havIe had serious problems with this strain of cws it is variant 22.My favourites were filled with porn,some child related, followed by my keypad becoming useless. I seem to have corrected the latter but i don´t know for how long. My pc is slowing continuosly and more little problems are appearing. I have run adaware and spybot with no luck. CW shredder picks up on this problem and says it is removed as long as shut down restart and run it again,but this does not work. Any antivirus progs that i can use? Idon´t fancy digging around myself as i am a bit of a novice.Cheers Barny

I am having the same problem. CWSShredder says that it is saved in the memory and to restart and run the program again. After doing that, the same message pops up everytime. My homepage keeps resetting to t.rack.cc and I can't seem to get rid of it. A line keeps popping up in the HijackThis log that says O4: {sys} regedit -s sys.reg. I have deleted it numerous times, taken it out of the registry, taken it out of startup, and deleted it, but it keeps coming back. When I view the file in NotePad, there are lines of code telling it to change the internet setting to t.rack.cc. I can't seem to find whatever it is that makes this file come back and change the registry settings. If anyone knows anything, I would really appreciate it.

Mike Try this: 1st make sure you have the latest version of cwshredder. (there is a check for update applet in the cwshredder prog.) Totally power down the pc...wait for at least 30 seconds, boot back up to SAFE mode, then try running the cwshredder tool. Headache You might as well try same thing as for Mike And to both of you...run the tool while OFFLINE and any IE windows closed. To get to safe mode....keep tapping the f8 key as it is booting till you get the boot menu...choose safe mode with arrow keys then hit enter. Good luck

a good process to follow is this. First – please download and run Spybot Search & Destroy; http://www.safer-networking.org Short tutorial and download link here: http://tomcoyote.org/SPYBOT/ *check for updates*; and then scan, and fix all RED items that Spybot finds. Reboot when done. [#or AdAware if you’ve done Spybot] http://www.lavasoft.de/support/download/ If you know you have CWS…… CWS Cool Web Search Removal Process Download and run a new update of cwshredder.zip Click “Next” http://www.spywareinfo.com/~merijn/files/cwshredder.zip (obtain a new version for each run; there is a recent update) The full story on CWS: New address: http://www.merijn.org/cwschronicles.html Make sure that you have the latest version of CWShredder, and that you click “Next” and don't just scan. Then download/update 'Hijack This!' 1.97.0.7 new version http://www.spywareinfo.com/~merijn/files/hijackthis.zip Unzip/extract all… Double click on hijackthis.exe..and complete the install. Close All browser windows and Run HijackThis, Press Scan, and wait, Save the log, (the ‘scan’ button changes to ‘save log’) Edit>select All > copy and paste its contents here. Most of what it lists will be harmless or even essential, so don't fix anything yet. Post the full log including header info in reply. With luck it will be reviewed by someone here.

I found that the only way to stop the virus was to go to start/run and type in 'msconfig' and then click on the 'startup' tab and disable the relevant file. I suppose this means that it is still lurking about on my pc so if anyone finds out how to get rid of it properly then I would be grateful.

A single response msconfig disabling won't remove ALL of the bugs in anyone's system. At best it is a partial and temporary response. To remove items from memory - close your IE or other browser windows before doing any scan. Clean out the 'temp' files with Disclean. Disable system restore and reboot. Then apply the general process above with updated versions of SpyBot/AdAware - sometimes these will need to be re-installed if they are fully disabled. *Note: Ensure a fresh download of CWSHredder for each and every time you use it. Then and only then post a HijackThis log and let people with experience have a look at it. The proces above works - it has been proved over and over.

The above suggestions did not work for me. I finally removed this trojan after many attempts by: 1)Running CWShredder in Windows and rebooting after it detected and tried to repair the infectio. 2) Deleting the c:\winnt\system32\msconfd.dll file via Dos using a bootdisk (do not log into windows). You cannot delete this in Windows as it states that the file is in use. 3) Creating an empty text file in its place and making its attributes read only (make sure name is msconfd.dll and it is stored in C:\winnt\system32\). 4) Booting up normally into Windows and running CWShredder. 5) CWShredder finds the trojan and asks to reboot. 6) Once I rebooted I got a few error messages as the trojan tried to reinfect but could not because of the harmless read only msconfd.dll file I created in its location. 7) I then rebooted again and this time when I ran CWShredder it no longer appeared!!! While doing this whole process I disabled my Internet connection but I do not know if this helped or not. Better to be safe... Hope that helps you. AliBaba