Anyone having trouble with Spyware and CoolWWW - Page 3 - GM Forum - Buick, Cadillac, Chev, Olds, GMC & Pontiac chat


Lounge For casual talk about things unrelated to General Motors. In other words, off-topic stuff. And anything else that does not fit Section Description.

Reply
 
 
 
Thread Tools Search this Thread
Old 07-05-2004, 01:00 AM   #21
Senior Member
Posts like a Northstar
 
Join Date: Jan 2004
Location: Kansas - yet again...
Posts: 652
Thanks: 0
Thanked 0 Times in 0 Posts
kazuki is on a distinguished road
Default

well if you all would use an antivirus an firewall an not just go downloading anything you woudlnt have theses issues but seriously now, they tell you to make backups of the registry if you make changes an all that for a reason as for any files you delete, many antivirus an firewalls are coming out with some sorta spyware blocker/detector personally I use outpost firewall it might not have a spyware feature but it has enough others an plug ins to use to make it worth a try
kazuki is offline   Reply With Quote
Old 07-05-2004, 11:12 AM   #22
Senior Member
Posts like a Corvette
 
Join Date: Jan 2004
Location: Montréal, QC
Posts: 1,374
Thanks: 0
Thanked 0 Times in 0 Posts
Foghorn is on a distinguished road
Default

Quote:
Originally Posted by sse1990
Quote:
Originally Posted by Foghorn
If any of you got, or get, the CoolWebSearch (CWS) Trojan or any of it'* more than 22 variations...then you're in for a bit of work.

AdAware, CWSshredder, HiJack This and many others will not single handedly, or together, permanently remove this from your system. CWS sets a hidden Registry Key that will launch the program, or recreate it, anytime a window is opened.

This worked for me, I'm using Windows XP:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs

You have to remove this key. The value of this key may look blank for you, but it is not. They hide the value so you can't see it. This registry key tells Windows to load the trojan DLL every time ANY application is run giving it complete control to do whatever it wants. So you need to remove it so that the trojan DLL cannot load and keep re-infecting your pc.

The way to remove the registry key is not obvious. If you just delete it from regedit, since the trojan DLL is loaded, it will re-add it right back. (Try it. Delete the AppInit_DLLs registry key and hit F5. Notice that it'* added right back by the trojan). So what you have to do is the following which worked for me.

1. Rename the HLM\Software\Microsoft\Windows NT\CurrentVersion\Windows folder to Windows2.
2. Now delete the AppInit_DLLs key under the Windows2 folder.
3. Hit F5 and notice that AppInit_DLLs doesn't come back.
4. Rename the Windows2 folder back to Windows.

Now that AppInit_DLLs is gone, run the latest Adaware 6 to remove the trojan for good. Reboot your machine. Check the registry and make sure AppInit_DLLs is still gone. Your computer should be free of this for good now."

You can find more info here;

http://www.computing.net/security/ww...rum/11527.html

http://forums.spywareinfo.com/index.php?showtopic=10007

Good luck!

This was the fix that I tried as a last resort and I am truely sorry I did that. It completetly screwed my system. All my programs are screwed and are missing from the add remove program list. Also I lost the listing of my programs on my system when I go to all programs in Win XP.

If anyone tries it, good luck.

I have a few programs listed that I use then finally downloaded the AVG antivirus and it cleaned it all up for me. Norton didn't find any of it.
The instructions above would have nothing to do with programs listed in the ADD/REMOVE Programs List. The Key mentioned only would have one hidden entry. Any problems you are experiencing in Windows is not related to this Key.

When using AdAware, be sure to check their support page for the proper scan settings;

http://www.lavahelp.com/howto/fullscan/index.html

Cheers,
Foghorn is offline   Reply With Quote
Old 07-05-2004, 11:27 AM   #23
Senior Member
True Car Nut
 
Join Date: May 2002
Posts: 2,936
Thanks: 0
Thanked 0 Times in 0 Posts
sse1990 is on a distinguished road
Default

I would have to disagree strongly since that was the one and only key I deleted and after that my system was screwed.

I came to find out after that I was not the only one that had that problem. They also deleted the one key and the system was screwed.

But I figured I would try it since all the other fixes didn't do anything for me, this was the first one that I tried that I would have to get into regedit for, ( I ususally try and not play in the registry unless I really have to and in this case the problem hides itself in there.).


So what you are saying then is that anyone that tries your fix and screws up their system after reading this, YOU are now solely responsible for it.

