Note that many websites have their own advertising, unrelated to adware.
Adware is any software application in which advertising is displayed while the program is running. The authors of these applications include additional code that delivers the ads, which can be viewed through pop-up windows or through a bar that appears on a computer screen and sometimes through text links or in integrated search results. Adware may or may not track personal information. It may also gather information anonymously or in aggregate only. Users should check the EULA and Privacy policy to ensure if the adware on their machines conforms to their standards.
Official
Description:
Appears to use (some) code recycled from a publicly available trojan program. Installs itselfs in the LSP stack of Windows, where it can monitor traffic not just in IE, but in any browser. Depending on configuration, it will send the traffic details to a controling server. Pop-ups always happen in IE. Many versions also install other adware products (although payload appears to differ randomly/geographically).
Comment:
We have had reports of this being installed via the WMF exploit.
Manual
removal:
- First make sure your machine has all the latest service packs and hotfixes to prevent reinstallation.
- Make sure all browser windows are closed
- From the registry, remove:
HKEY_CLASSES_ROOT\clsid\{4cafdbdd-47ac-eece-87f4-21ae03936c65}
HKEY_LOCAL_MACHINE\software\classes\clsid\{4cafdbdd-47ac-eece-87f4-21ae03936c65}
- Do a Windows file find for "phage.vxd". Delete any instances found.
- In some cases an "LSPFix" is needed when network connectivity is broken
8 [