internetinspiration logo
             
Home Internet Guides Privacy & Security Must have software Internet Shopping Earn Money Fun & Games Freebies

Privacy & Security
How to remove adware punisher

The removal tool/procedure for AdwarePunisher on this page has been replaced by Roguefix.
A new comprehensive scan and delete utility for the family of rogue scanners and their installing/accompanying trojans
Roguefix, click here


Adware punisher is a clone of The Spyware Guard, it is currently using a Trojan to distribute itself. The Trojan will trigger a warning balloon that appears from the toolbar detecting a spyware infection or that your system is under the control of a remote computer.

Pop ups can be displayed for adware punisher

Adware punisher can also take over your desktop with a yellow warning sign, prevent access to websites, interfere with some security software and Windows functions.

Cashdeluxe and AzeSearch may also be installed

As with other similar deceptive applications, malware removal programs have difficulty removing it. Not deleting all of its files, folders and registry keys can remove the visible signs of infection but will leave your system running noticeably slow.

You will need

1)Pocket killbox, from Here, to your desktop. Extract the files from the .zip folder ready for use.
Killbox is a small application created by Option^Explicit, www.bleepingcomputer.com to remove stubborn files and folders.

2) Ace Utilities (free trial), a comprehensive disk and registry cleaner to remove the remnants.

Removal procedure

Part 1
Set Windows to Show Hidden files and folders. How to.

Part 2
Unregister .dll files.
Click Start > Run.
Copy and paste the following lines, one at a time into the box and click OK

regsvr32 /u winapi32.dll.

regsvr32 /u mswinf32.dll

regsvr32 /u mswinb32.dll

regsvr32 /u adwarepunisher.dll

regsvr32 /u adwarepunisher_monitor.dll

Part 3
Copy the contents of the yellow box below, depending on your Windows version, to your clipboard.
How to - Roll your cursor over the text whilst holding down the left click button to highlight. Right click on the Highlighted text and select Copy.
Windows XP Windows 2000Windows 98 & ME
C:\drsmartload1.exe
C:\Program Files\AdwarePunisher
C:\WINDOWS\adw.htm
C:\WINDOWS\azesearch.bmp
C:\WINDOWS\back.gif
C:\WINDOWS\bg.gif
C:\WINDOWS\buy-btn.gif
C:\WINDOWS\country.exe
C:\WINDOWS\download-btn.gif
C:\WINDOWS\drsmartload95a.exe
C:\WINDOWS\kl.exe
C:\WINDOWS\loadadv728.exe
C:\WINDOWS\loader138.exe
C:\WINDOWS\secure32.html
C:\WINDOWS\temp.000.exe
C:\WINDOWS\tool1.exe
C:\WINDOWS\tool2.exe
C:\WINDOWS\tool3.exe
C:\WINDOWS\tool4.exe
C:\WINDOWS\tool5.exe
C:\WINDOWS\toolbar.exe
C:\WINDOWS\uniq
C:\WINDOWS\system32\azebar.xml
C:\WINDOWS\system32\exa32.exe
C:\WINDOWS\system32\intxt.exe
C:\WINDOWS\system32\mswinb32.dll
C:\WINDOWS\system32\mswinb32.exe
C:\WINDOWS\system32\mswinf32.exe
C:\WINDOWS\system32\mswinup32.dll
C:\WINDOWS\system32\mswinxml.dll
C:\WINDOWS\system32\paytime.exe
C:\WINDOWS\system32\services32.exe
C:\WINDOWS\system32\shell386.exe
C:\WINDOWS\system32\winapi32.dll
C:\WINDOWS\system32\winlfl32.dll
 C:\drsmartload1.exe
C:\Program Files\AdwarePunisher
C:\WINDOWS\adw.htm
C:\WINDOWS\azesearch.bmp
C:\WINDOWS\back.gif
C:\WINDOWS\bg.gif
C:\WINDOWS\buy-btn.gif
C:\WINDOWS\country.exe
C:\WINDOWS\download-btn.gif
C:\WINDOWS\drsmartload95a.exe
C:\WINDOWS\kl.exe
C:\WINDOWS\loadadv728.exe
C:\WINDOWS\loader138.exe
C:\WINDOWS\secure32.html
C:\WINDOWS\temp.000.exe
C:\WINDOWS\tool1.exe
C:\WINDOWS\tool2.exe
C:\WINDOWS\tool3.exe
C:\WINDOWS\tool4.exe
C:\WINDOWS\tool5.exe
C:\WINDOWS\toolbar.exe
C:\WINDOWS\uniq
C:\Winnt\system32\azebar.xml
C:\Winnt\system32\exa32.exe
C:\Winnt\system32\intxt.exe
C:\Winnt\system32\mswinb32.dll
C:\Winnt\system32\mswinb32.exe
C:\Winnt\system32\mswinf32.exe
C:\Winnt\system32\mswinup32.dll
C:\Winnt\system32\mswinxml.dll
C:\Winnt\system32\paytime.exe
C:\Winnt\system32\services32.exe
C:\Winnt\system32\shell386.exe
C:\Winnt\system32\winapi32.dll
C:\Winnt\system32\winlfl32.dll
 C:\drsmartload1.exe
C:\Program Files\AdwarePunisher
C:\WINDOWS\adw.htm
C:\WINDOWS\azesearch.bmp
C:\WINDOWS\back.gif
C:\WINDOWS\bg.gif
C:\WINDOWS\buy-btn.gif
C:\WINDOWS\country.exe
C:\WINDOWS\download-btn.gif
C:\WINDOWS\drsmartload95a.exe
C:\WINDOWS\kl.exe
C:\WINDOWS\loadadv728.exe
C:\WINDOWS\loader138.exe
C:\WINDOWS\secure32.html
C:\WINDOWS\temp.000.exe
C:\WINDOWS\tool1.exe
C:\WINDOWS\tool2.exe
C:\WINDOWS\tool3.exe
C:\WINDOWS\tool4.exe
C:\WINDOWS\tool5.exe
C:\WINDOWS\toolbar.exe
C:\WINDOWS\uniq
C:\WINDOWS\system\azebar.xml
C:\WINDOWS\system\exa32.exe
C:\WINDOWS\system\intxt.exe
C:\WINDOWS\system\mswinb32.dll
C:\WINDOWS\system\mswinb32.exe
C:\WINDOWS\system\mswinf32.exe
C:\WINDOWS\system\mswinup32.dll
C:\WINDOWS\system\mswinxml.dll
C:\WINDOWS\system\paytime.exe
C:\WINDOWS\system\services32.exe
C:\WINDOWS\system\shell386.exe
C:\WINDOWS\system\winapi32.dll
C:\WINDOWS\system\winlfl32.dll

