-
December 29th, 2004, 11:45 AM
#1
CWS (coolwwwsearch) REMOVAL! WOOHOO!
Here's a definite fix. It's a little in depth but it works. I've attempted to use Spybot, Adaware and CWShredder and none of those worked to remove CWS. This finally did the trick. Enjoy!
http://www.bleepingcomputer.com/forums/tutorial85.html
p.s. Print the tutorial FIRST! Download all necessary programs listed in the tutorial FIRST! Have patience and do NOT skip a step.
Good luck
To err is human. To forget to turn the NumLock on is just plain stupid.
-
December 30th, 2004, 09:38 AM
#2
This is a good one to use and to learn by. Very detailed. Would help a beginner as it is easy to understand. The HighJack This download shows version 1.98. So when downloading make sure you have the latest version.
If anyone tries this as a result of a Cool Search infection I would appreciate hearing if the procedure elimininates the latest varient.
Thanks.
-
December 30th, 2004, 10:35 AM
#3
It worked for me yesterday (12-29-04). I'm assuming it was the lastest varient. It was a pain in the butt...I can tell you that much!
To err is human. To forget to turn the NumLock on is just plain stupid.
-
December 30th, 2004, 11:41 AM
#4
Would you happen to remember it or did you make a copy of a log that shows them by chance?
I had trouble a few months ago with getting rid of a couple of Cool Search entries when I got hit. Had to dig to find them as they were hidden. At the time it was just another irritant and I made no copies.
I think the people behind this one are making money as they are coming up with new "stuff" all the time. If there was a way to break that by denying them the capability to get into peoples computers they would probably disappear.
And these forums are just the place to swap information as well as ask questions.
-
December 30th, 2004, 02:49 PM
#5
Hijack this log
According to the instructions...this is what I cleaned with HijackThis. Also when I ran Adbuster...it found the following filenames: zyjgi, qjipa, lwsaj, ojhcx. I deleted ANY and ALL occurances of these filenames on C:. Hope all of this helps!
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\jsaxa.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\jsaxa.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\jsaxa.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\jsaxa.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\jsaxa.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\jsaxa.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com
O2 - BHO: (no name) - {A181ACFF-FFBD-E523-A66B-69B29278B02A} - C:\WINDOWS\system32\ntqy32.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [SpartaCom Client Pop-up] SPPopUp.exe
O4 - HKLM\..\Run: [dvprpt] C:\PROGRA~1\COMMAN~1\COMMAN~1\dvprpt.exe
O4 - HKLM\..\Run: [cuagent] C:\PROGRA~1\COMMAN~1\COMMAN~1\cuagent.exe
O4 - HKLM\..\Run: [CSAV_CheckViruses] C:\PROGRA~1\COMMAN~1\COMMAN~1\vchk.exe
O4 - HKLM\..\Run: [avtray] C:\PROGRA~1\COMMAN~1\COMMAN~1\avtray.exe
O4 - HKLM\..\Run: [sdkha32.exe] C:\WINDOWS\system32\sdkha32.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
To err is human. To forget to turn the NumLock on is just plain stupid.
-
December 30th, 2004, 10:45 PM
#6
Thanks very much and it does help.
-
January 2nd, 2005, 01:56 AM
#7
good stuff this will come in handy
15 Macbook Pro | C2D 2.4 | 4 GB | 200 HD | leopard
13 MacBook | CD 2.4 | 2 GB | 80 HD | Leopard
12 Powerbook | G4 867Mhz | 1.25GB | 120 HDD | Tiger
-
January 2nd, 2005, 08:28 PM
#8
I've moved this to this spyware forum so it won't get buried.
VirtualDr email notices are not working.
Check back regularly for responses.
_____________________
cat lovers click here
Thread Information
Users Browsing this Thread
There are currently 2 users browsing this thread. (0 members and 2 guests)
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|