Threat Explorer

The Threat Explorer is a comprehensive resource consumers can turn to for daily, accurate, up-to-date information on the latest threats, risks and vulnerabilities.

Adware.FOne

Adware.FOne

Updated:
February 13, 2007
Risk Impact:
High
File Names:
Ddm3dia.dll
Systems Affected:
Windows

Behavior


Adware.FOne downloads and installs several other adware components. It displays targeted advertisements and monitors your Web-browsing habits.

Symptoms


Outgoing connections made to www.f1organizer.com
  • The presence of .dll files detected as Adware.FOne


Behavior


This adware program may be included with another program, and may be installed when the program itself is installed. It may also be installed when you visit certain Web sites.

Antivirus Protection Dates

  • Initial Rapid Release version October 02, 2014 revision 022
  • Latest Rapid Release version February 01, 2015 revision 020
  • Initial Daily Certified version December 18, 2003
  • Latest Daily Certified version January 17, 2008 revision 033
  • Initial Weekly Certified release date December 23, 2003
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.


Adware.FOne is an adware component that runs as a Browser Helper Object . This means that the adware component will run when Internet Explorer runs.

When this adware component is running, it contacts www.f1organizer.com. On this Web site, it accesses a text file that contains links.The links are either files that can be downloaded and executed, or advertisements that can be displayed.

At the time of writing this writeup, Adware.FOne downloaded and installed the following adware components.



During testing, only Adware.BargainBuddy asked for user confirmation before being installed. All other components were silently installed in the background without any user confirmation or notification.


The following instructions pertain to all Symantec antivirus products that support Security Risk detection.
  1. Update the definitions.
  2. Run a full system scan and write the path and file names of all the .dll files detected as Adware.FOne.
  3. Unregister the .dll file.
  4. Run a full system scan and delete all the files detected as Adware.FOne.
For specific details on each of these steps, read the following instructions.

1. Updating the definitions
To obtain the most recent definitions, start your Symantec program and run LiveUpdate.

2. Scanning for and writing the file names
  1. Start Norton AntiVirus and make sure that it is configured to scan all the files. For more information, read the document, "How to configure Norton AntiVirus to scan all files."
  2. Run a full system scan.
  3. If any .dll files are detected as Adware.FOne, write down the full path to the file, including the file name.

3. Unregistering the .dll file
  1. Click Start, and then click Run. (The Run dialog box appears.)
  2. Type the following text:

    regsvr32 /u "[path\filename]"

    where [path\filename] is the path to the file written down in step 2.

    then click OK.

  3. If a dialog box confirming this action appears, click OK.

4. Scanning for and deleting the files
  1. Start Norton AntiVirus and make sure that it is configured to scan all the files. For more information, read the document, "How to configure Norton AntiVirus to scan all files."
  2. Run a full system scan.
  3. If any files are detected as Adware.FOne, click Delete.


    Note: If your Symantec antivirus product reports that it cannot delete a detected file, write down the path and file name. Then use Windows Explorer to locate and delete the file.