Open the Killbox application. Click on File and select Paste from clipboard. The list of files should now appear in the Full path of file to delete box.
Select Delete on Reboot and All files.
Click the Kill file button, (red circle with white cross)
When prompted, select NO to reboot now.

If you have problems with the above copy and paste method, you will need to copy and paste each file path into the Full path of file to delete box individually, with Delete on reboot and single file selected click the delete file button and No at the reboot now prompt, then repeat for the next file until the entire list is entered.

Close the Killbox application

Part 4
Remove the registry keys shown in the yellow box below. If you are not comfortable manually editing the registry, below are instructions to create a small file that will do the work for you.
REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\BrowserHelperObjects]
"winapi32.dll"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B439D5EB-0A61-4ED9-8C8F-EC4148BB23F7}]
[HKEY_CLASSES_ROOT]
"winapi32.Intelinks"=-
[HKEY_CLASSES_ROOT]
"winapi32.MyBaner"=-
[HKEY_CLASSES_ROOT]
"winapi32.MyBHO"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes]
"winapi32.Intelinks"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes]
"winapi32.MyBaner"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes]
"winapi32.MyBHO"=-
To create a small file to clean the registry for you.
a) Open Notepad (Start > programs > Accessories > Notepad)
b) Copy and paste the entire contents of the yellow box above onto notepad.
c) Click File along the top of Notepad and select Save. In the box that opens, use the drop down list to select desktop in the Save in box.

d) Type regfix.reg into the Filename box.
Use the drop down list to select All file types in the Save as type box

e) Click the Save button. This will put the following icon on your desktop.

f) Double click on the regfix.reg icon on your desktop. Click Yes to merge with the registry.

Part 5
Restart your computer.

Open Ace utilities

Perform the following scans, whilst we are targeting adware punisher, this cleaner will remove many other redundant or obsolete files and registry keys.

Click clean up , select remove Junk Files. Scan and delete everything found. Close the remove junk files box.

Select Clean system registry. Click options and select Thorough. Scan and delete everything found. Close the Clean system registry box.

Select Erase History, click the Windows tab and select the following-
Empty the Windows Prefetch Folder.
Delete empty folders on the Windows Temp folder.
Erase Folder streams in the Windows registry.
Clear past icon history of system tray   (thanks Angus)
Click Execute Now

Click the internet Explorer/MSN tab and select the following-
Delete cookies
Delete locked URL cache file.
Delete all auto-complete Data.
Clear typed URL's of Address bar
Clear Browser History
Delete Cache (Files in temporary Internet folder)
Click Execute Now.

You computer should now be free of Adware Punisher, Cashdeluxe and AzeSearch.

Other malware may also have been installed, I suggest using Ewidow, for Windows XP and 2000.A Free version and free online scan is available. For other versions of Windows, use A squared

If your Homepage has been changed, right click on the Internet explorer icon on your desktop or Start menu to open the internet properties box. Select the Programs tab and click the Reset Web settings button.


This information is provided free of charge/subscription/registration and without warranty. All the usual disclaimer jargon applies.
However, if this page has helped resolve your problems without having the expense of taking your PC to a repair shop or the hassle of reformatting, you may like to support our efforts with a small donation towards the maintenance ,further development of this site and the research to create more pages like this for future malware, even £1, $1, €1 can help make sure we are still here should you ever need us again.
Privacy & Security

Information

E-mail

Viruses

hackers, crackers & firewalls

Trojans

Spyware

Keyloggers

Cookies

BHO's & Hijackers

Drive by downloads

diallers

Scams & Hoaxes

Hijack this-
automatic analysis

Free pest scan

Unwanted processes

How to-Tutorials

Clean up/repair after malware infection

Prevent malware installing

Install Hijackthis

Start in Safe mode

Show hidden files/folders

enable/disable Active X controls

Disable Messenger service pop-ups

Use the Host file

Roguefix -
Removal tool for Rogue spyware removers & Fake Warnings
removal tool

Kill E2Give

Kill MySearch

Kill Sdbot-ADD / lockx.exe

Kill seeve.exe / mediamotors pop ups

Kill Winfixer2005

Kill SysProtect

News/Articles

New Winfixer infection displays fake Blackworm warning

The real cost of Free security software

About us Contact us FAQ Links Privacy Statement Site Map Webmasters
Click here to add this page to your favorites
©Internet Inspiration, 2003.      All registered trademarks are observed and respected.
If you receive advertising pop ups whilst viewing this site, you are infected with an ad-serving parasite, because we don't use pop ups. See our Privacy & security section for help with detection and removal.