Posted: April 7, 2011

AdStop Description

AdStop is a Korean rogue anti-adware program that outwardly imitates security functions for your PC. Despite seeming to offer scanning services, system alerts and other protective measures, AdStop actually bluffs all of these features to trick you into registering the application. PCs infected by AdStop may also be subjected to browser hijacks that redirect you to malicious websites, disable security functions and other dangers that can only be stopped by removing AdStop. Deleting AdStop is preferably done by using real anti-malware scanners that can take care of AdStop without any unwanted side effects.

AdStop is the Latest in Korean PC Threats

As one of the recently-emerged rogue anti-adware programs from Korea, AdStop may not yet be recognized by many types of anti-malware scanners. Keeping the latest threat database updates for any security software you use will help you detect AdStop before AdStop can do too much damage. Distribution methods for AdStop can take two primary forms:

  • You might download AdStop deliberately, thinking that AdStop is a helpful application. AdStop is known to be distributed on the website and may also be found on other Korean sites that can be identified by the .kr tag. One of the most used methods is to initiate a fake scan display that ends with infection-heavy results. The site will then ask you to download AdStop or another type of rogue security program to remove these infections when there aren't any real infections to remove.
  • Trojans may also download AdStop onto your computer after they have themselves been installed by undetectable browser exploits or by being coupled with files from insecure sources. This activity can be difficult to spot before the payload is already installed, but once AdStop is on your PC you'll have no difficulty seeing AdStop.

Regardless of how AdStop got onto your PC, AdStop is likely to add entries to your Registry that let AdStop run whenever Windows itself starts. AdStop will begin to show you fake scans that indicate system infections as well as creating fake errors that mislead you into believing innocent programs and files contain malware.

Stop Your Wallet from Being Plunder for AdStop

Simply avoiding AdStop's persistent requests that you register AdStop will keep your credit card safe from fraudulent charges. However, AdStop may also attack your computer with equally serious problems by disabling your security applications or altering your web browser's settings. These attacks can make your computer vulnerable to being assaulted by remote attackers or having other malware downloaded onto it, and so removing AdStop is the only feasible option.

If you try to delete AdStop files and other components personally, you run a high risk of causing other system problems as side effects. Utilizing a known and quality scanner that has the updates to spot AdStop is a more practical choice. Try to verify that AdStop isn't active before you run a scan, and remember that even if AdStop isn't visible, AdStop may still be active as a background memory process.

Background memory processes are easily viewable in Task Manager. If you're unable to shut down the process, you may wish to switch to Safe Mode, a mode that stops most malware like AdStop from launching in the first place.

File System Modifications

  • The following files were created in the system:
    # File Name
    1 c:\documents and settings\{username}\Desktop\adstop_setup.exe
    2 c:\program
    3 c:\program c:\program
    4 c:\program files\ADSTOP
    5 c:\program files\ADSTOP\adstopeye.exe
    6 c:\program files\ADSTOP\adstopicon.ico
    7 c:\program files\ADSTOP\adstopup.exe
    8 c:\program files\ADSTOP\adstopux.exe
    9 c:\program files\ADSTOP\libmysql.dll
    10 c:\program files\ADSTOP\Res
    11 c:\program files\ADSTOP\Res\adstopres000.cft
    12 c:\program files\ADSTOP\Res\adstopres001.cft
    13 c:\program files\ADSTOP\Res\adstopres002.cft
    14 c:\program files\ADSTOP\Res\adstopres003.cft
    15 c:\program files\ADSTOP\Res\adstopres004.cft
    16 c:\program files\ADSTOP\Res\adstopres006.cft
    17 c:\program files\ADSTOP\Res\adstopres007.cft
    18 c:\program files\ADSTOP\Res\adstopres008.cft
    19 c:\program files\ADSTOP\Res\adstopres009.cft
    20 c:\program files\ADSTOP\Res\adstopres010.cft
    21 c:\program files\ADSTOP\Res\adstopres011.cft
    22 c:\program files\ADSTOP\Res\adstopres012.cft
    23 c:\program files\ADSTOP\Res\adstopres013.cft
    24 c:\program files\ADSTOP\Res\adstopres014.cft
    25 c:\program files\ADSTOP\Res\adstopres015.cft
    26 c:\program files\ADSTOP\Res\adstopres016.cft
    27 c:\program files\ADSTOP\Res\adstopres017.cft
    28 c:\program files\ADSTOP\Res\adstopres018.cft
    29 c:\program files\ADSTOP\Res\adstopres019.cft
    30 c:\program files\ADSTOP\Res\adstopres020.cft
    31 c:\program files\ADSTOP\Res\adstopres021.cft
    32 c:\program files\ADSTOP\Res\adstopres024.cft
    33 c:\program files\ADSTOP\Res\adstopres025.cft
    34 c:\program files\ADSTOP\Res\adstopres026.cft
    35 c:\program files\ADSTOP\Res\adstopres027.cft
    36 c:\program files\ADSTOP\Res\adstopres028.cft
    37 c:\program files\ADSTOP\Res\adstopres029.cft
    38 c:\program files\ADSTOP\Res\adstopres030.cft
    39 c:\program files\ADSTOP\Res\adstopres031.cft
    40 c:\program files\ADSTOP\Res\adstopres032.cft
    41 c:\program files\ADSTOP\Res\adstopres033.cft
    42 c:\program files\ADSTOP\Res\adstopres034.cft
    43 c:\program files\ADSTOP\Res\adstopres035.cft
    44 c:\program files\ADSTOP\Res\adstopres036.cft
    45 c:\program files\ADSTOP\Res\adstopres037.cft
    46 c:\program files\ADSTOP\Res\adstopres038.cft
    47 c:\program files\ADSTOP\Res\adstopres039.cft
    48 c:\program files\ADSTOP\Res\adstopres040.cft
    49 c:\program files\ADSTOP\Res\adstopres041.cft
    50 c:\program files\ADSTOP\Res\adstopres042.cft
    51 c:\program files\ADSTOP\uninstall.exe
    52 files\ADSTOP\Res\adstopres005.cft
    53 files\ADSTOP\Res\adstopres022.cft
    54 files\ADSTOP\Res\adstopres023.cft

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ADSTOPHKEY_CURRENT_USER\Software\ADSTOPHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\adstopup.exeHKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}ADSTOP

