Deskad service

Discussion in 'SpywareBlaster & Other Forum' started by sw2001, Jan 5, 2005.

Thread Status:
Not open for further replies.
  1. sw2001

    sw2001 Registered Member

    Joined:
    Dec 18, 2004
    Posts:
    13
    Location:
    Canada
    Hi,

    I just removed that stuff from a computer (very nasty stuff).
    I couldn't find anything googling it.
    Maybe something new to add pest on a computer?
     
  2. TonyKlein

    TonyKlein Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    4,350
    Location:
    The Netherlands
    It's a recent Windupdates adware variant, of the type described here: http://www.giantcompany.com/antispyware/research/spyware/spyware-WindUpdates.aspx

    Just like Windows SyncroAd, Windows ServeAd, Windows AdControl, Windows AdTools, Windows TaskAd and what have you...

    It's indeed installed by way of an activeX object, namely this one:

    [X] O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/C....../bridge-c18.cab

    Only thing is, this one is most definitely covered by SB, and has been for a long time...
     
  3. sw2001

    sw2001 Registered Member

    Joined:
    Dec 18, 2004
    Posts:
    13
    Location:
    Canada
    Hi Tony

    thanks for your answer

    only ... both links are not good :(
     
  4. TonyKlein

    TonyKlein Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    4,350
    Location:
    The Netherlands
    The first is because Microsoft just bought Giant AntiSpyware, and the old site is now apparently history... Too bad, it was a good reference... :(

    The second one is on purpose; I don't want anyone to get infected by pressing it, like you would have done... LOL!
     
  5. How do you get rid of it? I've tried Norton Antivirus, Spy Sweeper, House Call, Ad-Aware and the damn thing won't get off my desktop. My PC is running sooo slow it's almost not functioning at all!
     
  6. TonyKlein

    TonyKlein Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    4,350
    Location:
    The Netherlands
    It's not too hard at all. Go to Start > Run > Msconfig > Startup tab, and uncheck the entry for this cr@pware, usually simply called" DeskAd Service".

    Restart your computer, and delete its folder in Program files. Should it refuse to go for reason that one or two files in that folder are still in use by Windows, first end task on those files using Task Manager (Processes tab).

    You'll be looking for the following processes:

    DeskAdServ.exe
    DeskAdKeep.exe

    However, it's likely you have more malware than just this one...

    If you keep having problems, I suggest you post at one of the forums that provide spyware removal services.

    Good luck,
     
  7. ddt

    ddt Guest

    Even with msconfig, the malware starts anyhow! When you end process, it restarts again as well. I can't delete the files because they are being used.

    Is there another trick I am missingo_O

    ddt
     
  8. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    you might try deleting them in safe mode.

    bigc
     
  9. TonyKlein

    TonyKlein Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    4,350
    Location:
    The Netherlands
    Eggzactly; or first end process on the files using Task Manager, exactly like I explained...
     
  10. sw2001

    sw2001 Registered Member

    Joined:
    Dec 18, 2004
    Posts:
    13
    Location:
    Canada
    I remember that I had to delete some stuff accessing the hard drive from a boot-cd, even I took out everything from autostart and killed every suspicious process before. Somehow that crap came back.
    Like I said, very nasty stuff!
     
  11. TonyKlein

    TonyKlein Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    4,350
    Location:
    The Netherlands
    Naah, it really isn't... on the malware scale of horror, it at the most deserves a three out of ten...

    It's just a minor inconvenience, and, if you know what to do, it will take all of 20 secs to remove...
     
  12. sw2001

    sw2001 Registered Member

    Joined:
    Dec 18, 2004
    Posts:
    13
    Location:
    Canada
    Could it be that those guys also improve, so from "version" to "version"
     
  13. KimK

    KimK Guest

    rename the directory, reboot computer, and then remove directory and files
     
  14. Exactly, that is the golden hint:
    Just Rename the Folder C:\Program Files\DeskAdService and restart the PC
    Then delete above directory
    Evrything else failed

    Philippe
     
  15. hkwcw

    hkwcw Guest

    Today,
    I Just Get this program, I Uninstall it, reboot the pc
    But the deskad.exe also running and stay in "run" .
    I delete the regkey in " run" and stop the service using Ctrl + Alt + Del .
    power off the pc and non-plug the power and waiting 5 min.
    Boot the pc , the "deskad.exe" also is running.
    So, i using anti-virus software, anti-spyware software and many software to checking & killing it.
    However, nobody can found and kill it........
     
  16. snapdragin

    snapdragin Administrator

    Joined:
    Feb 16, 2002
    Posts:
    8,415
    Location:
    Southern Ont., Canada
    Hi hkwcw,

    You can try running your anti-spyware programs while in Safe Mode

    If after that you are still having problems, then as TonyKlein had suggested, go to one of the sites that provide spyware removal services. You can find a list of recommended sites that perform this service in this link: http://a-sap.org/

    Regards,

    snap
     
  17. GuRuBuRu

    GuRuBuRu Guest

    DeskAd installs itself when you try to delete its entry from the registry (..."Run") or startup mscnfig.

    DeskAd reinits itself when you try to kill the process (both of them the Keep and the other one), but there's a trick killing these processes.

    Both two tasks, reinit and reinstall, are done by DeskAdKeep when you try to kill DeskAdServ or delete a registry entry.
    But if you try to kill DeskAdKeep, then DeskAdServ reinits one new.

    So the way to delete DeskAdService is to kill DeskAdServ killing the tree of prcesses that it inits!!!

    Right-click on the process DeskAdServ and select kill the tree...

    After that you will be able to destroy the folders where DeskAdService has been installed an the registry entries with no regeneration ;-)

    GuRuBuRu
     
Thread Status:
Not open for further replies.