9 replies to this topic

[Aiai]

Hello.....

From the advise of a friend I downloaded Ad-Aware. Ad-Aware has found viruses and has removed the in the past till the ( adtmt ) came along. Ad-aware finds the ( adtmt ) and removes it right away. My problem is when i rerun Ad-aware it finds the ( atdmt ) again, witch means it's not being cleaned totally out of my computer.

Now this adtmt has attachments to it sending then out like a spider web through my computer. Ad- aware is finding them removing them and the are coming right back.

Sometimes this (adtmt ) is adding even more attachment to assure that this infection is spread throughout my computer and making it run really bad.

When searching for the removal of ( Adtmt ) the advise is to find the destination of where the file came from. After scamming with Ad-aware I right clicked on adtmt to search the destination, it sends me to google. Google searches for the star (*) in front of adtmt. not the location of (adtmt ) . I can not find the file or destination of this ( adtmt ]

I am at lost in how to remove this ( adtmt ) or blocking it and all the attachments that come with it.


Please....HELP!!!!

[CeciliaB]

Hi Aiai,

Please, open a log from Ad-Aware where it finds this admt with attachments, copy the information and paste it into your answer.
Location of logs:
XP - C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Logs\Scan_<date information>.log
Vista and 7 - C:\ProgramData\Lavasoft\Ad-Aware\Logs\Scan_<date information>.log

-----------
I have moved the topic from the forum "General support" to "Help with Stubborn Infections", where we handle infected computers.

[Aiai]

I found the log file. do you want me to copy all the contents in this log?
I'm a little concerned about posting everything in this log in an open fourm.

[CeciliaB]

You can remove any personal information, for example replace names with X. The most important lines are those where I can see what Ad-Aware has found.

[Aiai]

ERR [1336] 2012/02/17 18:03:00: SDKController::CheckEngineState -> Engine not loaded
MSG [2336] 2012/02/17 22:10:02: Configure new scan with profile: smart
MSG [2336] 2012/02/17 22:10:02: -> scanning critical objects
MSG [2336] 2012/02/17 22:10:02: -> scanning running processes
MSG [2336] 2012/02/17 22:10:02: -> scanning registry
MSG [2336] 2012/02/17 22:10:02: -> scanning lsp
MSG [2336] 2012/02/17 22:10:02: -> scanning browser hijacks
MSG [2336] 2012/02/17 22:10:02: -> scanning cookies
MSG [2336] 2012/02/17 22:10:02: -> neutralizing rootkits
MSG [2336] 2012/02/17 22:10:02: -> use mild rootkit detection
MSG [2336] 2012/02/17 22:10:02: -> use spyware heuristics
MSG [2336] 2012/02/17 22:10:02: -> use medium heuristics
MSG [2336] 2012/02/17 22:10:02: -> scan only executables
MSG [2336] 2012/02/17 22:10:02: -> file size limit = 20480 kB (0 = unlimited)
MSG [2336] 2012/02/17 22:10:02: -> validating system critical files
ERR [2336] 2012/02/17 22:10:02: SDKController::GetInfectionList -> Not in found infections state
MSG [3120] 2012/02/17 22:19:25: Scan was completed in 563 seconds
MSG [3120] 2012/02/17 22:19:25: Objects processed: 111924, infections detected: 3
MSG [1012] 2012/02/17 22:28:21: Remediating 3 infections
MSG [1012] 2012/02/17 22:28:22: Infections quarantined: 0, removed: 3, repaired: 0
MSG [1012] 2012/02/17 22:28:22: Infections ignored by remediation: 0 (0 whitelisted, 0 skipped).
MSG [2336] 2012/02/17 22:28:22: Dumping scan report:
>>> Logfile created: 2/17/2012 22:10:02
>>> Ad-Aware version: 9.5.1
>>> Extended engine: 3
>>> Extended engine version: 3.1.2770
>>> User performing scan:X>>>
>>> *********************** Definitions database information ***********************
>>> Lavasoft definition file: 150.724
>>> Genotype definition file version: 2012/02/13 12:34:34
>>> Extended engine definition file: 11551.0
>>>
>>> ******************************** Scan results: *********************************
>>> Scan profile name: Smart Scan (ID: smart)
>>> Objects scanned: 111924
>>> Objects detected: 3
>>>
>>>
>>> Type Detected
>>> ==========================
>>> Processes.......: 0
>>> Registry entries: 0
>>> Hostfile entries: 0
>>> Files...........: 0
>>> Folders.........: 0
>>> LSPs............: 0
>>> Cookies.........: 3
>>> Browser hijacks.: 0
>>> MRU objects.....: 0
>>>
>>>
>>>
>>> Removed items:
>>> Description: *atdmt* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408910 Family ID: 0
>>> Description: *atdmt* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408910 Family ID: 0
>>> Description: *atdmt* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408910 Family ID: 0
>>>
>>> Scan and cleaning complete: Finished correctly after 563 seconds

[Aiai]

Not sure if this is what you need to look at. Please let me know if I need to send you anything else

Thank you for your help

Edited by Aiai, 18 February 2012 - 11:59 PM.

[CeciliaB]

Thank you for the log, Aiai.

Cookies are small text files that never are dangerous for the computer. They are stored in the computer by web sites you visit. Cookies can, for example, be used by a web site to remember settings from the last time you visit the web site (google.com use a cookie to remember what you have entered in its preference page), but cookies can also be used to remember which ads you have seen or clicked on and on which web site. The latter type is often called a 'tracking cookie' and it is this type of cookie that Ad-Aware removes since it means that your personal integrity is lowered. When you get a cookie from admt.com, you have visit a web site or used a program that displays ads or other information from admt.com, for example Microsoft uses admt.com.

There are many web pages about cookies and admt cookies that contain incorrect information, but here are a few you can trust:
http://en.wikipedia....iki/HTTP_cookie
http://secunia.com/c...1/atdmt_cookies
http://answers.micro...66-ab4dab9c08ab
http://community.nor...uot/td-p/239267

[Aiai]

While waiting for a responce from you I did a little more searching on removing this ( atdmt cookie) this is what I found.

It is a rather simple procedure to block this cookie.

Go to Tools>Internet Options>Privacy Tab>Advanced button>check the box for Automatic cookie handling>in 3rd Party cookies dot the Block option>OK

Now go to the Sites button>add atdmt.com>click Block> add atdmt.net>click Block>OK>OK

By doing this all versions of that cookie will be blocked.

Here is the link ; http://answers.yahoo...07115645AASkbZm



Following each step on removing the ( atdmt ) it was successfully removed

Edited by Aiai, 19 February 2012 - 02:52 AM.

[CeciliaB]

Oh yes, no problem blocking cookies in that way, and I think that was suggested in one of my links. But if you use Windows Live Messenger or other Windows Live programs you might get issues when blocking atdmt cookie.

[CeciliaB]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact the staff member who was helping you with your issue.

Everyone else please begin a New Topic.

Thank you !