Anyone having trouble with Spyware and CoolWWW
#1
Senior Member
Expert Gearhead
Thread Starter
Anyone having trouble with Spyware and CoolWWW
This spyware is a BITCH to yer system, its has killed my RAM and I have run many spyware programs to try and get to it.
I have had some help from BC members in trying to fix this problem and many thanks! Anyone have any sob stories or success stories on removing this spyware. Its a battle that I like to think I am winning.
I find it ironic that this spyware, hijacks your homepage, turns the about: blank page into ad central and popups an ad asking you to buy spyware removal software from the company that created the spyware...or something to that effect.
Very frustrating
I have had some help from BC members in trying to fix this problem and many thanks! Anyone have any sob stories or success stories on removing this spyware. Its a battle that I like to think I am winning.
I find it ironic that this spyware, hijacks your homepage, turns the about: blank page into ad central and popups an ad asking you to buy spyware removal software from the company that created the spyware...or something to that effect.
Very frustrating
#2
Senior Member
Posts like a Northstar
Join Date: Oct 2003
Location: RI
Posts: 692
Likes: 0
Received 0 Likes
on
0 Posts
Here is my last attempt for ya bud
http://www.soft32.com/download_19014.html
CWShredder
run it...
run that spysweeper i gave you
and follow up with spybot 1.3
it should be gone after that.
GOOD LUCK
http://www.soft32.com/download_19014.html
CWShredder
run it...
run that spysweeper i gave you
and follow up with spybot 1.3
it should be gone after that.
GOOD LUCK
#3
Senior Member
Expert Gearhead
Thread Starter
#4
Member
Posts like a V-Tak
Join Date: Jun 2004
Location: Herrin, South Illinois
Posts: 88
Likes: 0
Received 0 Likes
on
0 Posts
Originally Posted by JimW
This spyware is a B**** to yer system, its has killed my RAM and I have run many spyware programs to try and get to it.
I've only been infected once on my AMD 98se machine, but Mrs. Geez'* Celeron XP picks them up all the time. I'm never there when she'* surfin', but i think she'* picking them up when she tries to find audio files through KAAZA and the like. I run Adware and Spybot sd and catch most of them. IMesh is another sore spot.
Good Luck
#5
Senior Member
Expert Gearhead
Thread Starter
I had it fixed last night, and now its back.. :?
DSO Exploit and CoolWWW no longer afflict me, CWSscanner and Spybot are no longer fixing the problem.
My 2nd last chance is to download a Windows XP patch, failing that, contacting Sol to help me with my XP Registry
DSO Exploit and CoolWWW no longer afflict me, CWSscanner and Spybot are no longer fixing the problem.
My 2nd last chance is to download a Windows XP patch, failing that, contacting Sol to help me with my XP Registry
#6
Senior Member
True Car Nut
Join Date: Dec 2002
Location: Halifax, Canada 91SSE / 97SSEi
Posts: 5,857
Likes: 0
Received 0 Likes
on
0 Posts
It can be fixed... but it'* tricky.
Download and update "ad-aware" by lavasoft.
Run a scan in safemode.
Then search for DLL files... sort by date.
(make sure you have view hidden & system files turned on)
Find the newest ones (they are probably 0kb and delete them.
That 'shoud' fix it... if it doesn't it may require some reg editting, but we can get into that later if needed.
Download and update "ad-aware" by lavasoft.
Run a scan in safemode.
Then search for DLL files... sort by date.
(make sure you have view hidden & system files turned on)
Find the newest ones (they are probably 0kb and delete them.
That 'shoud' fix it... if it doesn't it may require some reg editting, but we can get into that later if needed.
#7
Well I had it bad on both computers. I folowed a couple of fixes with cwshredder and hijackthis and adaware and spybot etc..etc... I even tried a reg fix and it screwed my system royally. I had to re-install windows to try and fix it and I may have to wipe my drive and re-install all my software.
Anyhow I got it fixed with get this
avg antivirus
I got the free version and have been rid of that crap for days now. You simply give them an email address on the avg site and they email you a link and the key for activation. Run it and you should be good. I still run adaware and spybot *&D all the time anyhow.
Anyhow I got it fixed with get this
avg antivirus
I got the free version and have been rid of that crap for days now. You simply give them an email address on the avg site and they email you a link and the key for activation. Run it and you should be good. I still run adaware and spybot *&D all the time anyhow.
