Author |
Topic: SPYWARE (Help needed) (Read 451 times) |
|
don
Guest
|
Anybody know how to get rid of the "coolwww" browser hijacker?
Spyware scan picks it up, disables it, then it comes right back.
Is it a cookie in memory?
|
|
 IP Logged |
|
|
|
Racer1_NC
CH.com Alumnus
New Board Hall of Famer
"Beeeyul the Cat"
Gender: 
Posts: 1887
|
 |
Re: SPYWARE (Help needed)
« Reply #1 on: Oct 19th, 2004, 11:43am » |
 Quote  Modify
|
I use a combo of Spybot Search and Distroy and Adaware. The really tough ones require manually deleting files.....for this I use Hijack This. Word of caution.....Hijack This can lead you to delete files that are not spyware. Use with caution.
Try the first 2.......they should get it.
Bill
|
|
IP Logged |
"Everybody's Gotta Learn Sometime."
Eventus stultorum magister.
|
|
|
don
Guest
|
|
Re: SPYWARE (Help needed)
« Reply #2 on: Oct 19th, 2004, 11:46am » |
Quote Modify
 Remove
|
I have used Spybot and the Earthlink program. Both get it but it comes right back.
I'll try hijack this. Got a link?
|
|
IP Logged |
|
|
|
Racer1_NC
CH.com Alumnus
New Board Hall of Famer
"Beeeyul the Cat"
Gender:
Posts: 1887
|
|
Re: SPYWARE (Help needed)
« Reply #4 on: Oct 19th, 2004, 12:12pm » |
Quote Modify
|
Boy that's a nasty biotch.........Hope you have some time Don.....
|
|
IP Logged |
"Everybody's Gotta Learn Sometime."
Eventus stultorum magister.
|
|
|
alleyoop
New Board Hall of Famer
Wake me up when it's all over.
 
Gender:
Posts: 1143
|
|
Re: SPYWARE (Help needed)
« Reply #5 on: Oct 19th, 2004, 12:21pm » |
Quote Modify
|
on Oct 19th, 2004, 11:43am, Racer1_NC wrote: Word of caution.....Hijack This can lead you to delete files that are not spyware. Use with caution.
|
|
Be very careful with HijackThis and don't delete anything you aren't sure about.
.................alley
|
|
IP Logged |
I know that the Good Lord won't put any more on you than you can stand, but sometimes I wish He weren't quite so PROUD of ME!
|
|
|
Ree
New Board Hall of Famer
2008's my year to shine~SUN IS OUT!!!YAY
   
Gender: 
Posts: 5236
|
|
Re: SPYWARE (Help needed)
« Reply #6 on: Oct 19th, 2004, 12:27pm » |
Quote Modify
|
go to your ctl alt delete.... then to processes... its in there remove it also go to regit... and get it out of there too... doesnt this suck that we have become computer geeks just to be part of this wonderful world.........kills me.........love ya donny even though you didnt invite me to your looney party either................hehehehehehe ree
|
|
IP Logged |
Proud Mom to US ARMY Kiowa OH58 PILOT~CWO2 SCOTT Hawaii, & USMC Vet~Now POLICE OFFICER SEAN, Citizen of the Month~ Breezy~ Nana 4 Matt/Mike&Aya, MIL To Shino Wife to Dave HI BILL!http://www.myspace.com/dungareespocket http://www.prohawaiian.com
|
|
|
nani
CH.com Alumnus
New Board Hall of Famer
Got kudzu?
Gender:
Posts: 7953
|
|
Re: SPYWARE (Help needed)
« Reply #7 on: Oct 19th, 2004, 1:35pm » |
Quote Modify
|
I'm having a helluva time with "Grandstreetinteractive" and "shopnav" I HATE SPYWARE!!! This has totally messed with my ability to surf...it even shows up here. I'll hit a link to reply for example and get a "we couldn't find...but here are some related sites..." 
|
|
IP Logged |
Others may come and go, but MY power is MINE.
|
|
|
ExplodingEyeBall
New Board Hall of Famer
I can't think of anything clever to put here.
Gender:
Posts: 2589
|
|
Re: SPYWARE (Help needed)
« Reply #8 on: Oct 19th, 2004, 1:41pm » |
Quote Modify
|
I found a very informative article at www.experts-exchange.com. http://www.experts-exchange.com/Security/Win_Security/Q_21007953.html
Incase you can't get to this article, here is the accepted answer from this link.
I have never had to deal with this one so, I don't know how effective this procedure is.
IF YOU ARE NOT FAMILIAR WITH USING THE SYSTEM REGISTRY, HAVE SOMEONE WHO KNOWS HOW DO THIS FOR YOU!!!
That was my disclaimer.
If you whack your system, don't blame me. Please!!!! Have someone help you if you havn't messed with the registry yourself.
-----------------------------------------------------------------------
Turn off "System Restore" and clear your restore points.
Reboot your computer into "Safe" mode - press the F8 key repeatedly as soon as the computer begins to start -
choose "Safe Mode" from the menu.
