c868a6e}\InProcServer32
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9b30742f-9605-6b67-4710-fc842c868a6e}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\c3b6d924-15c0-624c-dfae-f58fcdebe4bd

The program is installed as a Browser Helper Object in Internet Explorer and Mozilla Firefox.

The program periodically displays advertisements obtained from the following location:
[http://]ad2.trueads.biz

How to remove TrueAds

The following instructions pertain to many Anti-virus programs including Symantec AntiVirus and Norton AntiVirus products.

  1. Disable System Restore (Windows Me/XP).
  2. Update the virus definitions.
  3. Remove the program.
  4. Run a full system scan.
  5. Delete any values added to the registry.

For full instructions for Symantec products go here.

8 Responses to “Beware of this Adware from TrueAds”

  1. BunnygotBlog

    Oct 23rd, 2009

    A few weeks ago our dog was restless and leaning on my lap as I was chatting with a friend online. Now you may wonder why I am sharing this with you but Bear, by accident, pushed a shortcut and made all my text shift to the left instead of the right.
    My husband tried different things to get to type normal and then uninstalled the program then reinstalled it again – it still didn’t work.All text started at the left.
    He ended up going into the registry to delete what was hidden there then reinstalled the program before the text was right.

    • Frank J

      Oct 23rd, 2009

      Bunny,

      I wish I wrote this a few weeks ago, but it looks like hubby may have found the hidden registry entry.

  2. Mathdelane

    Oct 23rd, 2009

    I have encountered this somewhere but I couldn’t remember if it was from Twitter. The good thing is that I simply ignored it from a gut feeling that it wasn’t good thing…and I am right.

    • Frank J

      Oct 23rd, 2009

      Mathdelane,

      Good move and always follow that thought process.

  3. christie

    Oct 23rd, 2009

    Well, looks like I know what I’ll be un-doing next on my son’s PC as well as my elderly mother’s! Thanks for the instrux on how to remove it. :)

    • Frank J

      Oct 24th, 2009

      Christie,

      The removal is easy. I wish we caught this sooner. Let me know how things go on both those PC’s.

  4. Joanie

    Oct 26th, 2009

    Any idea how it gets installed, or from where?

    • Frank J

      Oct 27th, 2009

      Joanie,

      You have to manually install the program from the publishers site.