I am trying to warn people that there is more to it than you think. But if you insist that there isn't and they screw up their system then you SHOULD be held responsible since you say it will not do anything.

Anytime you play with the registry you can cause some damadge so that is why I DO NOT post ANY instructions on playing with it.
sse1990 is offline   Reply With Quote
Old 07-05-2004, 12:56 PM   #24
Senior Member
Posts like a Corvette
 
Join Date: Jan 2004
Location: Montréal, QC
Posts: 1,374
Thanks: 0
Thanked 0 Times in 0 Posts
Foghorn is on a distinguished road
Default

Quote:
Originally Posted by sse1990
I would have to disagree strongly since that was the one and only key I deleted and after that my system was screwed.

I came to find out after that I was not the only one that had that problem. They also deleted the one key and the system was screwed.

But I figured I would try it since all the other fixes didn't do anything for me, this was the first one that I tried that I would have to get into regedit for, ( I ususally try and not play in the registry unless I really have to and in this case the problem hides itself in there.).


So what you are saying then is that anyone that tries your fix and screws up their system after reading this, YOU are now solely responsible for it.

I am trying to warn people that there is more to it than you think. But if you insist that there isn't and they screw up their system then you SHOULD be held responsible since you say it will not do anything.

Anytime you play with the registry you can cause some damadge so that is why I DO NOT post ANY instructions on playing with it.
Sorry to hear this solution didn't work for you. As you mention, editing the Registry should be done with care and regular back ups are a good precaution.

In your earlier post you mentioned you had edited the Registry before me having posted on this issue. Was this the same instruction or something else?

I offered a solution that has been widely tested and if you had taken the time to read through the 2 links I provided, you would have had a very good appreciation of the mechanics involved and the reasons for this approach.

I know this solution works because I have done it on 2 computers. I spent a great deal of time researching a fix and I read many instructions very carefully. I have checked 5 Windows XP systems and 2 Windows 2000 systems, all of them contain the key mentioned earlier and none of them have any values set normally, only a hidden value for CWS.

To be sure appropriate care and attention is given this matter, in case it'* not obvious, I will edit my earlier post to include a warning when editing the Registry. I'm sorry you feel I am responsible for your troubles in offering a known solution.

Cheers,
Foghorn is offline   Reply With Quote
Old 07-05-2004, 09:27 PM   #25
Senior Member
True Car Nut
 
Join Date: May 2002
Posts: 2,936
Thanks: 0
Thanked 0 Times in 0 Posts
sse1990 is on a distinguished road
Default

It was on the same forums that I found the same fix for the same problem. The links you provided are the same that I read but I also found others. I spent a couple weeks fighting this annoying virus/redirect. I edited my reg before your post but like I said it was the same instructions. I don't have a link at this time for the people that had problems with that fix. If I find it I will show you.

I just want people to have that warning before they jump on that as a fix and expect it to run smoothly without any problems.

Weirdly enough both my XP systems had the same problem and after having my main system screw up with that fix I looked for another alternative for my laptop. That is when I found on one forum that they ran AVG and it fixed it. So basically I used Adaware, spybot *&D, cwshredder, hijackthis, along with AVG antivirus ( free version) and it has been great for almost a week now. I had no need to get into my reg on my laptop to solve it.

Now on Jim'* computer he tried to go to the AVG antivirus website and get the free download Adan when he runs it, it tries to re-install Norton antivirus, so I am guessing that Jim may have other issues also.


So for all those still having this annoying, aggravating problem, try those programs mentioned ( all free) along with the AVG antivirus ( free version). It is worth a shot before you go and play in the reg.

I also used to run Norton on both those systems and it never found a thing so I agree with Jim that Norton basically sux, LOL.
sse1990 is offline   Reply With Quote
 
 
Reply

Related Topics
Thread Thread Starter Forum Replies Last Post
Having some trouble finding a chrome air box and GymJunkie Detailing & Appearance 3 12-10-2014 08:08 AM
Trouble, trouble, trouble jbmark33 2000-2005 25 05-22-2007 10:11 PM
COMPUTER people...Spyware/parasites/trojan horses.....etc bonnie94ssei Lounge 22 10-03-2004 06:53 AM
Gah! Help with Spyware Jim W Lounge 14 06-27-2004 12:39 PM
Gator not SpyWare? MOS95B Lounge 6 10-25-2003 04:07 PM


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -4. The time now is 02:06 PM.


We are a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for us to earn fees by linking to Amazon.com and affiliated sites.