Start registry editor and navigate to the following keys:
'HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run'
and, in the right pane, look for the value: "MSStartOptimizer" - delete it if it exists.
do the same for the value: "RegCompres"
'HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ RunServices'
Look for the same two values, in the right pane, and delete them if they exist.
'HKLM\Software\Microsoft\Windows\CurrentVersion\Run'
in the right pane, look for the values - wintime and/or wintime.exe and delete them.
Search the registry for any values named udpmod.dll - delete any value in the right pane that you find.
Search your computer for any instances of sachost.exe, SVCHOSD.EXE, WINUPD.EXE, and REGCPM32.EXE -
and delete any that you find.
Clean out all of your temp files:
# C:\Windows\Temp - delete the ALL of the CONTENTS of the folder - Not the "temp" folder itself!
# C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files (all contents) <=This will delete all
your cached internet content including cookies. This is recommended and strongly suggested.
# C:\Documents and Settings\<Your Profile>\Local Settings\Temp (all contents)
# C:\Documents and Settings\<Any other users Profile>\Local Settings\Temporary Internet Files (all contents)
# C:\Documents and Settings\<Any other users Profile>\Local Settings\Temp (all contents)
# Empty your "Recycle Bin".
|
|
IP Logged |
Just poke out my eye and get it over with!!!
|
|
|
don
Guest
|
|
Re: SPYWARE (Help needed)
« Reply #9 on: Oct 19th, 2004, 1:43pm » |
Quote Modify
Remove
|
How about this?
I download Opera Browser and completely delete IE 6.
Then download IE 6 again. Will the spyware be gone?
|
|
IP Logged |
|
|
|
Ree
New Board Hall of Famer
2008's my year to shine~SUN IS OUT!!!YAY
Gender:
Posts: 5236
|
|
Re: SPYWARE (Help needed)
« Reply #10 on: Oct 19th, 2004, 2:02pm » |
Quote Modify
|
I downloaded Netscape, uninstalled IE... and came back love Netscape but it has some explorer thing attatched to it too... life in spy ware sucks.........ree
|
|
IP Logged |
Proud Mom to US ARMY Kiowa OH58 PILOT~CWO2 SCOTT Hawaii, & USMC Vet~Now POLICE OFFICER SEAN, Citizen of the Month~ Breezy~ Nana 4 Matt/Mike&Aya, MIL To Shino Wife to Dave HI BILL!http://www.myspace.com/dungareespockethttp://www.prohawaiian.com
|
|
|
don
Guest
|
|
Re: SPYWARE (Help needed)
« Reply #11 on: Oct 19th, 2004, 2:04pm » |
Quote Modify
Remove
|
Appreciate the replys but I am a lunkhead and dont understand 95% of the suggestions.
I did get a log file back with Hijack This but dont know what to do next.
|
|
IP Logged |
|
|
|
forgetfulnot
Guest
|
|
Re: SPYWARE (Help needed)
« Reply #12 on: Oct 19th, 2004, 2:06pm » |
Quote Modify
Remove
|
no
|
|
IP Logged |
|
|
|
Mark C
CH.com Alumnus
New Board Hall of Famer
Onward through the fog.
Gender:
Posts: 2660
|
|
Re: SPYWARE (Help needed)
« Reply #13 on: Oct 19th, 2004, 2:27pm » |
Quote Modify
|
My pleasure...first run Cool Web Shredder which is here. Then run AdAwareSE which can be found here. After the AdAware download be sure to hit the update button. You do not mention the operating system you have but I would recommend you run Adaware in "safe-mode". Instructions for how to get to safe mode here. It includes instructions for all OS
After you get it cleaned up I suggest SpyWare Blaster which does a pretty good job of preventing spyware from being downloaded in the first place. It can be found here
I also contribute to SpyWare Forums and would be glad to look at your HiJackThis logs if you want me to. Hi Jack This can be found here.
It creates a notepad file which you can post, pm me or email me with.....I will be glad to help.
This is the beginning of my arsenal and this rids most PC's of the malware. If not, PM me and we will get a little more deep. 
All of the above programs are free and I use them all on many different computers without trouble....so far. 
Don, if you still have problems after my suggestions check you pm's....call me. I aint found one of the bastards yet I can't kill....and I like it!
Spyware is becoming more a problem than Viri or Trojans are. I do not see how a "newbie" stands a chance. There are variants of this crap coming out almost daily and anybody who connects to the internet is at risk no matter what your OS or browser. This is something I do for fun...and it keeps everything at work clean....and it has started to actually pay. I have about 2 dozen computers I keep up and it seems I am working on them almost weekly. There is not a cure all yet but I will be glad to help if anyone needs it....I am getting pretty good at killing these bastards.. The shame is this crap is making the internet hell for almost everyone. Most PC's have spyware on them too. I suggest everyone run the programs, I bet they find something.
Safe Surfing,
Mark
|
| « Last Edit: Oct 20th, 2004, 10:33pm by Mark C » |
IP Logged |
Click The Flag
|
|
|
Prense
CH.com Alumnus
New Board Hall of Famer
Kerry is an idiot!
Gender:
Posts: 1607
|
|
Re: SPYWARE (Help needed)
« Reply #14 on: Oct 19th, 2004, 2:40pm » |
Quote Modify
|
on Oct 19th, 2004, 11:39am, don wrote:Anybody know how to get rid of the "coolwww" browser hijacker?