#9
Senior Member
True Car Nut
Join Date: Dec 2002
Location: Sauk Centre, MN
Posts: 5,459
Likes: 0
Received 0 Likes
on
0 Posts
I think that program (Spybot) is just one big door for virus'* and pop-ups. Once I downloaded it killed the performance of my computer and finally after I found 8 version'* of the Sasser (which I found had come through Spybot).
Also, all those free download sites are no-no'* here. Nothing but virus'* being invited if you ask me (boy do I miss my free downloads, but they're not worth the time and effort spent removing all the virus'* and spyware.
Also, all those free download sites are no-no'* here. Nothing but virus'* being invited if you ask me (boy do I miss my free downloads, but they're not worth the time and effort spent removing all the virus'* and spyware.
#10
Senior Member
Posts like a Corvette
Join Date: Jan 2004
Location: Montréal, QC
Posts: 1,374
Likes: 0
Received 0 Likes
on
0 Posts
WARNING: Editing the Registry may cause system problems. Be sure to back up the Registry first and seek the help of a qualified professional before proceeding if you're not familiar or comfortable with this process. Read the through the links before doing anything. Use the following at your own risk.
--------------------------------------------------------
If any of you got, or get, the CoolWebSearch (CWS) Trojan or any of it'* more than 22 variations...then you're in for a bit of work.
AdAware, CWSshredder, HiJack This and many others will not single handedly, or together, permanently remove this from your system. CWS sets a hidden Registry Key that will launch the program, or recreate it, anytime a window is opened.
This worked for me, I'm using Windows XP:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs
You have to remove this key. The value of this key may look blank for you, but it is not. They hide the value so you can't see it. This registry key tells Windows to load the trojan DLL every time ANY application is run giving it complete control to do whatever it wants. So you need to remove it so that the trojan DLL cannot load and keep re-infecting your pc.
The way to remove the registry key is not obvious. If you just delete it from regedit, since the trojan DLL is loaded, it will re-add it right back. (Try it. Delete the AppInit_DLLs registry key and hit F5. Notice that it'* added right back by the trojan). So what you have to do is the following which worked for me.
1. Rename the HLM\Software\Microsoft\Windows NT\CurrentVersion\Windows folder to Windows2.
2. Now delete the AppInit_DLLs key under the Windows2 folder.
3. Hit F5 and notice that AppInit_DLLs doesn't come back.
4. Rename the Windows2 folder back to Windows.
Now that AppInit_DLLs is gone, run the latest Adaware 6 to remove the trojan for good. Reboot your machine. Check the registry and make sure AppInit_DLLs is still gone. Your computer should be free of this for good now."
You can find more info here;
http://www.computing.net/security/ww...rum/11527.html
http://forums.spywareinfo.com/index.php?showtopic=10007
Good luck!
--------------------------------------------------------
If any of you got, or get, the CoolWebSearch (CWS) Trojan or any of it'* more than 22 variations...then you're in for a bit of work.
AdAware, CWSshredder, HiJack This and many others will not single handedly, or together, permanently remove this from your system. CWS sets a hidden Registry Key that will launch the program, or recreate it, anytime a window is opened.
This worked for me, I'm using Windows XP:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs
You have to remove this key. The value of this key may look blank for you, but it is not. They hide the value so you can't see it. This registry key tells Windows to load the trojan DLL every time ANY application is run giving it complete control to do whatever it wants. So you need to remove it so that the trojan DLL cannot load and keep re-infecting your pc.
The way to remove the registry key is not obvious. If you just delete it from regedit, since the trojan DLL is loaded, it will re-add it right back. (Try it. Delete the AppInit_DLLs registry key and hit F5. Notice that it'* added right back by the trojan). So what you have to do is the following which worked for me.
1. Rename the HLM\Software\Microsoft\Windows NT\CurrentVersion\Windows folder to Windows2.
2. Now delete the AppInit_DLLs key under the Windows2 folder.
3. Hit F5 and notice that AppInit_DLLs doesn't come back.
4. Rename the Windows2 folder back to Windows.
Now that AppInit_DLLs is gone, run the latest Adaware 6 to remove the trojan for good. Reboot your machine. Check the registry and make sure AppInit_DLLs is still gone. Your computer should be free of this for good now."
You can find more info here;
http://www.computing.net/security/ww...rum/11527.html
http://forums.spywareinfo.com/index.php?showtopic=10007
Good luck!