Top Choices for November 2009...   VIPRE Antispyware+Antivirus — 15 day free trial   Sunbelt Personal Firewall — 30 day free trial   NetZero Dialup — Free 10 hrs /month   Web Hosting from $4.95/month   Windows XP System Repairs — Online Service

Adware Ties into Internet Explorer

This week, I received a query from a reader about a warning message he was receiving:

Hi Terry , I was wondering if perhaps you can help me , I have this very annoying adware that occurs EVERYTIME at startup .... not-a-virus:Adware.Win32.BHO.cr Now althugh this doesn't appeato be causing any problem on my PC and I get delete it , it is still annoying to do this everytime . Is there anything you can suggest to REMOVE this adware from startup . Pls note : I am not computer savvy and my experience is limited , so I would need exact steps If you could help me , it would be greatly appreciated Regards

I'm not familiar with this particular message, but a little quick searching via Google showed that a number of people had posted similar questions on forums — and they all seemed to use ZoneAlarm.

Like many other companies in the Internet security market, ZoneLabs is expanding its reach into related markets. ZoneAlarm began as a firewall program. Their new Zone Labs Internet Security Suite includes anti-virus, anti-spyware, firewall and more.

By the name of the item its reporting "not-a-virus:Adware.Win32.BHO.cr", ZoneAlarm is apparently flagging that this is a Browser Helper Object (BHO). It's also identifying the item as Adware. Adware typically this means that the program installs without warning, without idenfitying what it will do, and either delivers new ads to you via popups or overwrites web site ads with its own ads. Finally, it's specifically noting that this does not fit the definition of a virus, e.g. self-replication.

Browser Helper Objects are a special type of Windows program that are started automatically when you start Internet Explorer. IE7 provides some control over BHO's via Tools > Manage Add-ons > Enable or Disable Add-ons...

My preferred way to deal with Browser Helper Objects is to use the IE Helpers tab in WinPatrol. But, take a look at IE7's Add-on controls — they show more items, or perhaps break the helpers into smaller distinct pieces.

Unfortunately, while both of these tools work fine for controlling normal Browser Helper Objects, like Microsoft's "Related Items" that re-installs with every update and patch to Internet Explorer, malware takes a reinforcement approach. Adware and spyware programs often install multiple programs that run all the time and monitor to make sure each other are installed and running — that way simple removal techniques don't work effectively.

As I mentioned in last week's newsletter, when you're solving a malware problem, you need to turn off turn off System Restore.

Sometimes you have to boot into Safe Mode in order to make repairs to malware infections. If you don't know how to get into Safe Mode, read how in the next article.

Once you're in Safe Mode, run your anti-spyware/anti-adware program again. At this point, it may be able to uninstall all parts of the BHO and its supporting programs. That's because Safe Mode prevents many auto-starting programs from running. Unfortunately, not all.

If you run a manual scan with your normal anti-spyware / anti-adware program in Safe Mode, you'll probably solve the problem.

If not, consider trying CounterSpy V2, which is the anti-spyware / anti-adware program that I use. CounterSpy has a free 15-day trial period during which it is fully functional.

Copyright © 2007-2008 Terry A. Stockdale. All rights reserved.