Adware.BetterAds

Remediation

Malwarebytes can remove Adware.BetterAds without further user interaction.

1. Please download Malwarebytesto your desktop.
2. Double-click MBSetup.exeand follow the prompts to install the program.
3. When your Malwarebytes for Windowsinstallation completes, the program opens to the Welcome to Malwarebytes screen.
4. Click on the Get started button.
5. Click Scan to start a Threat Scan.
6. Click Quarantineto remove the found threats.
7. Reboot the system if prompted to complete the removal process.

To achieve full removal, a system reboot is required. Malwarebytes will prompt you to do so if necessary.A full removal guide for BetterAdscan also be found in our forums.

Malwarebytes removal log

Malwarebyteswww.malwarebytes.com-Log Details-Scan Date: 4/27/17Scan Time: 11:38 AMLogfile: mbamBetterAds.txtAdministrator: Yes-Software Information-Version: 3.0.6.1469Components Version: 1.0.96Update Package Version: 1.0.1818License: Premium-System Information-OS: Windows 7 Service Pack 1CPU: x64File System: NTFSUser:{computername}\{username}-Scan Summary-Scan Type: Threat ScanResult: CompletedObjects Scanned: 328803Time Elapsed: 4 min, 6 sec-Scan Options-Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: DisabledHeuristics: EnabledPUP: EnabledPUM: Enabled-Scan Details-Process: 1Adware.BetterAds.PrxySvrRST, C:\Windows\src_srv\winsrcsrv.exe, Quarantined, [6542], [392905],1.0.1818Module: 1Adware.BetterAds.PrxySvrRST, C:\Windows\src_srv\winsrcsrv.exe, Quarantined, [6542], [392905],1.0.1818Registry Key: 5Adware.BetterAds.PrxySvrRST, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\srcsrv, Delete-on-Reboot, [6542], [392905],1.0.1818Adware.BetterAds.PrxySvrRST, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES, Delete-on-Reboot, [6542], [-1],0.0.0PUP.Optional.BetterAds, HKLM\SOFTWARE\WOW6432NODE\betterads, Delete-on-Reboot, [476], [383836],1.0.1818PUP.Optional.Amonetize, HKLM\SOFTWARE\WOW6432NODE\MBS_INSTALL, Delete-on-Reboot, [6], [392968],1.0.1818PUP.Optional.BetterAds, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{376CA350-6C34-4F10-B8DC-586F8CA03009}_is1, Delete-on-Reboot, [476], [383837],1.0.1818Registry Value: 13Adware.BetterAds.PrxySvrRST, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Delete-on-Reboot, [6542], [-1],0.0.0Adware.BetterAds.PrxySvrRST, HKU\S-1-5-19\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Delete-on-Reboot, [6542], [-1],0.0.0Adware.BetterAds.PrxySvrRST, HKU\S-1-5-20\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Delete-on-Reboot, [6542], [-1],0.0.0Adware.BetterAds.PrxySvrRST, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Delete-on-Reboot, [6542], [-1],0.0.0Adware.BetterAds.PrxySvrRST, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Delete-on-Reboot, [6542], [-1],0.0.0Adware.BetterAds.PrxySvrRST, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYSERVER, Delete-on-Reboot, [6542], [-1],0.0.0Adware.BetterAds.PrxySvrRST, HKU\S-1-5-19\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYSERVER, Delete-on-Reboot, [6542], [-1],0.0.0Adware.BetterAds.PrxySvrRST, HKU\S-1-5-20\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYSERVER, Delete-on-Reboot, [6542], [-1],0.0.0Adware.BetterAds.PrxySvrRST, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYSERVER, Delete-on-Reboot, [6542], [-1],0.0.0Adware.BetterAds.PrxySvrRST, HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Delete-on-Reboot, [6542], [-1],0.0.0Adware.BetterAds.PrxySvrRST, HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYSERVER, Delete-on-Reboot, [6542], [-1],0.0.0Adware.BetterAds.PrxySvrRST, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SRCSRV|IMAGEPATH, Delete-on-Reboot, [6542], [392906],1.0.1818PUP.Optional.Amonetize, HKLM\SOFTWARE\WOW6432NODE\MBS_INSTALL|CHANNEL, Delete-on-Reboot, [6], [392968],1.0.1818Registry Data: 0(No malicious items detected)Data Stream: 0(No malicious items detected)Folder: 1Adware.BetterAds.PrxySvrRST, C:\WINDOWS\SRC_SRV, Delete-on-Reboot, [6542], [392905],1.0.1818File: 6PUP.Optional.BetterAds, C:\USERS\{username}\DESKTOP\SRC_SRV_AMONETIZE.EXE, Delete-on-Reboot, [476], [391675],1.0.1818Adware.BetterAds.PrxySvrRST, C:\WINDOWS\SRC_SRV\TRUSTED.WEB.PROXY.DLL, Delete-on-Reboot, [6542], [392905],1.0.1818Adware.BetterAds.PrxySvrRST, C:\Windows\src_srv\accept_cert.exe, Delete-on-Reboot, [6542], [392905],1.0.1818Adware.BetterAds.PrxySvrRST, C:\Windows\src_srv\Ionic.Zip.dll, Delete-on-Reboot, [6542], [392905],1.0.1818Adware.BetterAds.PrxySvrRST, C:\Windows\src_srv\rootCert.pfx, Delete-on-Reboot, [6542], [392905],1.0.1818Adware.BetterAds.PrxySvrRST, C:\Windows\src_srv\winsrcsrv.exe, Delete-on-Reboot, [6542], [392905],1.0.1818Physical Sector: 0(No malicious items detected)(end)

Traces/IOCs

You may see these entries in FRST logs:() C:\Windows\src_srv\winsrcsrv.exeProxyEnable: [.DEFAULT]=> Proxy is enabled.ProxyServer: [.DEFAULT]=> 127.0.0.1:8003ProxyEnable: [S-1-5-19]=> Proxy is enabled.ProxyServer: [S-1-5-19]=> 127.0.0.1:8003ProxyEnable: [S-1-5-20]=> Proxy is enabled.ProxyServer: [S-1-5-20]=> 127.0.0.1:8003ProxyEnable: [S-1-5-21-1350903546-318028887-1286703239-1003]=> Proxy is enabled.ProxyServer: [S-1-5-21-1350903546-318028887-1286703239-1003]=> 127.0.0.1:8003ManualProxies: 1127.0.0.1:8003R2 srcsrv; C:\Windows\src_srv\winsrcsrv.exe [16384 2017-04-04] () [File not signed]C:\Windows\unins000.exeC:\Windows\unins000.datC:\Windows\src_srvBetterAds version 1 (HKLM-x32\...\{376CA350-6C34-4F10-B8DC-586F8CA03009}_is1) (Version: 1 - ) Associated files:%WinDir%\src_srv\winsrcsrv.exeDomains:betteradssoftware.com