Thursday, January 18, 2007

boring technical stuff: how to get rid of the nasty npdl adware plugin

It's a shame I hadn't read Pogue's Blog on the npdlplug Firefox plugin that started popping up ads on my PC. There really isn't a lot of useful info on this one, which is why I'm going to post my solution, to help any poor suckers googling for help. Pogue's Blog says you can go the their website to see how to uninstall it, but it said there should be things in add/remove that weren't there. Some company called Sophis mentions it and says they can remove it. I tried to download an evaluation version of their anti-virus software - first it was a bitch to find, second they send you an email with a link to download it that didn't work.

Something called panda software had a free scan - they actually bill a free scan and cleaning but that's untrue. But they do scan for everything they consider a threat. They actually consider every add-in for Firefox a threat! but I did save the report and searched it and found some useful information that looked like this:

C:\Program Files\Download Plugin\DlPlugin-Moz\npdlplug.dll

C:\Program Files\Download Plugin\DlPlugin-Moz\setup2.exe

C:\Program Files\Mozilla Firefox\plugins\npdlplug.dll

C:\Program Files\Mozilla Firefox 2.0\plugins\npdlplug.dll

I deleted those, but found I could not delete the Download Plugin folder, which Windows said was in use. So I rebooted into safe mode and deleted that.

Of course I knew it wasn't that easy, so then I used the program StartupRun which tells you all the programs that load up when your computer boots up, looking for mysterious stuff. I found two very mysterious entries. It doesn't matter what they were called, because they were obviously random generated strings. One was something like "bird cake run" and the other was something equally nonsensical. So I deleted both entries from StartupRun (if you're less confident you've got the culprits you can just disable them. Then I went to the folders that StartupRun indicated they were running from and deleted those folders.

I also noticed when I was in c:\program files that there was a folder with one of those same nonsense names, so I deleted that too. There was not a folder with the other nonsense name.

Then I rebooted my PC. I started up Firefox, and there were no ad pop ups. I started up IE, and there were no ad popups. So it appears that this worked.

Hope all that helps someone.


  1. This comment has been removed by the author.

  2. Hi Charles,

    I apologize the methods I mentioned in my article didn't work. I actually scanned the file with VirusTotal before running it, so luckily, I didn't have to go through the pains of uninstalling it. I'll update my article and add a link to your fix on my page.

    I wanted to give you a couple other recommendations as to how to prevent the installation of spyware/malware/adware and how to remove it if you do get infected. All the software below is freeware.

    First, you always want to have a virus scanner installed and running. Grisoft makes a completely free antivirus called AVG which anyone can download and use. It has free updates and does everything any other virus scanner will do, and it's completely free for life. Secondly, you want to always have a firewall running. If you have XP SP2 it comes with a built in firewall. Otherwise, ZoneAlarm makes a free firewall that works very well. Finally, you always want to keep your system patched and up to date using either Microsoft Update or AutoPatcher.

    There are also many good free anti-spyware solutions out there, such as Spybot, Adaware, and Windows Defender. Another good program I highly recommend is SpywareBlaster, which is essentially a program that doesn't have to be run in the background, but adds a list of unwanted and malicious sites to your blocklist in IE & Firefox, and prevents cookies from being accessed. All you do is update it every once and a while, and apply the protection and you're done. Be sure and keep all your security solutions up to date by checking for updates regularly.

    Anyway, I hope some of those suggestions help you and your readers to keep malicious software from getting installed on your machines in the future.

  3. I do use AVG and Windows Defender; I even scanned the file with AVG before I installed it. Unfortunately this one seems to be pretty sneaky.