WINAD - Adware: Software that brings ads to your computer. Such ads may or may not be targeted, but are "injected" and/or popup, and are not displayed within the form of an ad-sponsored application. Some Adware may hijack the ads of other companies, replacing them with its own. See also Spyware, Browser Helper Object. Browser Helper Object & Dialer: Software that dials a phone number. Some dialers connect to local Internet Service Providers and are beneficial as configured. Others connect to toll numbers without user awareness or permission.

Kazaa - Any peer-to-peer file swapping program, such as Audiogalaxy, Bearshare, Blubster, E-Mule, Gnucleus, Grokster, Imesh, KaZaa, KaZaa Lite, Limewire, Morpheus, Shareaza, WinMX and Xolox. In an organization, can degrade network performance and consume vast amounts of storage. May create security issues as outsiders are granted access to internal files. Often bundled with Adware or Spyware.

My Search Bar - An IE toolbar providing search features, and a homepage-/search-hijacker, targeted at the sites run by MyWay. (The same people as iWon.com, writers of the Aornum parasite.) Distribution…The MySearch and MyWay variants have been bundled with Grokster, Morpheus, WeatherBug, and software from mgshareware.com. MySearch has also been installed by the FavoriteMan parasite. The MyWeb variant is bundled with software (Popswatter, SmileyCentral, My Mail Stamp) from “Fun Web Products” (also the same people as MyWay). What it does In some versions of the MyWeb variant, yes: it is installed by an ActiveX downloader control which stays around leaving a backdoor for future installation.

Bargain Buddy consists of an IE Browser Helper Object, and a process set to run at startup. The BHO monitors web pages requested and terms entered into forms. If there is a match with a preset list of sites and keywords, an advertisement may be shown. The process can contact its maker's server to download updates to the list of adverts and to the software itself.

webHancer is a process started at Windows startup that monitors web sites being viewed and sends performance data on them back to webHancer's servers. Very widespread bundling, especially with file-sharing software such as AudioGalaxy and Grokster. The 'customer companion' collects names of visited sites and how fast they loaded, and sends them back to webHancer's servers. webHancer interferes with the networking stack, and may kill networking completely.

404Search is pop-up-opening adware targeted at 404search.com/browservillage.com, (sites controlled by the Kanoodle search engine), implemented by an Internet Explorer Browser Helper Object named 404search.dll. When pre-defined targeted sites are browsed in IE, a pop-up is opened, containing an advert or sponsored “search results”. The 404Search privacy policy states that the software may track web usage using cookies as a unique ID. Has an update feature that can be used to download and execute arbitrary unsigned code from its controlling servers. The licence agreement listed on the 404Search site threatens to install other third-party software and reserves the right to uninstall or disable other software running on the victim's machine.

Sidesearch is a sidebar that appears when using search engines and shopping sites, showing competitor results from its controllers Lycos. Is installed without notice by other parasites, such as FavoriteMan, BookedSpace and IEPlugin. Depending on the search term, some, many or all of the search results in the sidebar may be advertiser's paid-for-placement links. When searching on a shopping site, product links that appear in the sidebar are Lycos affiliate links. Sidesearch has a built-in silent self-update function which can be used to execute arbitrary unsigned code from the controlling server. This has been used to install the ClearSearch parasite.

ISTbar is an IE toolbar, homepage- and search-hijacker provided by Integrated Search Technologies/CDT Inc. Installs a TinyBar variant to implement its toolbar, and will be detected by the script at this site as TinyBar/B. The hijacker is aimed at my-internet.info and blazefind.com; distribution is managed by searchbarcash.com, its controlling server. Updates are loaded by an 'AUpdate' process.