Spyware scan picks it up, disables it, then it comes right back.
Is it a cookie in memory? |
|
As Mark suggested, CWShredder will fix this. There are manual ways of getting rid of it through hijackthis, but that can be tedious.
Personally, I do not use Internet Explorer at all. One of the main reasons is because it is such a targeted piece of software (due to being so common). There are many browsers available these days (virtually free and better than explorer). Scout them out, and pick one that looks like it will meet your needs/wants. I have been using Opera for quite a while now, and it does pretty good. Tailoring it to work on some sites can be tricky and annoying, but overall, I like it.
There is a big difference between spyware and hijacks. It is worth it to research how to protect your system before you have problems. In the end, it is a huge investment in time.
Chris
|
|
IP Logged |
Where does the white go in a snowman when the snow melts?
|
|
|
alleyoop
New Board Hall of Famer
Wake me up when it's all over.
Gender:
Posts: 1143
|
|
Re: SPYWARE (Help needed)
« Reply #15 on: Oct 19th, 2004, 3:10pm » |
Quote Modify
|
Just wanted to say, Mark and Prense- damn good posts! Don, either one of those guys can get your puter straightened out. And once you do that, follow their preventative maintenance advice. Take it from someone who's been there, it'll pay off!
................alley
|
|
IP Logged |
I know that the Good Lord won't put any more on you than you can stand, but sometimes I wish He weren't quite so PROUD of ME!
|
|
|
don
Guest
|
|
Re: SPYWARE (Help needed)
« Reply #16 on: Oct 19th, 2004, 4:21pm » |
Quote Modify
Remove
|
You guys are the best. This thing is wreaking havoc.
Forunately it's not in my home computer but in the one at work. You know. The one I only use for searching for grant opportunities. (Ahem) Anyway I'll try this stuff tommorow at work.
Thanks for all the help.
(You still suck )
|
|
IP Logged |
|
|
|
Jonny
Guest
|
|
Re: SPYWARE (Help needed)
« Reply #17 on: Oct 19th, 2004, 6:06pm » |
Quote Modify
Remove
|
on Oct 19th, 2004, 2:40pm, Prense wrote:| I have been using Opera for quite a while now, and it does pretty good. |
|
Ive been using Opera for about two years, ever since Ueli told me it was better....and it is by far.
..............................jonny
|
|
IP Logged |
|
|
|
don
Guest
|
|
Re: SPYWARE (Help needed)
« Reply #18 on: Oct 20th, 2004, 11:30am » |
Quote Modify
Remove
|
Holy Christ.
It took numerous attempts and reboots just to get to the download sites.
I think CW shredder got it.
Whos responsible for this shit anyway?
|
|
IP Logged |
|
|
|
Lobster
CH.com Alumnus
New Board Hall of Famer
Gender:
Posts: 2016
|
|
Re: SPYWARE (Help needed)
« Reply #19 on: Oct 20th, 2004, 12:27pm » |
Quote Modify
|
CWS is a pay-per-click affiliate web search.
Say I 'install' CWS on your PC. Every time you search through CWS, I get a penny.
Thus, the old hackers/back door writers have turned their attention toward profit. Every system they can get CWS onto (with their referral ID attached), they get money. It does not matter how they get it onto your PC... exploits, viruses, backdoors are all fair game.
|
|
IP Logged |
Rock beats Scissors.
|
|
|
Mark C
CH.com Alumnus
New Board Hall of Famer
Onward through the fog.
Gender:
Posts: 2660
|
|
Re: SPYWARE (Help needed)
« Reply #20 on: Oct 20th, 2004, 7:41pm » |
Quote Modify
|
The CoolWebSearch Chronicles
This is an article which details the variants of the browser hijacker known as CoolWebSearch (CWS). In the last few months, the people behind this name have succeeded in becoming (IMHO) an even bigger nuisance than the now infamous Lop.
The difficulty of removing CWS from a user's system has grown from slightly tricky in the first variant to virtually impossible for the latest few. Some of the variants even used methods of hiding and running themselves that had never been used before in any other spyware strains.
The chronological order in which the CWS variants appeared is detailed here, along with the approximate dates when they appeared online. However, since the evil programmers of CWS have released over two dozen versions of their hijacker on the advertising market in such a short time, and are crunching out new ones steadily practically every week, this document might be out of date at times.
|
|
IP Logged |
Click The Flag
|
|
|
Lobster
CH.com Alumnus
New Board Hall of Famer
Gender:
Posts: 2016
|
|
Re: SPYWARE (Help needed)
« Reply #21 on: Oct 21st, 2004, 8:21am » |
Quote Modify
|
Nice site Mark.
That is the guy who wrote (writes) CWShredder. He notes:
Note that CWShredder is update very often. If you have a copy that's more than a week old, check for an update first before emailing me it's not working well.
|
|
IP Logged |
Rock beats Scissors.
|
|
|
|
|
|
Home
Help
Search
Members
Member Map
Login
Register
Reply
Notify of replies
Send Topic
Print
test rss