Anyone having trouble with Spyware and CoolWWW
07-05-2004, 12:00 AM
#21
Senior Member
Posts like a Northstar
Join Date: Jan 2004
Location: Kansas - yet again...
Posts: 652
Likes: 0
Received 0 Likes
on
0 Posts
well if you all would use an antivirus an firewall an not just go downloading anything you woudlnt have theses issues 
but seriously now, they tell you to make backups of the registry if you make changes an all that for a reason as for any files you delete, many antivirus an firewalls are coming out with some sorta spyware blocker/detector personally I use outpost firewall it might not have a spyware feature but it has enough others an plug ins to use to make it worth a try
but seriously now, they tell you to make backups of the registry if you make changes an all that for a reason as for any files you delete, many antivirus an firewalls are coming out with some sorta spyware blocker/detector personally I use outpost firewall it might not have a spyware feature but it has enough others an plug ins to use to make it worth a try
07-05-2004, 10:12 AM
#22
Senior Member
Posts like a Corvette
Join Date: Jan 2004
Location: Montréal, QC
Posts: 1,374
Likes: 0
Received 0 Likes
on
0 Posts
Originally Posted by sse1990
Originally Posted by Foghorn
If any of you got, or get, the CoolWebSearch (CWS) Trojan or any of it'* more than 22 variations...then you're in for a bit of work.
AdAware, CWSshredder, HiJack This and many others will not single handedly, or together, permanently remove this from your system. CWS sets a hidden Registry Key that will launch the program, or recreate it, anytime a window is opened.
This worked for me, I'm using Windows XP:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs
You have to remove this key. The value of this key may look blank for you, but it is not. They hide the value so you can't see it. This registry key tells Windows to load the trojan DLL every time ANY application is run giving it complete control to do whatever it wants. So you need to remove it so that the trojan DLL cannot load and keep re-infecting your pc.
The way to remove the registry key is not obvious. If you just delete it from regedit, since the trojan DLL is loaded, it will re-add it right back. (Try it. Delete the AppInit_DLLs registry key and hit F5. Notice that it'* added right back by the trojan). So what you have to do is the following which worked for me.
1. Rename the HLM\Software\Microsoft\Windows NT\CurrentVersion\Windows folder to Windows2.
2. Now delete the AppInit_DLLs key under the Windows2 folder.
3. Hit F5 and notice that AppInit_DLLs doesn't come back.
4. Rename the Windows2 folder back to Windows.
Now that AppInit_DLLs is gone, run the latest Adaware 6 to remove the trojan for good. Reboot your machine. Check the registry and make sure AppInit_DLLs is still gone. Your computer should be free of this for good now."
You can find more info here;
http://www.computing.net/security/ww...rum/11527.html
http://forums.spywareinfo.com/index.php?showtopic=10007
Good luck!
AdAware, CWSshredder, HiJack This and many others will not single handedly, or together, permanently remove this from your system. CWS sets a hidden Registry Key that will launch the program, or recreate it, anytime a window is opened.
This worked for me, I'm using Windows XP:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs
You have to remove this key. The value of this key may look blank for you, but it is not. They hide the value so you can't see it. This registry key tells Windows to load the trojan DLL every time ANY application is run giving it complete control to do whatever it wants. So you need to remove it so that the trojan DLL cannot load and keep re-infecting your pc.
The way to remove the registry key is not obvious. If you just delete it from regedit, since the trojan DLL is loaded, it will re-add it right back. (Try it. Delete the AppInit_DLLs registry key and hit F5. Notice that it'* added right back by the trojan). So what you have to do is the following which worked for me.
1. Rename the HLM\Software\Microsoft\Windows NT\CurrentVersion\Windows folder to Windows2.
2. Now delete the AppInit_DLLs key under the Windows2 folder.
3. Hit F5 and notice that AppInit_DLLs doesn't come back.
4. Rename the Windows2 folder back to Windows.
Now that AppInit_DLLs is gone, run the latest Adaware 6 to remove the trojan for good. Reboot your machine. Check the registry and make sure AppInit_DLLs is still gone. Your computer should be free of this for good now."
You can find more info here;
http://www.computing.net/security/ww...rum/11527.html
http://forums.spywareinfo.com/index.php?showtopic=10007
Good luck!
This was the fix that I tried as a last resort and I am truely sorry I did that. It completetly screwed my system. All my programs are screwed and are missing from the add remove program list. Also I lost the listing of my programs on my system when I go to all programs in Win XP.
If anyone tries it, good luck.
I have a few programs listed that I use then finally downloaded the AVG antivirus and it cleaned it all up for me. Norton didn't find any of it.
When using AdAware, be sure to check their support page for the proper scan settings;
http://www.lavahelp.com/howto/fullscan/index.html
Cheers,
07-05-2004, 10:27 AM
#23
Senior Member
True Car Nut
Join Date: May 2002
Posts: 2,936
Likes: 0
Received 0 Likes
on
0 Posts
I would have to disagree strongly since that was the one and only key I deleted and after that my system was screwed.
I came to find out after that I was not the only one that had that problem. They also deleted the one key and the system was screwed.
But I figured I would try it since all the other fixes didn't do anything for me, this was the first one that I tried that I would have to get into regedit for, ( I ususally try and not play in the registry unless I really have to and in this case the problem hides itself in there.).
So what you are saying then is that anyone that tries your fix and screws up their system after reading this, YOU are now solely responsible for it.
I am trying to warn people that there is more to it than you think. But if you insist that there isn't and they screw up their system then you SHOULD be held responsible since you say it will not do anything.
