Anyone having trouble with Spyware and CoolWWW
 

This spyware is a BITCH to yer system, its has killed my RAM and I have run many spyware programs to try and get to it.

I have had some help from BC members in trying to fix this problem and many thanks! Anyone have any sob stories or success stories on removing this spyware. Its a battle that I like to think I am winning.

I find it ironic that this spyware, hijacks your homepage, turns the about: blank page into ad central and popups an ad asking you to buy spyware removal software from the company that created the spyware...or something to that effect.

Very frustrating :x

Here is my last attempt for ya bud :lol:


http://www.soft32.com/download_19014.html

CWShredder
run it...
run that spysweeper i gave you
and follow up with spybot 1.3

it should be gone after that.

GOOD LUCK

Thanks...may have something on the go

http://www.askmehelpdesk.com/cgi-bin...num=1082096807

Ditto Jim, i'd shoot the hack who started this trend if we ever find them. :evil:
I've only been infected once on my AMD 98se machine, but Mrs. Geez's Celeron XP picks them up all the time. I'm never there when she's surfin', but i think she's picking them up when she tries to find audio files through KAAZA and the like. I run Adware and Spybot sd and catch most of them. IMesh is another sore spot.
Good Luck

I had it fixed last night, and now its back.. :?

DSO Exploit and CoolWWW no longer afflict me, CWSscanner and Spybot are no longer fixing the problem.

My 2nd last chance is to download a Windows XP patch, failing that, contacting Sol to help me with my XP Registry

It can be fixed... but it's tricky.

Download and update "ad-aware" by lavasoft.
Run a scan in safemode.

Then search for DLL files... sort by date.
(make sure you have view hidden & system files turned on)
Find the newest ones (they are probably 0kb and delete them.

That 'shoud' fix it... if it doesn't it may require some reg editting, but we can get into that later if needed.

Well I had it bad on both computers. I folowed a couple of fixes with cwshredder and hijackthis and adaware and spybot etc..etc... I even tried a reg fix and it screwed my system royally. I had to re-install windows to try and fix it and I may have to wipe my drive and re-install all my software.

Anyhow I got it fixed with get this

avg antivirus

I got the free version and have been rid of that crap for days now. You simply give them an email address on the avg site and they email you a link and the key for activation. Run it and you should be good. I still run adaware and spybot S&D all the time anyhow.

So far so good..thanks gents, we'll see how it is tomorrow

I think that program (Spybot) is just one big door for virus's and pop-ups. Once I downloaded it killed the performance of my computer and finally after I found 8 version's of the Sasser (which I found had come through Spybot).

Also, all those free download sites are no-no's here. Nothing but virus's being invited if you ask me (boy do I miss my free downloads, but they're not worth the time and effort spent removing all the virus's and spyware.

WARNING: Editing the Registry may cause system problems. Be sure to back up the Registry first and seek the help of a qualified professional before proceeding if you're not familiar or comfortable with this process. Read the through the links before doing anything. Use the following at your own risk.

--------------------------------------------------------

If any of you got, or get, the CoolWebSearch (CWS) Trojan or any of it's more than 22 variations...then you're in for a bit of work.

AdAware, CWSshredder, HiJack This and many others will not single handedly, or together, permanently remove this from your system. CWS sets a hidden Registry Key that will launch the program, or recreate it, anytime a window is opened.

This worked for me, I'm using Windows XP:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs

You have to remove this key. The value of this key may look blank for you, but it is not. They hide the value so you can't see it. This registry key tells Windows to load the trojan DLL every time ANY application is run giving it complete control to do whatever it wants. So you need to remove it so that the trojan DLL cannot load and keep re-infecting your pc.

The way to remove the registry key is not obvious. If you just delete it from regedit, since the trojan DLL is loaded, it will re-add it right back. (Try it. Delete the AppInit_DLLs registry key and hit F5. Notice that it's added right back by the trojan). So what you have to do is the following which worked for me.

1. Rename the HLM\Software\Microsoft\Windows NT\CurrentVersion\Windows folder to Windows2.
2. Now delete the AppInit_DLLs key under the Windows2 folder.
3. Hit F5 and notice that AppInit_DLLs doesn't come back.
4. Rename the Windows2 folder back to Windows.

Now that AppInit_DLLs is gone, run the latest Adaware 6 to remove the trojan for good. Reboot your machine. Check the registry and make sure AppInit_DLLs is still gone. Your computer should be free of this for good now."

You can find more info here;

http://www.computing.net/security/ww...rum/11527.html

http://forums.spywareinfo.com/index.php?showtopic=10007

Good luck!

Double post...sorry.

As an added note, any of you that had this, myself included, can attest that this is by far the most stubborn trojan in a long time.

Cheers,

Thank you Foghorn, for now its not hijacking my homepage but it if comes back then I will follow your instructions.

Damn trojans :cry:

Does anyone know how to get rid of the DSO exploit? I have spybot and adaware but I can't seem to get rid of it!

Yes

Ok update

I am so effin baffled right now

I managed to get a version of Adaware Professional the one you have ot pay for, anyway it ran a scan and found various registry errors, apparently the Pro version is supposed to fix it. Whatever.

