This isnt a straight forward removal in my opinion Media
Tickets CDT is connected to most of the spyware around
today coming from Integrated Search Technologies I wish i
could just say delete this one registry line and all will
be well but this adware isnt like that and it can add
lots of other adware plus leave your system open to
futher attacks.Heres everything i know about it and hope
it helps you
When Mediatickets is executed, it performs the following
actions: Displays pop-up advertisements. Adds the
following domains into the Trusted Sites zone for
Internet Explorer
Note
lease dont visit these sites as
they all spread spyware/adware)
blazefind.com
clickspring.net
flingstone.com
mt-download.com
my-internet.info
searchb
arcash.com
searchmeup.cc
searchmiracle.com
skoobidoo.com
slotch.com
xxxtoolbar.com
Adds the IP address, 69.31.87.223, into the Trusted Sites
zone for Internet Explorer Allows the downloading of
active content and running ActiveX scripts, and enables
ActiveX controls and plug-ins
So the problem is if its added these to your trusted
sites zone you could have other spyware on your pc
(Istbar,searchmiracle etc..)
Theres a unistaller advertised but this just adds more
adware so beware of that also
Its called WinAd
File names: mt-uninstaller.exe; installer.exe
When Adware.WinAd is executed, it performs the following
actions:
Creates the files:
mt-uninstaller.exe
installer.exe
Displayes the following pop-up box when executed:
Title: MediaTickets Uninstaller Setup
Message: MediaTickets has been successfully removed.
But really just adds the windupdates Downloader Trojan
which again will try to install products and display ads.
Here some removal tips but i will have to include all the
above sites into the removal incase they are also on your
system as a result of mediatickets This might look like
overkill but depending how long its been there it could
of added other adware from its affiliates so its best for
me to include all possible Reg values to be on the safe
side
ALWAYS do these when trying to remove a bug.
As the system restore needs to be switched of i advise
using it if you think you have only recently picked this
up and go back to a point where you know your system was
clean otherwise carry on with these tips(Best to copy
them to notepad and save it so you can still read it
while in safe mode)
First: Turn off Windows XP System Restore (Start,Right
click my computer,Properties,then system restore and
disable and apply)
Next: Enable viewing of hidden files and folders and
extensions; Some programs can hide this way by not being
visible in Windows. Start Windows Explorer and click on
your main hard drive, usually c:\. Then select Tools from
the top of Windows Explorer and then Folder Options. Go
to the View tab. Scroll down to the folder icon that says
Hidden files and folders and check show hidden files and
folders. Also, right below it, uncheck the hide file
extensions for known types.
Next: Delete Temp Internet files :
Open a internet browser window, click Tools then Internet
Options.
Click on the Delete Cookies and the Delete Files buttons,
then click OK and close the browser window.
Next: Delete Windows Temporary Files - (start,run then
type %temp% delete all files you can in this folder
The Windows temporary directory (usually located at
C:\windows\temp).
Download These Free Removal Products
Ad-aware SE
http://www.majorgeeks.com/downloadget.php?
id=506&file=11&evp=8dbaff7daca8f4b55bf695220993fc0f
Spybot Search & Destroy
http://www.majorgeeks.com/downloadget.php?
id=2471&file=11&evp=2470f9bfb0cc682334ff8c4459556118
CWShredder
http://cwshredder.net/bin/CWShredder.exe
Next to boot into Safe Mode
Reboot the system and tap F8, choose Safe Mode.
Use the above 3 programs when in safe mode Adaware,Spybot
and CWShredder,you can also use MS antispy in safe mode
to if you havent already tried that
Here registry values for all the above adware but you
might not have any of these depending on what has got
through and if CDT has updated your trusted sites zone,If
you dont feel confident using reg edit then leave this
part and go to the online scans instead as they should
identify it a Adware CDT if you are infected:
Click Start > Run.
Type regedit
Then click OK.
Navigate to and delete these keys
If Found)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersi
on\Internet Settings\ZoneMap\Domains\blazefind.com
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersi
on\Internet Settings\ZoneMap\Domains\clickspring.net
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersi
on\Internet Settings\ZoneMap\Domains\flingstone.com
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersi
on\Internet Settings\ZoneMap\Domains\mt-download.com
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersi
on\Internet Settings\ZoneMap\Domains\my-internet.info
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersi
on\Internet Settings\ZoneMap\Domains\searchbarcash.com
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersi
on\Internet Settings\ZoneMap\Domains\searchmeup.cc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersi
on\Internet Settings\ZoneMap\Domains\searchmiracle.com
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersi
on\Internet Settings\ZoneMap\Domains\skoobidoo.com
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersi
on\Internet Settings\ZoneMap\Domains\slotch.com
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersi
on\Internet Settings\ZoneMap\Domains\xxxtoolbar.com
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersi
on\Internet Settings\ZoneMap\Ranges\Range1
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersio
n\Internet Settings\ZoneMap\Domains\blazefind.com
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersio
n\Internet Settings\ZoneMap\Domains\clickspring.net
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersio
n\Internet Settings\ZoneMap\Domains\flingstone.com
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersio
n\Internet Settings\ZoneMap\Domains\mt-download.com
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersio
n\Internet Settings\ZoneMap\Domains\my-internet.info
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersio
n\Internet Settings\ZoneMap\Domains\searchbarcash.com
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersio
n\Internet Settings\ZoneMap\Domains\searchmeup.cc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersio
n\Internet Settings\ZoneMap\Domains\searchmiracle.com
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersio
n\Internet Settings\ZoneMap\Domains\skoobidoo.com
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersio
n\Internet Settings\ZoneMap\Domains\slotch.com
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersio
n\Internet Settings\ZoneMap\Domains\xxxtoolbar.com
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersio
n\Internet Settings\ZoneMap\Ranges\Range1
Navigate to the key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersio
n\WinTrust\Trust Providers\Software Publishing\Trust
Database\0
In the right pane, delete the values:
" ppcimdnnnjbeahepfabjipfginloedkg egckak" = "CDT inc."
"goicfboogidikkejccmclpieicihhlpo ejemdn" = "MediaTickets"
"goicfboogidikkejccmclpieicihhlpo bihgbp" = "Integrated
Search Technologies"
Navigate to the keys:
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVers
ion\Internet Settings
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersio
n\Internet Settings
In the right pane, delete the values:
"MinLevel" = "Code Download"
"Safety Warning Level" = "SucceedSilent"
"Security_RunActiveXControls" = "0x01000000"
"Security_RunScripts" = "0x01000000"
"Trust Warning Level" = "No Security"
Navigate to the key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersio
n\Internet Settings\Zones\2
In the right pane, delete the values:
"2001" = "0x00000000"
"2004" = "0x00000000"
Exit the Registry Editor.
Then back to Normal mode and that should be gone but if
you want to make sure then run a online scan at both of
these sites
do an online scan at Trend Micro's Free Online Virus Scan
http://housecall.trendmicro.com/housecall/start_corp.asp
do an online scan at Symantec Security Check
http://security.norton.com/sscv6/default.asp?
langid=ie&venid=sym
Good Luck Andy
