$_SERVER["REMOTE_ADDR"] = preg_replace('/.*,\s*/','', $_SERVER["HTTP_X_FORWARDED_FOR"]);
Notice: Undefined index: related in /data/www/spywareguide/product_show.php on line 49
Notice: Undefined variable: incprefix in /data/www/spywareguide/product_show.php on line 241
Program that delivers advertisements on your PC.
Note that many websites have their own advertising, unrelated to adware.
HighTraffic is an Internet Explorer Browser Helper Object which opens advertising.
It detects when you are using a search engine, and opens its own 'enhanced results' sidebar containing paid links. This is styled to look a bit like the search engine you are using at the time.
SubSearch/HighTraffic was the original version from December 2002. Its controlling server is www.hightrafficads.com. There are two subvariants, /A (from 11th December) and /B (17th December) which seem to vary only in their class ID.
SubSearch/v2 is a version rewritten as a single DLL, from January 2003. Its controlling server is www.popunder.info (with www.cpcads.com apparently acting as a backup). It opens a characteristic 'Enhanced Search' with sponsored links when you use any other search engine.
SubSearch/v21 and SubSearch/v22 are updates to v2. v22 adds an explorer-bar-search hijacker pointed at www.dothesearch.com.
Currently there is no unique ID or cookie being used to track search usage.
It can be directed by any web page to download any file and write it anywhere to the filesystem, including over other program files which may then get run.
Open a DOS command prompt window (from Start->Programs->Accessories) and enter the following commands:
regsvr32 /u BHO2.dll
regsvr32 /u MSNIE.dll
Restart Windows and you should be able to delete the BHO2.dll and MSNIE.dll files in the System folder. (The System folder can be found in the Windows folder; it is called 'System32' on Windows NT/2000/XP, and just 'System' on Windows 95/98/Me.)