Then I found out that Norton Anti Virus is as useful as a pimple on the ass.

So I got Trend Micro Virus Scanner, apparently its the "shit" Well, ran that, and it found TROJ. AC. Ok so I did some research on that lil pain in the butt. Turns out its malware that hijacks this and replicates that...anyway, I dont care, it wasnt the most up to date version so I couldnt get the patch to clean this new virus. SO! it gave me other instructions on how to fix the Regedit. So I did that...nothing...not an effing thing. So I ran a few more scans and it sez its all clean.

And I get....
https://img30.photobucket.com/albums.../Jimbo/xxx.jpg

This was the fix that I tried as a last resort and I am truely sorry I did that. It completetly screwed my system. All my programs are screwed and are missing from the add remove program list. Also I lost the listing of my programs on my system when I go to all programs in Win XP.

If anyone tries it, good luck.

I have a few programs listed that I use then finally downloaded the AVG antivirus and it cleaned it all up for me. Norton didn't find any of it.

This is the program I had to use to get rid of my friends about:blank issue
and it worked....did this and spybot 1.3'd the system and it is all gone

CWShredder
http://www.soft32.com/download_19014.html

Spybot 1.3
www.safer-networking.org/
alternate download
http://www.download.com/3000-8022-10122137.html

We tried that already. I needed to go higher...

Dealing with some major issues here :?

Same here I could run those programs and a couple minutes later it was all back. I used about 4 -5 different programs in combination to do the job.

Time to live life with Mozilla...

Effin the Effin IE

We'll see how this goes :?

well if you all would use an antivirus an firewall an not just go downloading anything you woudlnt have theses issues :lol: but seriously now, they tell you to make backups of the registry if you make changes an all that for a reason as for any files you delete, many antivirus an firewalls are coming out with some sorta spyware blocker/detector personally I use outpost firewall it might not have a spyware feature but it has enough others an plug ins to use to make it worth a try

The instructions above would have nothing to do with programs listed in the ADD/REMOVE Programs List. The Key mentioned only would have one hidden entry. Any problems you are experiencing in Windows is not related to this Key.

When using AdAware, be sure to check their support page for the proper scan settings;

http://www.lavahelp.com/howto/fullscan/index.html

Cheers,

I would have to disagree strongly since that was the one and only key I deleted and after that my system was screwed.

I came to find out after that I was not the only one that had that problem. They also deleted the one key and the system was screwed.

But I figured I would try it since all the other fixes didn't do anything for me, this was the first one that I tried that I would have to get into regedit for, ( I ususally try and not play in the registry unless I really have to and in this case the problem hides itself in there.).


So what you are saying then is that anyone that tries your fix and screws up their system after reading this, YOU are now solely responsible for it.

I am trying to warn people that there is more to it than you think. But if you insist that there isn't and they screw up their system then you SHOULD be held responsible since you say it will not do anything.

Anytime you play with the registry you can cause some damadge so that is why I DO NOT post ANY instructions on playing with it.

Sorry to hear this solution didn't work for you. As you mention, editing the Registry should be done with care and regular back ups are a good precaution.

In your earlier post you mentioned you had edited the Registry before me having posted on this issue. Was this the same instruction or something else?

I offered a solution that has been widely tested and if you had taken the time to read through the 2 links I provided, you would have had a very good appreciation of the mechanics involved and the reasons for this approach.

I know this solution works because I have done it on 2 computers. I spent a great deal of time researching a fix and I read many instructions very carefully. I have checked 5 Windows XP systems and 2 Windows 2000 systems, all of them contain the key mentioned earlier and none of them have any values set normally, only a hidden value for CWS.

To be sure appropriate care and attention is given this matter, in case it's not obvious, I will edit my earlier post to include a warning when editing the Registry. I'm sorry you feel I am responsible for your troubles in offering a known solution.

Cheers,

It was on the same forums that I found the same fix for the same problem. The links you provided are the same that I read but I also found others. I spent a couple weeks fighting this annoying virus/redirect. I edited my reg before your post but like I said it was the same instructions. I don't have a link at this time for the people that had problems with that fix. If I find it I will show you.

I just want people to have that warning before they jump on that as a fix and expect it to run smoothly without any problems.

Weirdly enough both my XP systems had the same problem and after having my main system screw up with that fix I looked for another alternative for my laptop. That is when I found on one forum that they ran AVG and it fixed it. So basically I used Adaware, spybot S&D, cwshredder, hijackthis, along with AVG antivirus ( free version) and it has been great for almost a week now. I had no need to get into my reg on my laptop to solve it.

Now on Jim's computer he tried to go to the AVG antivirus website and get the free download Adan when he runs it, it tries to re-install Norton antivirus, so I am guessing that Jim may have other issues also.


So for all those still having this annoying, aggravating problem, try those programs mentioned ( all free) along with the AVG antivirus ( free version). It is worth a shot before you go and play in the reg.

I also used to run Norton on both those systems and it never found a thing so I agree with Jim that Norton basically sux, LOL.