AdAware Plug-ins
Here is the total list of Ad-Aware SE plug-ins:
Filespecs:
If you're interested in more information about a given file than Ad-Aware supplies in the "Scanning Results" screen, choose The FileSpecs add-on from the right-click menu under "Extensions | Show File-Details". The add-on will provide you with a wealth of data about the file, including File Information Resources (file name, location, size, creation date, and the last time it was accessed or modified), and PE Information, including complete PE Header information. FileSpecs works with Ad-Aware Professional.
Code:
*download.lavasoft.de.edgesuite.net/public/plfilespecs.exe
HexDump:
With many files (cookies for example) there's no easy way to view any information about them. The HexDump extension for Ad-Aware lets you view a hexadecimal version of a file turned up in a scan, along with an "English" translation of the hex code. This can provide you with additional information you may find handy such as the URL of the originator of a cookie. Access the HexDump extension at the "Scanning Results" screen; right-click on a file and choose "Extensions | Show Hexdump". HexDump works with all versions of Ad-Aware.
Code:
*download.lavasoft.de.edgesuite.net/public/plhexdump.exe
Lavasoft Ad-Aware SE Language File Editor v 1.05, Build 231:
Code:
*download.lavasoft.de.edgesuite.net/public/pllanged.exe
LSP Explorer:
Layered Service Providers (LSP) are small pieces of software that can be added or inserted into the Windows TCP/IP handler by other software. Data outward bound from your computer to a legitimate destination on the Internet can be intercepted by an LSP and sent somewhere other than where you intend it to go. LSP Explorer lets you view active LSP and Name Service Providers on your system, along with detailed information about each so you can determine whether or not they're legitimate. Access LSP Explorer can be run directly from the Add-ons menu. LSP Explorer works with all versions of Ad-Aware.
Code:
*download.lavasoft.de.edgesuite.net/public/pllspexplorer.exe
Messenger-Control:
Beginning with Windows NT, Microsoft included the Windows Messenger Service, and it's been built-in to each subsequent version and release of Windows over the past several years. It was originally designed to allow system administrators on client-server networks to send out brief system-wide messages to everyone connected to the network. For the most part, it's never gained much use since there are easier alternatives to sending such messages.
It is being put to use however, by those who know that this Service is turned on by default in all current versions of Windows. If you've been connected to the Internet and suddenly see a window pop-up filled with information about the latest "get-rich-scheme," a college diploma, or low-rate credit cards, you're being spammed courtesy of Windows Messenger Service! Note that these are not browser windows, but resemble Windows Dialog boxes (with "Messenger Service" in the title bar), with the exception that you're generally offered no "options" besides clicking an "OK" button.
Windows Messenger Service is an Internet server that's up and running on your machine, leaving it open to anyone who wants to connect to it when you're online. Unlike annoying browser pop-ups, which only show up if Internet Explorer or another browser is running, spam utilizing Windows Messenger Service can be received no matter what application you mightbe using, as long as you're connected to the Internet.
For the typical user, having Messenger Service running opens an unnecessary "back door" that can compromise system security and which can be shut and locked tight easily. On October 15th of 2003, Microsoft released Security Bulletin MS03-043 which outlines potential ways malicious programmers can exploit a flaw in the Messenger Service using buffer overflows to take control of your system. According to Microsoft, "An attacker who successfully exploited this vulnerability could be able to run code with Local System privileges on an affected system, or could cause the Messenger Service to fail. The attacker could then take any action on the system, including installing programs, viewing, changing or deleting data, or creating new accounts with full privileges." At this point, there are no known examples of malware taking advantage of this loophole, but it's almost certain that as this problem becomes more well known, attacks on systems vulnerable to this threat will occur.
Turning off Windows Messenger Service also has the added benefit of freeing up a little extra RAM and CPU cycles. If for no other reason than to shut off spam it's worth the few seconds it takes to turn it off.
Unfortunately, just as there are people ready and willing to exploit system flaws with malevolent intent, there are also those geared-up to sell you a program to take care of the problem. A quick check of any search engine or shareware site will turn up dozens, ranging in price from a few dollars to nearly $30 US. One site that sells the software to generate Messenger spam even tells you how to keep it from affecting your computer!
Although you can do it yourself by wading through some menus and options turning off Windows Messenger Service, using Lavasoft's Messenger-Control plug-in for Ad-aware is a simpler option. All you need to do is download the plug-in. Then extract and run the installation executable, which will put the plug-in in the correct folder. After that you just run Ad-aware, click the "Plug-ins" button, and double click on Messenger-Control. Select "Disable Messenger," and the Service will be shut down. Should you ever need to restore it, follow the same directions and click "Enable Messenger".
If you're using a standalone machine not connected to a LAN, you can generally turn off Windows Messenger Service with no problems, although there are some programs that make legitimate use of the Service. Those connected to a local area network will want to contact their system administrator first just in case they make use of it.
