allentech.net

Home > Browser Parasites > Parasite Database > AdRoar

About Us

Online Stores

TQ Support

Web Services

Database Help

Tech Links

Projects

Online Manual

Browser Parasites

Privacy Policy

Contact us

Send Page

Limited Time!
Totally FREE Web Design!
Click here!

Blue Host

Parasite: AdRoar

This record last updated Tue Sep 20 2005 00:34:14

PLEASE NOTE: Due to the overwhelming extent of this problem and the unbelievable volume of email we have received, we regret that we cannot respond to questions about browser parasites at this time. If you have attempted to contact us about this parasite please accept our apology for not responding. "Thank you's" are always appreciated ;-)

Description

AdRoar is an Internet Explorer Browser Helper Object controlled by adroar.com.

Variants

AdRoar/Cpr: earlier version storing its program code in Cpr.dll.

AdRoar/ARUpdate: now uses AdRoar.dll with new class ID, plus supplemental ARUpdate.exe task set to run at startup.

Distribution

Installed by the AutoStartup trojan (also written by adroar.com). May also be bundled with other third-party applications.

What it does

Advertising

Yes. Opens periodic untargeted pop-up adverts from Cydoor (cjt1.net) whilst browsing with IE.

Privacy violation

No.

Security issues

Yes, the ARUpdate version can silently download and execute arbitrary unsigned code from its controlling server (iads.adroar.com).

No, for the Cpr variant.

Stability problems

None known.

Removal

There should be a ‘Cpr’ entry in the Control Panel’s Add/Remove Programs feature. This should stop the program working, though it may not do it entirely cleanly - if you get a ‘ARUpdate.exe not found’ message on startup with Windows 95/98/Me, see the registry-editing instructions below.

After removal, check you don’t have the AutoStartup parasite, or AdRoar might come back.

Manual removal

Open a DOS command prompt window (Start->All programs->Accessories) and enter the following commands, for the Cpr variant:

cd "%WinDir%\System"
regsvr32 /u Cpr.dll

Or, for the ARUpdate variant:

cd "%WinDir%\System"
regsvr32 /u "..\AdRoar.dll"

For the ARUpdate variant, open the registry (Start->Run->regedit) and find the key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run. Delete the ‘ARUpdate’ entry.

Restart the computer and you should be able to delete ‘Cpr.dll’ from the System folder (’System32’ on Windows NT/2000/XP/2003; inside the Windows folder). Or for the ARUpdate variant, delete ‘AdRoar.dll’ and ‘ARUpdate.exe’ from the Windows folder.

* Parasite information and detection script by Andrew Clover - www.doxdesk.com, used with permission.

For more information about Scumware, Spyware and Parasites, their sources and their cure, visit our About Parasites page and related Tech Links.

Visit our new services portal at Allen One for a completely new parasite database format, comming November 2005!

webmaster@allentech.net
Tech Bench
Web Analytics by My-OLAP!

Top