Anyone having trouble with Spyware and CoolWWW
07-04-2004, 05:23 PM
#11
Senior Member
Posts like a Corvette
Join Date: Jan 2004
Location: Montréal, QC
Posts: 1,374
Likes: 0
Received 0 Likes
on
0 Posts
Double post...sorry.
As an added note, any of you that had this, myself included, can attest that this is by far the most stubborn trojan in a long time.
Cheers,
As an added note, any of you that had this, myself included, can attest that this is by far the most stubborn trojan in a long time.
Cheers,
07-04-2004, 05:24 PM
#12
Senior Member
Expert Gearhead
Thread Starter
Thank you Foghorn, for now its not hijacking my homepage but it if comes back then I will follow your instructions.
Damn trojans
Damn trojans
07-04-2004, 11:01 PM
#14
Senior Member
Expert Gearhead
Thread Starter
Yes
If all your critical updates are installed you are protected against DSO Exploit and the finding in Spybot is just a nuisance. Eliminate this by doing the following:
1 Open Spybot and select 'advanced' mode.
2 Select 'settings' in the left column.
3 Select 'ignore product' in the left column.
4 Select 'security' tab.
5 Place check mark in box beside DSO Exploit.
6 Close program
7 Open Spybot and run a scan.
You will find that DSO Exploit has been eliminated and if your computer does not harbour any other spyware you will see a congratulatory message.
1 Open Spybot and select 'advanced' mode.
2 Select 'settings' in the left column.
3 Select 'ignore product' in the left column.
4 Select 'security' tab.
5 Place check mark in box beside DSO Exploit.
6 Close program
7 Open Spybot and run a scan.
You will find that DSO Exploit has been eliminated and if your computer does not harbour any other spyware you will see a congratulatory message.
07-04-2004, 11:12 PM
#15
Senior Member
Expert Gearhead
Thread Starter
Ok update
I am so effin baffled right now
I managed to get a version of Adaware Professional the one you have ot pay for, anyway it ran a scan and found various registry errors, apparently the Pro version is supposed to fix it. Whatever.
Then I found out that Norton Anti Virus is as useful as a pimple on the ***.
So I got Trend Micro Virus Scanner, apparently its the "****" Well, ran that, and it found TROJ. AC. Ok so I did some research on that lil pain in the butt. Turns out its malware that hijacks this and replicates that...anyway, I dont care, it wasnt the most up to date version so I couldnt get the patch to clean this new virus. SO! it gave me other instructions on how to fix the Regedit. So I did that...nothing...not an effing thing. So I ran a few more scans and it sez its all clean.
And I get....
I am so effin baffled right now
I managed to get a version of Adaware Professional the one you have ot pay for, anyway it ran a scan and found various registry errors, apparently the Pro version is supposed to fix it. Whatever.
Then I found out that Norton Anti Virus is as useful as a pimple on the ***.
So I got Trend Micro Virus Scanner, apparently its the "****" Well, ran that, and it found TROJ. AC. Ok so I did some research on that lil pain in the butt. Turns out its malware that hijacks this and replicates that...anyway, I dont care, it wasnt the most up to date version so I couldnt get the patch to clean this new virus. SO! it gave me other instructions on how to fix the Regedit. So I did that...nothing...not an effing thing. So I ran a few more scans and it sez its all clean.
And I get....
07-04-2004, 11:13 PM
#16
Senior Member
True Car Nut
Join Date: May 2002
Posts: 2,936
Likes: 0
Received 0 Likes
on
0 Posts
Originally Posted by Foghorn
If any of you got, or get, the CoolWebSearch (CWS) Trojan or any of it'* more than 22 variations...then you're in for a bit of work.
AdAware, CWSshredder, HiJack This and many others will not single handedly, or together, permanently remove this from your system. CWS sets a hidden Registry Key that will launch the program, or recreate it, anytime a window is opened.
This worked for me, I'm using Windows XP:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs
You have to remove this key. The value of this key may look blank for you, but it is not. They hide the value so you can't see it. This registry key tells Windows to load the trojan DLL every time ANY application is run giving it complete control to do whatever it wants. So you need to remove it so that the trojan DLL cannot load and keep re-infecting your pc.
The way to remove the registry key is not obvious. If you just delete it from regedit, since the trojan DLL is loaded, it will re-add it right back. (Try it. Delete the AppInit_DLLs registry key and hit F5. Notice that it'* added right back by the trojan). So what you have to do is the following which worked for me.
1. Rename the HLM\Software\Microsoft\Windows NT\CurrentVersion\Windows folder to Windows2.
2. Now delete the AppInit_DLLs key under the Windows2 folder.
3. Hit F5 and notice that AppInit_DLLs doesn't come back.
4. Rename the Windows2 folder back to Windows.
Now that AppInit_DLLs is gone, run the latest Adaware 6 to remove the trojan for good. Reboot your machine. Check the registry and make sure AppInit_DLLs is still gone. Your computer should be free of this for good now."
You can find more info here;
http://www.computing.net/security/ww...rum/11527.html
http://forums.spywareinfo.com/index.php?showtopic=10007
Good luck!
AdAware, CWSshredder, HiJack This and many others will not single handedly, or together, permanently remove this from your system. CWS sets a hidden Registry Key that will launch the program, or recreate it, anytime a window is opened.
This worked for me, I'm using Windows XP:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs
You have to remove this key. The value of this key may look blank for you, but it is not. They hide the value so you can't see it. This registry key tells Windows to load the trojan DLL every time ANY application is run giving it complete control to do whatever it wants. So you need to remove it so that the trojan DLL cannot load and keep re-infecting your pc.
The way to remove the registry key is not obvious. If you just delete it from regedit, since the trojan DLL is loaded, it will re-add it right back. (Try it. Delete the AppInit_DLLs registry key and hit F5. Notice that it'* added right back by the trojan). So what you have to do is the following which worked for me.
1. Rename the HLM\Software\Microsoft\Windows NT\CurrentVersion\Windows folder to Windows2.
2. Now delete the AppInit_DLLs key under the Windows2 folder.
3. Hit F5 and notice that AppInit_DLLs doesn't come back.
4. Rename the Windows2 folder back to Windows.
Now that AppInit_DLLs is gone, run the latest Adaware 6 to remove the trojan for good. Reboot your machine. Check the registry and make sure AppInit_DLLs is still gone. Your computer should be free of this for good now."
You can find more info here;
http://www.computing.net/security/ww...rum/11527.html
http://forums.spywareinfo.com/index.php?showtopic=10007
Good luck!
This was the fix that I tried as a last resort and I am truely sorry I did that. It completetly screwed my system. All my programs are screwed and are missing from the add remove program list. Also I lost the listing of my programs on my system when I go to all programs in Win XP.
If anyone tries it, good luck.
I have a few programs listed that I use then finally downloaded the AVG antivirus and it cleaned it all up for me. Norton didn't find any of it.
07-04-2004, 11:25 PM
#17
Senior Member
Posts like a Northstar
Join Date: Oct 2003
Location: RI
Posts: 692
Likes: 0
Received 0 Likes
on
0 Posts
This is the program I had to use to get rid of my friends about:blank issue
and it worked....did this and spybot 1.3'd the system and it is all gone
CWShredder
http://www.soft32.com/download_19014.html
Spybot 1.3
www.safer-networking.org/
alternate download
http://www.download.com/3000-8022-10122137.html
and it worked....did this and spybot 1.3'd the system and it is all gone
CWShredder
http://www.soft32.com/download_19014.html
Spybot 1.3
www.safer-networking.org/
alternate download
http://www.download.com/3000-8022-10122137.html