Anyone having trouble with Spyware and CoolWWW - Page 2 - GM Forum - Buick, Cadillac, Chev, Olds, GMC & Pontiac chat


Lounge For casual talk about things unrelated to General Motors. In other words, off-topic stuff. And anything else that does not fit Section Description.

Reply
 
 
 
Thread Tools Search this Thread
Old 07-04-2004, 06:23 PM   #11
Senior Member
Posts like a Corvette
 
Join Date: Jan 2004
Location: Montréal, QC
Posts: 1,374
Thanks: 0
Thanked 0 Times in 0 Posts
Foghorn is on a distinguished road
Default

Double post...sorry.

As an added note, any of you that had this, myself included, can attest that this is by far the most stubborn trojan in a long time.

Cheers,
Foghorn is offline   Reply With Quote
Old 07-04-2004, 06:24 PM   #12
Senior Member
Expert Gearhead
Thread Starter
 
Join Date: Dec 2002
Location: Mississauga, Ontario
Posts: 20,892
Thanks: 0
Thanked 1 Time in 1 Post
Jim W is on a distinguished road
Default

Thank you Foghorn, for now its not hijacking my homepage but it if comes back then I will follow your instructions.

Damn trojans
Jim W is offline   Reply With Quote
Old 07-04-2004, 08:06 PM   #13
Member
Posts like a V-Tak
 
Join Date: Feb 2003
Location: Detroit, MI
Posts: 57
Thanks: 0
Thanked 0 Times in 0 Posts
rjkbills12 is on a distinguished road
Default

Does anyone know how to get rid of the DSO exploit? I have spybot and adaware but I can't seem to get rid of it!
rjkbills12 is offline   Reply With Quote
Old 07-05-2004, 12:01 AM   #14
Senior Member
Expert Gearhead
Thread Starter
 
Join Date: Dec 2002
Location: Mississauga, Ontario
Posts: 20,892
Thanks: 0
Thanked 1 Time in 1 Post
Jim W is on a distinguished road
Default

Yes

Quote:
If all your critical updates are installed you are protected against DSO Exploit and the finding in Spybot is just a nuisance. Eliminate this by doing the following:

1 Open Spybot and select 'advanced' mode.
2 Select 'settings' in the left column.
3 Select 'ignore product' in the left column.
4 Select 'security' tab.
5 Place check mark in box beside DSO Exploit.
6 Close program
7 Open Spybot and run a scan.

You will find that DSO Exploit has been eliminated and if your computer does not harbour any other spyware you will see a congratulatory message.
Jim W is offline   Reply With Quote
Old 07-05-2004, 12:12 AM   #15
Senior Member
Expert Gearhead
Thread Starter
 
Join Date: Dec 2002
Location: Mississauga, Ontario
Posts: 20,892
Thanks: 0
Thanked 1 Time in 1 Post
Jim W is on a distinguished road
Default

Ok update

I am so effin baffled right now

I managed to get a version of Adaware Professional the one you have ot pay for, anyway it ran a scan and found various registry errors, apparently the Pro version is supposed to fix it. Whatever.

Then I found out that Norton Anti Virus is as useful as a pimple on the ***.

So I got Trend Micro Virus Scanner, apparently its the "****" Well, ran that, and it found TROJ. AC. Ok so I did some research on that lil pain in the butt. Turns out its malware that hijacks this and replicates that...anyway, I dont care, it wasnt the most up to date version so I couldnt get the patch to clean this new virus. SO! it gave me other instructions on how to fix the Regedit. So I did that...nothing...not an effing thing. So I ran a few more scans and it sez its all clean.

And I get....
Jim W is offline   Reply With Quote
Old 07-05-2004, 12:13 AM   #16
Senior Member
True Car Nut
 
Join Date: May 2002
Posts: 2,936
Thanks: 0
Thanked 0 Times in 0 Posts
sse1990 is on a distinguished road
Default

Quote:
Originally Posted by Foghorn
If any of you got, or get, the CoolWebSearch (CWS) Trojan or any of it'* more than 22 variations...then you're in for a bit of work.

AdAware, CWSshredder, HiJack This and many others will not single handedly, or together, permanently remove this from your system. CWS sets a hidden Registry Key that will launch the program, or recreate it, anytime a window is opened.

