Adware.TrueAds is an adware program that installs itself as a Browser Helper Object and periodically displays advertisements on the computer. The intent of this site is to sell advertisements for publishers through unethical practices. The program installs itself in IE and Firefox and displays pop ads to the end user.

Type: Adware
Publisher: www.trueads.com
Risk Impact: High
Systems Affected: Windows 98, Windows 95, Windows XP, Windows Me, Windows Vista, Windows NT, Windows Server 2003, Windows 2000.

When the program is executed, it creates the following files:

  • C:\WINDOWS\system32\a32dcf16-d5a9-3019-5a18-70941fbef85e.dll
  • C:\WINDOWS\system32\c3b6d924-15c0-624c-dfae-f58fcdebe4bd.exe
  • %ProgramFiles%\Mozilla Firefox\components\7e74b77f-7ac0-b030-cbd8-a7b88a7032e4.dll

Next, the program creates the following registry subkeys:

  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9b30742f-9605-6b67-4710-fc842c868a6e}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9b30742f-9605-6b67-4710-fc842c868a6e}\InProcServer32
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9b30742f-9605-6b67-4710-fc842c868a6e}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\c3b6d924-15c0-624c-dfae-f58fcdebe4bd

The program is installed as a Browser Helper Object in Internet Explorer and Mozilla Firefox.

The program periodically displays advertisements obtained from the following location:
[http://]ad2.trueads.biz

How to remove TrueAds

The following instructions pertain to many Anti-virus programs including Symantec AntiVirus and Norton AntiVirus products.

  1. Disable System Restore (Windows Me/XP).
  2. Update the virus definitions.
  3. Remove the program.
  4. Run a full system scan.
  5. Delete any values added to the registry.

For full instructions for Symantec products go here.