Adware.TrueAds is an adware program that installs itself as a Browser Helper Object and periodically displays advertisements on the computer. The intent of this site is to sell advertisements for publishers through unethical practices. The program installs itself in IE and Firefox and displays pop ads to the end user.
Type: Adware
Publisher: www.trueads.com
Risk Impact: High
Systems Affected: Windows 98, Windows 95, Windows XP, Windows Me, Windows Vista, Windows NT, Windows Server 2003, Windows 2000.
When the program is executed, it creates the following files:
- C:\WINDOWS\system32\a32dcf16-d5a9-3019-5a18-70941fbef85e.dll
- C:\WINDOWS\system32\c3b6d924-15c0-624c-dfae-f58fcdebe4bd.exe
- %ProgramFiles%\Mozilla Firefox\components\7e74b77f-7ac0-b030-cbd8-a7b88a7032e4.dll
Next, the program creates the following registry subkeys:
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9b30742f-9605-6b67-4710-fc842c868a6e}
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9b30742f-9605-6b67-4710-fc842c868a6e}\InProcServer32
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9b30742f-9605-6b67-4710-fc842c868a6e}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\c3b6d924-15c0-624c-dfae-f58fcdebe4bd
The program is installed as a Browser Helper Object in Internet Explorer and Mozilla Firefox.
The program periodically displays advertisements obtained from the following location:
[http://]ad2.trueads.biz
How to remove TrueAds
The following instructions pertain to many Anti-virus programs including Symantec AntiVirus and Norton AntiVirus products.
- Disable System Restore (Windows Me/XP).
- Update the virus definitions.
- Remove the program.
- Run a full system scan.
- Delete any values added to the registry.
For full instructions for Symantec products go here.
A few weeks ago our dog was restless and leaning on my lap as I was chatting with a friend online. Now you may wonder why I am sharing this with you but Bear, by accident, pushed a shortcut and made all my text shift to the left instead of the right.
My husband tried different things to get to type normal and then uninstalled the program then reinstalled it again – it still didn’t work.All text started at the left.
He ended up going into the registry to delete what was hidden there then reinstalled the program before the text was right.
Bunny,
I wish I wrote this a few weeks ago, but it looks like hubby may have found the hidden registry entry.
I have encountered this somewhere but I couldn’t remember if it was from Twitter. The good thing is that I simply ignored it from a gut feeling that it wasn’t good thing…and I am right.
Mathdelane,
Good move and always follow that thought process.
Well, looks like I know what I’ll be un-doing next on my son’s PC as well as my elderly mother’s! Thanks for the instrux on how to remove it. :)
Christie,
The removal is easy. I wish we caught this sooner. Let me know how things go on both those PC’s.
Any idea how it gets installed, or from where?
Joanie,
You have to manually install the program from the publishers site.