ISTbar/XXXToolbar is an update based around porn. It uses its own toolbar based on the Pugi toolbar. The hijacker is aimed at its controlling server xxxtoolbar.com, and slotch.com; distribution is controlled by toolbarcash.com. ISTbar also installs other parasites: AUpdate and XXXToolbar install porn pop-up producer RapidBlaster/lp; the AUpdate variant is also known to install DownloadPlus; the MSCache variant installs nCase and the Wink/EasyDates dialler. Installed by ActiveX drive-by download on affiliate sites; typically porn in the case of XXXToolbar, from April 2003. An 'aggressive' downloader is usually used: if you refuse the download, a JavaScript alert complains that it won't take no for an answer and opens the download window again. All versions also install other third-party software which includes advertising.

Gator Advertising and Information Network is one of the earliest and most widespread advertising parasites. Gator/Trickler is an installer program which fetches Gator/GAIN gradually, using only a small part of the bandwidth available. Gator/PDP is an ActiveX control used to install Gator.com applications which bundle Gator/Trickler. When Gator itself has started loading, the installer control is removed. Gator/PDP and HDPlugin are included as a drive-by download on web pages, particularly hidden pop-ups. Every time a new site is visited, the address of the site (though not the full URL) is reported to Gator's servers, with a unique user ID which can be used to track your web usage. Gator/GAIN can download and execute arbitrary code from its controlling server (as an update feature). The installer controls, can be directed by any web page to install code from Gator's servers. The latest version of the installer control, seems to contain code to work around the network security products Zone Alarm Pro, STOPzilla, Norton Internet Security and McAfee Desktop Firewall.

ClearSearch is a address-bar-search and search-sidebar hijacker from clear-search.com/clrsch.com, consisting of an Internet Explorer Browser Helper Object (BHO) and a process run at startup that updates and reinstalls the software. ClearSearch/IECS was silently installed by IGetNet. This installer also removes any previously-loaded IGetNet variants, and disables the address-bar-search part of any known competitors it finds, including the Xupiter, HuntBar/MSLink, CommonName and NewDotNet parasites, as well as the iWon toolbar and Netword, which are not considered unsolicited commercial software. ClearSearch/CSIE and ClearSearch/Lycos are silently installed by the Sidesearch parasite. ClearSearch/IECS and ClearSearch/CSIE have been silently installed by the FavoriteMan parasite. The ClearSearch/CSIE, Lycos and CSBB variants have the ability to open pop-up (and pop-under) windows. However this has not, at the time of writing, been observed in operation. The terms of use for ClearSearch do mention the software opening pop-ups.

WToolsA - Adware.Huntbar installs itself as a Browser Helper Object and redirects search requests. Adware.Huntbar also gathers information on Web-browsing habits.

jawa32.exe is a process which is registered as the Backdoor.Agent.bg worm. This virus is distributed via the Internet through e-mail and comes in the form of an e-mail message, in the hopes that you open it’s hostile attachment. The worm has it’s own SMTP engine.

IE SearchBar is a Internet Explorer toolbar from blazefind.com. It will redirect your search page, home page and search assistant to www.blazefind.com. Adware is generally software that displays advertisements. Some advertisers may covertly install adware on your system and generate a stream of unsolicited advertisements that can clutter your desktop and affect your productivity. The advertisements may also contain pornographic or other material that you might find inappropriate. The extra processing required to track you or to display advertisements can tax your computer and hurt your system performance.

Ad Destroyer - Virtual Bouncer masquerades as a legitimate Spyware remover but sets itself to run when you start the computer and remain memory-resident. When it is running, the software will periodically attempt to contact its author's servers to download updates and instructions. Some versions we have seen will nag the user, using pop-up advertisements in Internet Explorer, to purchase an upgrade to Virtual Bouncer, by telling him/her that their system is at risk. Virtual Bouncer and this Ad Destroyer ARE NOT LEGIT! In fact, the Ad Protector thing will INCREASE the number of popups you get! I read a lot of other sites that said the people that had a hard time removing these 2 programs,...went directly to the website that "sells" the programs and you have TO PAY for the programs in order to get a full uninstall from your system.