install_ad1, 222.133.3.210, Is this a virus?

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
I have SpyNoMore, which scans my computer and shows no problems.  But,
in the past few weeks, I keep getting a batch file automatically
executed a few times a day.  This causes a file "install_ad1.bat" to
appear in my windows\temp file to appear, and it runs.  It brings up
the DOS window and does a few things, and appears to access this URL:
222.133.3.210.  Cookies are generated, and this URL appears in my
history file.  It then quite the DOS procedure and nothing else seems
to happen.  At best, this is a nuisance, but I fear that more may be
happening.
    SpyNoMore has a feature that allows me to send it a report and
ask for special help.  I did this, and received only a notification
that they had completed work on my report.  I guess they found
nothing.
    I routinely delete all files in the windows temp and
temporaryInternetFiles directories.  This does not stop this problem.
    I have looked thru a few thousand titles of messages in this
group for "install_ad1", also the above URL, and also "clickhype"
which seems to be involved.  Nothing appears in this group, but a
Google search yields several responses, and other people seem to have
this problem.
    Is anyone familiar with this, and does anyone know how to
remove this?
    Thanks.  Pete

Re: install_ad1, 222.133.3.210, Is this a virus?

On Thu, 14 Jun 2007 11:02:02 -0400 Paul Brady wrote:

Quoted text here. Click to load it
Pete,

To begin with, the IP address 222.133.3.210 belongs to someone in China.  See
<http://wq.apnic.net/apnic-bin/whois.pl for details.  I would worry about
running a batch file that you didn't write or don't know what it's doing.

SpyNoMore was listed as "suspect" by spywarewarrior for false positives,
<http://www.spywarewarrior.com/rogue_anti-spyware.htm#snm_note , but seems to
have improved.  Nonetheless you should scan with another application such as
Spybot Search & Destroy, <http://www.spybot.info/en/index.html and/or
Superantispyware, <http://www.superantispyware.com/ .  Both of these are free
for the downloading.

What OS are you using?  What anti-virus program?
--
Ernie B.

Communication:  The art of moving an idea from one mind to another, hopefully
without distortion.

Re: install_ad1, 222.133.3.210, Is this a virus?

Thu, 14 Jun 2007 11:02:02 -0400, Paul Brady wrote: Begin  

Quoted text here. Click to load it

Maybe a good start would be to run hijackthis
to see what all that malware installed?
from the author's site http://tinyurl.com/23fbn2

--

Bart

Re: install_ad1, 222.133.3.210, Is this a virus?


|
| Maybe a good start would be to run hijackthis
| to see what all that malware installed?
| from the author's site http://tinyurl.com/23fbn2
|

Except that we don't want HJT Logs posted in Usenet and those that have gone
through
"training" won't accept Trend Micro's version of HJT.

For Paul B.


Download and execute HiJack This! (HJT)
http://www.spywareinfo.com/~merijn/files/HijackThis.exe

Create a HJT log file and post it in one of the below locations...

{ Please - Do NOT post the HJT Log here ! }

Forums where you can get expert advice for HiJack This! (HJT) logs.

NOTE: Registration is REQUIRED in any of the below before posting a log

Suggested primary:
http://www.thespykiller.co.uk/index.php?board=3.0

Suggested secondary:
http://www.bleepingcomputer.com/forums/forum22.html
http://castlecops.com/forum67.html

Suggested tertiary:
http://www.dslreports.com/forum/cleanup
http://www.cybertechhelp.com/forums/forumdisplay.php?f=25
http://www.atribune.org/forums/index.php?showforum=9
http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Here-f37.html
http://gladiator-antivirus.com/forum/index.php?showforum=170
http://forum.networktechs.com/forumdisplay.php?f=130
http://forums.maddoktor2.com/index.php?showforum=17
http://www.spywarewarrior.com/viewforum.php?f=5
http://forums.spywareinfo.com/index.php?showforum=18
http://forums.techguy.org/f54-s.html
http://forums.tomcoyote.org/index.php?showforum=27
http://forums.subratam.org/index.php?showforum=7
http://www.5starsupport.com/ipboard/index.php?showforum=18
http://www.malwarebytes.org/forums/index.php?showforum=7
http://makephpbb.com/phpbb/viewforum.php?f=2
http://forums.techguy.org/54-security /
http://forums.security-central.us/forumdisplay.php?f=13

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Re: install_ad1, 222.133.3.210, Is this a virus?

21:16:41 GMT, David H. Lipman wrote: Begin  

Quoted text here. Click to load it

Just curious why that is,
the v1.99 is quite a bit smaller,
is the v2.0 bloated with something?

--

Bart

Re: install_ad1, 222.133.3.210, Is this a virus?



|
| Just curious why that is,
| the v1.99 is quite a bit smaller,
| is the v2.0 bloated with something?
|

hat's a GOOD question.

The anti malware community doesn't trust the changes made and fear what Trend
Micro will do
with it.

An alternative utility is in the works as I write this.


--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Re: install_ad1, 222.133.3.210, Is this a virus?

Quoted text here. Click to load it

This virus is also on my computer, so any help would be appreciated.
I'm not technically literate, so hopefully someone can figure out the
best solution for me to locate the problem.


Site Timeline