Also, shutting off Windows Messenger Service will have no effect on any of the popular "instant messaging" systems you might be using; they don't rely on Windows Messenger Service (irrespective of its name) to function
Code:
*download.lavasoft.de.edgesuite.net/public/plmessengerstop.exe
OE-W Messengerctrl:
Disable Windows Messenger From Appearing When You Open Outlook Express
Many users opt not to use Microsoft Windows Messenger for their instant messenger program. Despite the fact that Microsoft Windows XP users have turned off the auto-start feature of Windows Messenger, it continues to open when Microsoft Outlook Express is use.
It should be noted that this only occurs on systems running Microsoft Windows XP. Other versions of Microsoft Windows do not experience this.
If you have disabled Windows Messenger's auto-start function, and you'd like it to remain closed while using Outlook Express, we have created an add-on which will allow you to prevent Windows Messenger from starting when Outlook Express launches. The add-on allows you to switch between disabling and enabling Windows Messenger's auto-launch status when opening Outlook Express. When Windows Messenger is disabled, you may also notice faster load times when opening Outlook Express.
Code:
*download.lavasoft.de.edgesuite.net/public/ploemessenger.exe
VX2 Cleaner:
Lavasoft’s new add-on VX2 Cleaner detects the malware VX2 and offers you the ability to remove it from your computer. Some users have experienced a very difficult variant of VX2 which cannot be removed by Ad-Aware. For those users which have this variant, we have developed an add-on to help you remove this VX2 variant.
This VX2 variant registers itself in a way, which gives it system privileges. It also prevents the user from viewing this information by removing the user’s rights to do so. Furthermore it constantly monitors the registry and prevents any attempts to remove its associated values. This makes it very difficult for the user to manually remove it.
The VX2 Cleaner works with all editions of Ad-Aware.
How to use Lavasoft’s VX2 Cleaner add-on
- Close Ad-Aware and Ad-Watch (if running)
- Download the free VX2 Cleaner here
- Install the VX2 Cleaner
- Start Ad-Aware
- Go to “Add-ons”
- Select the VX2 Cleaner add-on and click “Run Tool”
- If your computer isn’t infected, click “Close”.
If your computer is infected
- Select “Clean System”
- Reboot your computer
- Scan your computer with Ad-Aware
- Remove any VX2 objects detected
- Reboot your computer again
- Run a second scan to make sure the files have been removed from your computer
More information on VX2 can be found in the TAC database
Code:
*download.lavasoft.de.edgesuite.net/public/plvx2cleaner.exe
Tweak SE:
Lavasoft´s new add-on Tweak SE allows you to alter and "tweak" settings as well as make GUI alterations available to the user.
Tweak SE works with all Ad-Aware SE versions.
The following options are available via the Tweak SE add-on
- User Interface Modifications Include
[list:aac2a76261]
- Hide the text information (Status lines)
Hides the text information shown on some pages ("Doubleclick an item to show details.. " etc).
- Hide flashing bug after scan
Hides the "flashing bug" image that shows up at the end of a scan if critical objects have been detected.
- Hide MRU items on detailed statistics
Hides the entries for MRU items in the detailed statistics list.
- Use IE Icon for Browser Hijack Objects (regardless of reference-type)
The image shown on the scan result list usually reflects the type of reference (files show a different image then a registry key etc.) using this option, all references assigned to "possible browser hijack attempt" will use an Internet Explorer icon instead of the actual image associated with its reference-type.
- Show WebUpdate GUI during automated updates
Shows the WebUpdate user interface during automated updates (command line, startup mode, etc).
- Ad-Aware window caption
If empty, the default title will be used for the Ad-Aware main window, otherwise the content entered in the edit box will be used.
[*]
Scanning Engine Modifications Include
- Flag all encoded url references as possible browser hijack attempt
If an encoded url is used (Example: %77%77%77%2e%6c%6f%70..) Ad-Aware will assume it is a possible browser hijack attempts and translate the url in the logfile.
- Flag all unrecognized Alternate Data Streams
Using this option will let Ad-Aware put any detected alternate-data streams (except for those streams that the user has chosen to filter) in the results list, whether the object in question is malicious or not.
- Skip IE Cache (Temporary internet files) folder during scan
This option will allow you to filter out temporary internet files when performing a scan.
- Skip system restore folder during scan
As specified, the system restore folder will not be scanned.
[*]
Additional Options Included
- Validate folders after editing Ad-Aware preferences
Varifies if the path entered by the user in the Ad-Aware preferences (log files, definition file, etc) is valid and alerts the user if it isnt. this has been made optional since remote paths may be temporary unavailable.
- Skip automated saving of clean logfiles
Log files will not be created or saved for scans that do not include detected content. In other words, if Ad-Aware does not detect anything during the scan, a log file will not be created.
- Delay (seconds) if delayed loading is active
The default delay time for initializing Ad-Aware is 15 seconds. Using this option will allow you to increase the delay timing to a maximum of 120 seconds for slower systems.
- Append this text to logfile
Adds the text entered in the edit box within the header section of the log file. Text can be appended up to a maximum of 255 bytes.
[/list
:aac2a76261]
Please Note: If settings have been modified, Ad-Aware should be restarted after the plugin closes.
Tweak SE preferences can be exported by using the following registry key (export the entire key)
HKEY_CURRENT_USER\Software\Lavasoft\Ad-Aware SE
Code:
*download.lavasoft.de.edgesuite.net/public/pltweakse.exe
