CWS (coolwwwsearch) REMOVAL! WOOHOO!
Results 1 to 8 of 8

Thread: CWS (coolwwwsearch) REMOVAL! WOOHOO!

  1. #1
    Join Date
    Apr 2001
    Location
    Asheboro, NC, USA
    Posts
    107

    CWS (coolwwwsearch) REMOVAL! WOOHOO!

    Here's a definite fix. It's a little in depth but it works. I've attempted to use Spybot, Adaware and CWShredder and none of those worked to remove CWS. This finally did the trick. Enjoy!

    http://www.bleepingcomputer.com/forums/tutorial85.html

    p.s. Print the tutorial FIRST! Download all necessary programs listed in the tutorial FIRST! Have patience and do NOT skip a step.

    Good luck
    To err is human. To forget to turn the NumLock on is just plain stupid.

  2. #2
    Join Date
    Oct 2000
    Location
    graham, tx, us
    Posts
    7,156
    This is a good one to use and to learn by. Very detailed. Would help a beginner as it is easy to understand. The HighJack This download shows version 1.98. So when downloading make sure you have the latest version.

    If anyone tries this as a result of a Cool Search infection I would appreciate hearing if the procedure elimininates the latest varient.

    Thanks.

  3. #3
    Join Date
    Apr 2001
    Location
    Asheboro, NC, USA
    Posts
    107
    It worked for me yesterday (12-29-04). I'm assuming it was the lastest varient. It was a pain in the butt...I can tell you that much!
    To err is human. To forget to turn the NumLock on is just plain stupid.

  4. #4
    Join Date
    Oct 2000
    Location
    graham, tx, us
    Posts
    7,156
    Would you happen to remember it or did you make a copy of a log that shows them by chance?

    I had trouble a few months ago with getting rid of a couple of Cool Search entries when I got hit. Had to dig to find them as they were hidden. At the time it was just another irritant and I made no copies.

    I think the people behind this one are making money as they are coming up with new "stuff" all the time. If there was a way to break that by denying them the capability to get into peoples computers they would probably disappear.

    And these forums are just the place to swap information as well as ask questions.

  5. #5
    Join Date
    Apr 2001
    Location
    Asheboro, NC, USA
    Posts
    107

    Hijack this log

    According to the instructions...this is what I cleaned with HijackThis. Also when I ran Adbuster...it found the following filenames: zyjgi, qjipa, lwsaj, ojhcx. I deleted ANY and ALL occurances of these filenames on C:. Hope all of this helps!

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\jsaxa.dll/sp.html#37049
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\jsaxa.dll/sp.html#37049
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\jsaxa.dll/sp.html#37049
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\jsaxa.dll/sp.html#37049
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\jsaxa.dll/sp.html#37049
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\jsaxa.dll/sp.html#37049
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com

    O2 - BHO: (no name) - {A181ACFF-FFBD-E523-A66B-69B29278B02A} - C:\WINDOWS\system32\ntqy32.dll

    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
    O4 - HKLM\..\Run: [SpartaCom Client Pop-up] SPPopUp.exe
    O4 - HKLM\..\Run: [dvprpt] C:\PROGRA~1\COMMAN~1\COMMAN~1\dvprpt.exe
    O4 - HKLM\..\Run: [cuagent] C:\PROGRA~1\COMMAN~1\COMMAN~1\cuagent.exe
    O4 - HKLM\..\Run: [CSAV_CheckViruses] C:\PROGRA~1\COMMAN~1\COMMAN~1\vchk.exe
    O4 - HKLM\..\Run: [avtray] C:\PROGRA~1\COMMAN~1\COMMAN~1\avtray.exe
    O4 - HKLM\..\Run: [sdkha32.exe] C:\WINDOWS\system32\sdkha32.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    To err is human. To forget to turn the NumLock on is just plain stupid.

  6. #6
    Join Date
    Oct 2000
    Location
    graham, tx, us
    Posts
    7,156
    Thanks very much and it does help.

  7. #7
    Join Date
    Dec 2002
    Location
    Busselton Western Australia "Wine Region"
    Posts
    707
    good stuff this will come in handy
    15 Macbook Pro | C2D 2.4 | 4 GB | 200 HD | leopard
    13 MacBook | CD 2.4 | 2 GB | 80 HD | Leopard
    12 Powerbook | G4 867Mhz | 1.25GB | 120 HDD | Tiger

  8. #8
    Join Date
    Jul 1998
    Location
    Toronto
    Posts
    25,415

    Thumbs up

    I've moved this to this spyware forum so it won't get buried.
    Don't believe everything you think.

    VirtualDr email notices are not working.
    Check back regularly for responses.

    _____________________
    cat lovers click here

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •