i have been infected by the cws virus, i cant get rid of it. ive tried cws shredder, spybot, adaware and about:blaster can any one help?

Why can't you get rid of it? Do you get error messages, prog not run, can find but not delete?????

i dont know why but nothing detects it, i think i might be able to get rid of it through use of hijack this but im unfamiliar with how to use it

Howdy, You might want to try disabling your system restore, rebooting into safe mode, then running cws shredder. If that doesn't get rid of it run hijack this and post your log. Someone may be able to identify the culprit that way. Might also give bazooka a try. Get it at www.kephyr.com/spywarescanner Sometimes it can point you in the right direction for removal. Gotta love CWS. Don't these people EVER go outside?!!

i tried what you suggested but still nothing gets rid of it heres my hijack this log: Logfile of HijackThis v1.98.0 Scan saved at 2:21:43 PM, on 7/17/04 Platform: Windows 98 SE (Win9x 4.10.2222A) MSIE: Internet Explorer v5.50 (5.50.4134.0600) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.exe C:\WINDOWS\SYSTEM\MPREXE.exe C:\WINDOWS\SYSTEM\MSTASK.exe C:\WINDOWS\SYSTEM\ZONELABS\VSMON.exe C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\EXPLORER.exe C:\WINDOWS\TASKMON.exe C:\WINDOWS\SYSTEM\SYSTRAY.exe C:\PROGRAM FILES\GEARBOX CONNECTION KIT\BIN\CONFSVR.exe C:\WINDOWS\SYSTEM\AGRSMMSG.exe C:\PROGRAM FILES\BROADJUMP\CLIENT FOUNDATION\CFD.exe C:\WINDOWS\LOADQM.exe C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.exe C:\WINDOWS\RunDLL.exe C:\WINDOWS\SYSTEM\WMIEXE.exe C:\PROGRAM FILES\GEARBOX CONNECTION KIT\BIN\GBTASK.exe C:\HJT\HIJACKTHIS.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\TEMP\sp.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\TEMP\sp.html R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\WINDOWS\TEMP\sp.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\WINDOWS\TEMP\sp.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://jksearch.biz/redir.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://jksearch.biz/redir.php R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;<local> R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Á´½Ó O2 - BHO: (no name) - {9D4C9C82-D7F6-11D8-85D7-B1D91A8CBC52} - C:\WINDOWS\SYSTEM\KCFBMD.DLL (file missing) O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [SystemTray] SysTray.exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [Gearbox] "C:\Program Files\Gearbox Connection Kit\bin\confsvr.exe" O4 - HKLM\..\Run: [CARPService] carpserv.exe O4 - HKLM\..\Run: [agrsmMSG] agrsmMSG.exe O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.exe -service O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O18 - Filter: text/plain - {9D4C9C81-D7F6-11D8-85D7-B1D9EA5E2225} - C:\WINDOWS\SYSTEM\KCFBMD.DLL O21 - SSODL: OLE Automation Module - {3F143C3A-1457-6CCA-03A7-7AA23B61E40F} - (no file) O21 - SSODL: System - {9F742E20-A8E8-11D8-85D7-00028A164073} - (no file)

Hi again, Go to http://www.spywareinfo.com/~merijn/htlogtutorial.html#r to reference your log. It'll itemize out every thing on the log sheet. You'll need to go through it line by line to see whats good and whats bad. Did you try Bazooka, and if so what did it advise? I'm a huge fan of this program, mainly because after it tells you what you've got (i.e. which strain of CWS) it gives a link to find removal instructions. You will probably have to manually edit your registry, but it will tell you what to look for. You will probably also want to take a look at what your computer starts automatically. That way if something is changed you'll recongize it. Are you running Windows XP? If so, and you are comfortable with this, go into START- Run- type in msconfig and then click okay. Hit the tab that says Start up on the right. As long as things are running normally make a note as to what is there. If your system starts acting strange and there is anything there that you don't recognize uncheck it. ONLY uncheck it if you are sure you know what it is! Hope this helps. You might also want to switch your browser. I changed to Mozilla Firefox (it's free) and have had much better luck that with Netscape or I.E. D.

If this is a new CWS or varient you need to seek out the service and kill it, but the system protected exes will restart the service. If you remove the service, it will reinstall it. If you kill the exe, the service will fix the exe. There is a backup exe in some cases. So you have 3 processes working against you to fix it. J. j e r u v y a t y a h o o d o t c o m