TrendLabs Malware Blog
Glossary
TrendWatch
TrendLabs Twitter
ADW_DAE.A
Overview
Solution

QUICK LINKS  

Download the latest scan engine

In the wild: No

Reported detections:

 Low
 
Description:

Threat Type: Adware

Removal Difficulty: Low

Systems Affected: Windows 95, 98, ME, NT, 2000, XP

This program is packaged as a .DLL file which may be installed via the Web through a downloaded program.

Solution: 


TREND MICRO SOLUTION

  • Minimum scan engine version needed: 7.100
      TMAPTN version needed: 194.42
  • DCE version needed: 3.8
      TMADCE version needed: 139

MANUAL REMOVAL INSTRUCTIONS

Identifying the Adware Program

Download the latest spyware pattern file and scan your system. Note all files detected as ADW_DAE.A.

Uninstalling the Adware Program

This program can be removed through its uninstall feature. You will need the path(s) of the adware file(s) detected earlier.

  1. Open the Command Prompt. Click Start>Run, type COMMAND, then press Enter.
  2. Execute the program uninstaller. To do this, type following at the command prompt the press Enter:
    regsvr32 /u /s "<adware path>\dae.dll"
  3. Close the Command Prompt.
NOTE: If the uninstall feature fails to remove the adware program, perform with the following procedures below.

Removing Adware Entries from the Registry

  1. Open Registry Editor. Click Start>Run, type REGEDIT, then press Enter.
  2. In the left panel, locate and delete the following keys:
    • HKEY_LOCAL_MACHINE>Software>Classes>CLSID>
      {81A99149-F047-4090-8AAD-D11FF4EFB734}
    • HKEY_LOCAL_MACHINE>Software>Classes>Interface>
      {3BD2842E-ACA0-4E6A-9640-EA961B179734}
    • HKEY_CLASSES_ROOT>Adware.AdHelper
    • HKEY_CLASSES_ROOT>Adware.AdHelper.1
    • HKEY_LOCAL_MACHINE>Software>Microsoft>
      Windows>CurrentVersion>Uninstall>AdHelper
  3. Close Registry Editor.

Additional Windows ME/XP Cleaning Instructions

Users running Windows ME and XP must disable System Restore to allow full scanning of infected systems.

Users running other Windows versions can proceed with the succeeding procedure set(s).

Running Trend Micro Antivirus

Download and unzip the latest spyware pattern file and scan your system. Then, delete all files detected as ADW_DAE.A.

Details: 

Upon execution, this .COM server registers its objects via CLSID by creating the following registry keys:

HKEY_LOCAL_MACHINE\Software\Classes\CLSID\
{81A99149-F047-4090-8AAD-D11FF4EFB734}

HKEY_LOCAL_MACHINE\Software\Classes\Interface\
{3BD2842E-ACA0-4E6A-9640-EA961B179734}

As part of its registration process, it also creates the following registry keys to support reverse mapping (i.e., from ProgID to CLSID):

HKEY_CLASSES_ROOT\Adware.AdHelper

HKEY_CLASSES_ROOT\Adware.AdHelper\Curver

HKEY_CLASSES_ROOT\Adware.AdHelper\CLSID

HKEY_CLASSES_ROOT\Adware.AdHelper.1

HKEY_CLASSES_ROOT\Adware.AdHelper.1\CLSID

This adware program supports both installation and uninstallation functions. It creates its uninstallation command via the following registry entries:

HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows\CurrentVersion\Uninstall\AdHelper
DisplayName = "DAE"

HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows\CurrentVersion\Uninstall\AdHelper
UninstallString = "regsvr32 /u /s "<adware path>\dae.dll""
Analysis by: Marilyn Dolormente

For additional information about this threat, see:
Solution

Description created: Jan 4, 2005




Tell us how we did. Take our quick survey.