Ad.doubleclick.net adware

[billydc]

While viewing pages on the internet, I clicked the back button to view recent pages. Listed under the recently viewed pages are several entries for ad.doubleclick.net and view.atdmt.com. Could you please advise as how to remove these entries and how to prevent them from occurring again?

 

I am using an Acer Intel Celeron 3060 mhz, Win XP Pro SP3, IE 8 and Symantec Endpoint Protection.

 

Thank you.

[caintry_boy]

Let's try this one...download > AdwCleaner Download and save it to your desktop.

• [*]Double click on

AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator. [*]Click on the Scan button. [*]AdwCleaner will begin...be patient as the scan may take some time to complete. [*]After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review. [*]The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it. [*]Copy and paste the contents of that logfile in your next reply. [*]A copy of all logfiles are saved in the C:AdwCleaner folder which was created when running the tool.

 

 

 

[oftentired]

an entry in the hosts file will take care of the domain

[billydc]

Please find AdwCleaner logfile.

 

# AdwCleaner v3.003 - Report created 12/09/2013 at 06:38:39# Updated 07/09/2013 by Xplode# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)# Username : Bill_C - 00461407F032703# Running from : C:Documents and SettingsBill_CDesktopAdwCleaner.exe# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:Documents and SettingsbcaldwellIECompatCache

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}Key Deleted : HKCUSoftwareYahooPartnerToolbar

***** [ Browsers ] *****

- Internet Explorer v8.0.6001.18702

- Mozilla Firefox v15.0.1 (en-US)

[ File : C:Documents and SettingsbcaldwellApplication DataMozillaFirefoxProfiles9zxaso82.defaultprefs.js ]

[ File : C:Documents and SettingsBill_CApplication DataMozillaFirefoxProfilesh11mivun.defaultprefs.js ]

*************************

AdwCleaner[R0].txt - [1157 octets] - [12/09/2013 06:27:51]AdwCleaner[s0].txt - [1086 octets] - [12/09/2013 06:38:39]

########## EOF - C:AdwCleanerAdwCleaner[s0].txt - [1146 octets] ##########

[caintry_boy]

That looks fairly "normal" to me, I've asked oftentired to elaborate further on his suggestion about the Host File...

 

 

 

 

[oftentired]

ok

 

I'm not going to reinvent the wheel. I do think it is important to understand the HOSTS file and how it is used.

 

The best website I've found for this is http://winhelp2002.mvps.org/ you can educate yourself there at your own pace reading the webpages linked by the drop down selection box with the Go button next to it.

 

This website has a hosts file and a rather handy BAT file installation. The hosts file contains entries for a large number of internet addresses that are not desirable. Including the doubleclick. There are other websites with hosts files they have assembled which also include doubleclick. Most of them are just as good as the mvps hosts files. Some of them are more specialized in what they target.

 

There is software (out there) which enables you to combine the various hosts files. This is a maybe ... maybe not .... thing to do. If the hosts file becomes super huge it can slow down your internet access slightly because the browser always runs through the hosts file first looking for a DNS match before going out to the DNS servers on the interenet to find the address there. That also, is what makes the hosts file so useful for blocking unwanted websites because you can re-direct your browser to a local computer "nowhere" addresss. Which is exactly what the hosts files do for sites like doubleclick.

 

I've types some of the education about it above but, if you want to avoid the eduction and just get 'er done go to this page http://winhelp2002.mvps.org/hosts2.htm and follow the instructions for installing the hosts file that they provide. The instructions are for XP.

 

Users who have Vista, Win 7 and Win 8 OS should follow the special instructions for installation linked further down the page.

[Tx Redneck]

Or apply the KISS method and use Firefox or Chrome and the AdBlockPlus add on. No MOAR ads, EVAR!

[oftentired]

I think the hosts file is rather simple too

[Tx Redneck]

Problem w/hosts file is some sites won't work, but that's not been a issue with ABP.

[Jacee]

Ok, we haven't heard back from the OP yet.. but, disabling add-ons in both Chrome and Firefox browsers might resove the problem.

Also, resetting MS's Hosts File needs to be done.

If the OP is still here and watching this topic, I'll try to help you get rid of ad.doubleclick.net and view.atdmt.com

[billydc]

I followed the advice by oftentired and installed the hosts file from the web page provided. That helped somewhat, but did not completely solve the problem. What should I do next?

[oftentired]

The people that make a ton of money from selling the information they gather about our browsing habits keep finding new ways to acquire the information.

 

As you say the unwanted webpages are in back button history it appears to me that they are using a method that involves the internet address of a link that you are clicking. The link then briefly directs the browser at a non-rendering webpage which gathers information from your computer and then redirects to the webpage your actually want to go to.

 

This is why I say to use a hosts file that passes the valid local "null" web address to the browser as a substitute for the actual web address for those sites.

 

I'm sure that the hosts file technique can be avoided by them from time to time. One thing that I try to remember to do is instead of clicking on a internet link that I have no knowledge of, or am suspicious of, I instead right click the link and copy the URL. Then I paste it to the browser address bar and look closely at it. You can usually see the elements that are redirecting the browser or collecting information and then you can edit that address so it only goes to where your actually wanting to go. You can paste to notepad if your more comfortable there instead of the address bar.

 

One thing to keep in mind. I don't do this but, if your deliberately supporting a webpage by clicking on their ads, these addresses for those ads will also have additional items in the address which are intended to inform those paying for the ad that the click came from that website. I'd avoid editing in that case or your not supporting the website as intended. Of course the danger is that they are also collecting browsing data from you at the same time.

 

Jacee is typically spot on I'd follow what she says to do when she gets back to this thread.

Edited September 18, 2013 by oftentired

[Jacee]

Let's flush the bad DNS cache and restre MS's hosts file:

 

Copy and paste these lines in Note pad.

 

@Echo on
pushdwindowssystem32driversetc
attrib -h -s -r hosts
echo 127.0.0.1 localhost>HOSTS
attrib +r +h +s hosts
popd
ipconfig /release
ipconfig /renew
ipconfig /flushdns
netsh winsock reset all
netsh int ip reset all
shutdown -r -t 1
del %0

Save as flush.bat to your desktop.

Double click on the flush.bat file to run it.Vista and Windows 7... right click the .bat file and choose to run as Administrator. Your computer will reboot itself.

 

After doing that, download TFC by Old Timer http://www.geekstogo.com/forum/TFC-Temp-File-Cleaner-OldTimer-file187.html and save it to your desktop.

Save any unsaved work. TFC will close ALL open programs including your browser!
Double-click on TFC.exe to run it. If you are using Vista/Windows 7 right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.

 

Now tell us how your computer is running.

[billydc]

I followed your instructions and completed the process. After viewing a few web pages I found the following entries on recent pages viewed:

 

view.atdmt.com/cnt/iview/4305658

 

[Jacee]

Download SpywareBlaster. Read the instructions for maually updating so your browsers will be protected.

http://www.bleepingcomputer.com/tutorials/use-spywareblaster-to-protect-your-computer/

 

You could also use free SuperAnti-Spyware for those third party tracking cookies: http://filehippo.com/download_superantispyware/