Anytime you play with the registry you can cause some damadge so that is why I DO NOT post ANY instructions on playing with it.
I came to find out after that I was not the only one that had that problem. They also deleted the one key and the system was screwed.
But I figured I would try it since all the other fixes didn't do anything for me, this was the first one that I tried that I would have to get into regedit for, ( I ususally try and not play in the registry unless I really have to and in this case the problem hides itself in there.).
So what you are saying then is that anyone that tries your fix and screws up their system after reading this, YOU are now solely responsible for it.
I am trying to warn people that there is more to it than you think. But if you insist that there isn't and they screw up their system then you SHOULD be held responsible since you say it will not do anything.
Anytime you play with the registry you can cause some damadge so that is why I DO NOT post ANY instructions on playing with it.
07-05-2004, 11:56 AM
#24
Senior Member
Posts like a Corvette
Join Date: Jan 2004
Location: Montréal, QC
Posts: 1,374
Likes: 0
Received 0 Likes
on
0 Posts
Originally Posted by sse1990
I would have to disagree strongly since that was the one and only key I deleted and after that my system was screwed.
I came to find out after that I was not the only one that had that problem. They also deleted the one key and the system was screwed.
But I figured I would try it since all the other fixes didn't do anything for me, this was the first one that I tried that I would have to get into regedit for, ( I ususally try and not play in the registry unless I really have to and in this case the problem hides itself in there.).
So what you are saying then is that anyone that tries your fix and screws up their system after reading this, YOU are now solely responsible for it.
I am trying to warn people that there is more to it than you think. But if you insist that there isn't and they screw up their system then you SHOULD be held responsible since you say it will not do anything.
Anytime you play with the registry you can cause some damadge so that is why I DO NOT post ANY instructions on playing with it.
I came to find out after that I was not the only one that had that problem. They also deleted the one key and the system was screwed.
But I figured I would try it since all the other fixes didn't do anything for me, this was the first one that I tried that I would have to get into regedit for, ( I ususally try and not play in the registry unless I really have to and in this case the problem hides itself in there.).
So what you are saying then is that anyone that tries your fix and screws up their system after reading this, YOU are now solely responsible for it.
I am trying to warn people that there is more to it than you think. But if you insist that there isn't and they screw up their system then you SHOULD be held responsible since you say it will not do anything.
Anytime you play with the registry you can cause some damadge so that is why I DO NOT post ANY instructions on playing with it.
In your earlier post you mentioned you had edited the Registry before me having posted on this issue. Was this the same instruction or something else?
I offered a solution that has been widely tested and if you had taken the time to read through the 2 links I provided, you would have had a very good appreciation of the mechanics involved and the reasons for this approach.
I know this solution works because I have done it on 2 computers. I spent a great deal of time researching a fix and I read many instructions very carefully. I have checked 5 Windows XP systems and 2 Windows 2000 systems, all of them contain the key mentioned earlier and none of them have any values set normally, only a hidden value for CWS.
To be sure appropriate care and attention is given this matter, in case it'* not obvious, I will edit my earlier post to include a warning when editing the Registry. I'm sorry you feel I am responsible for your troubles in offering a known solution.
Cheers,
07-05-2004, 08:27 PM
#25
Senior Member
True Car Nut
Join Date: May 2002
Posts: 2,936
Likes: 0
Received 0 Likes
on
0 Posts
It was on the same forums that I found the same fix for the same problem. The links you provided are the same that I read but I also found others. I spent a couple weeks fighting this annoying virus/redirect. I edited my reg before your post but like I said it was the same instructions. I don't have a link at this time for the people that had problems with that fix. If I find it I will show you.
I just want people to have that warning before they jump on that as a fix and expect it to run smoothly without any problems.
Weirdly enough both my XP systems had the same problem and after having my main system screw up with that fix I looked for another alternative for my laptop. That is when I found on one forum that they ran AVG and it fixed it. So basically I used Adaware, spybot *&D, cwshredder, hijackthis, along with AVG antivirus ( free version) and it has been great for almost a week now. I had no need to get into my reg on my laptop to solve it.
Now on Jim'* computer he tried to go to the AVG antivirus website and get the free download Adan when he runs it, it tries to re-install Norton antivirus, so I am guessing that Jim may have other issues also.
So for all those still having this annoying, aggravating problem, try those programs mentioned ( all free) along with the AVG antivirus ( free version). It is worth a shot before you go and play in the reg.
I also used to run Norton on both those systems and it never found a thing so I agree with Jim that Norton basically sux, LOL.
I just want people to have that warning before they jump on that as a fix and expect it to run smoothly without any problems.
Weirdly enough both my XP systems had the same problem and after having my main system screw up with that fix I looked for another alternative for my laptop. That is when I found on one forum that they ran AVG and it fixed it. So basically I used Adaware, spybot *&D, cwshredder, hijackthis, along with AVG antivirus ( free version) and it has been great for almost a week now. I had no need to get into my reg on my laptop to solve it.
Now on Jim'* computer he tried to go to the AVG antivirus website and get the free download Adan when he runs it, it tries to re-install Norton antivirus, so I am guessing that Jim may have other issues also.
So for all those still having this annoying, aggravating problem, try those programs mentioned ( all free) along with the AVG antivirus ( free version). It is worth a shot before you go and play in the reg.
I also used to run Norton on both those systems and it never found a thing so I agree with Jim that Norton basically sux, LOL.
Thread
Thread Starter
Forum
Replies
Last Post
GymJunkie
Detailing & Appearance
3
12-10-2014 07:08 AM
bonnie94ssei
Lounge
22
10-03-2004 05:53 AM