This worked for me, I'm using Windows XP:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs

You have to remove this key. The value of this key may look blank for you, but it is not. They hide the value so you can't see it. This registry key tells Windows to load the trojan DLL every time ANY application is run giving it complete control to do whatever it wants. So you need to remove it so that the trojan DLL cannot load and keep re-infecting your pc.

The way to remove the registry key is not obvious. If you just delete it from regedit, since the trojan DLL is loaded, it will re-add it right back. (Try it. Delete the AppInit_DLLs registry key and hit F5. Notice that it'* added right back by the trojan). So what you have to do is the following which worked for me.

1. Rename the HLM\Software\Microsoft\Windows NT\CurrentVersion\Windows folder to Windows2.
2. Now delete the AppInit_DLLs key under the Windows2 folder.
3. Hit F5 and notice that AppInit_DLLs doesn't come back.
4. Rename the Windows2 folder back to Windows.

Now that AppInit_DLLs is gone, run the latest Adaware 6 to remove the trojan for good. Reboot your machine. Check the registry and make sure AppInit_DLLs is still gone. Your computer should be free of this for good now."

You can find more info here;

http://www.computing.net/security/ww...rum/11527.html

http://forums.spywareinfo.com/index.php?showtopic=10007

Good luck!

This was the fix that I tried as a last resort and I am truely sorry I did that. It completetly screwed my system. All my programs are screwed and are missing from the add remove program list. Also I lost the listing of my programs on my system when I go to all programs in Win XP.

If anyone tries it, good luck.

I have a few programs listed that I use then finally downloaded the AVG antivirus and it cleaned it all up for me. Norton didn't find any of it.
sse1990 is offline   Reply With Quote
Old 07-05-2004, 12:25 AM   #17
Senior Member
Posts like a Northstar
 
Join Date: Oct 2003
Location: RI
Posts: 692
Thanks: 0
Thanked 0 Times in 0 Posts
givemebreak is on a distinguished road
Default

This is the program I had to use to get rid of my friends about:blank issue
and it worked....did this and spybot 1.3'd the system and it is all gone

CWShredder
http://www.soft32.com/download_19014.html

Spybot 1.3
www.safer-networking.org/
alternate download
http://www.download.com/3000-8022-10122137.html
givemebreak is offline   Reply With Quote
Old 07-05-2004, 12:29 AM   #18
Senior Member
Expert Gearhead
Thread Starter
 
Join Date: Dec 2002
Location: Mississauga, Ontario
Posts: 20,892
Thanks: 0
Thanked 1 Time in 1 Post
Jim W is on a distinguished road
Default

We tried that already. I needed to go higher...

Dealing with some major issues here
Jim W is offline   Reply With Quote
Old 07-05-2004, 12:40 AM   #19
Senior Member
True Car Nut
 
Join Date: May 2002
Posts: 2,936
Thanks: 0
Thanked 0 Times in 0 Posts
sse1990 is on a distinguished road
Default

Same here I could run those programs and a couple minutes later it was all back. I used about 4 -5 different programs in combination to do the job.
sse1990 is offline   Reply With Quote
Old 07-05-2004, 01:00 AM   #20
Senior Member
Expert Gearhead
Thread Starter
 
Join Date: Dec 2002
Location: Mississauga, Ontario
Posts: 20,892
Thanks: 0
Thanked 1 Time in 1 Post
Jim W is on a distinguished road
Default

Time to live life with Mozilla...

Effin the Effin IE

We'll see how this goes
Jim W is offline   Reply With Quote
 
 
Reply

Related Topics
Thread Thread Starter Forum Replies Last Post
Having some trouble finding a chrome air box and GymJunkie Detailing & Appearance 3 12-10-2014 08:08 AM
Trouble, trouble, trouble jbmark33 2000-2005 25 05-22-2007 10:11 PM
COMPUTER people...Spyware/parasites/trojan horses.....etc bonnie94ssei Lounge 22 10-03-2004 06:53 AM
Gah! Help with Spyware Jim W Lounge 14 06-27-2004 12:39 PM
Gator not SpyWare? MOS95B Lounge 6 10-25-2003 04:07 PM


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -4. The time now is 02:50 AM.


We are a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for us to earn fees by linking to Amazon.com and affiliated sites.