Tom's Guide | Tom's Hardware | Tom's Games
 |
 |
 |
Here goes... I quit...
will rebuild this weekend.
I have some really wicked spyware.
I got it by trying to click on a weblink,, but the windows popped up as I went to click, and sent me to a myriad of wonderful web sites.I have no solution. but I do know that..
norton
avg free
Mcaffe
spysubtract
ad-aware with plugins
spybot search and destroy
CWShredderwill not get rid of this frickin thing
yes,, I ran them in safe mode
hell I ran them one after another,, rebooted.. ran them all again.. then opened the internet. and poof still there
ran them individually
ran them together
ran them in safe mode
ran them in regular profile
unplugged the router, ran them then opened the browser.uninstalled some
reinstalled some,, different download source.I quit
One thing you can do is download Spyware Blaster. I have this program and it blocks all sites that want to download cool web search on your computer as well as over 3000 other spyware.
Another thing you can do is go to Start...Run...and type regedit and hit enter. Go to Edit menu then go to Find. Type in cool web or coolweb and when it finds something then delete it. Hit F3 to find again. Do this til it says finished searching registry. Close the registry, reboot, and update and imunize with Spyware Blaster.
This should work
Jared Verbeski
0 
I'm betting you didn't disable system restore
Asus A7N8X-X
1800+ @8x210mhz
512mb PC3200
Ti4200/8X 128mb
WDC 60GB
0
Ok,, downloaded spyware blaster,, and turned off system restore.
still no luck
ran
spyware blaster
norton
avg free
Mcaffe
spysubtract
ad-aware with plugins
spybot search and destroy
CWShredder
in safe moderan spysubtract, and sybot search and destroy after reboot.
unpluged network cable
tried,, and still infected
0
OK look. I've posted this same message several times on this forum. I'd like to just be able to put a big banner at the top of every page on this site. (BTW, Spyware Blaster is a good program, but it doesn't get rid of anything. It prevents you from getting crap after you've gotten rid of it.)
Anyway, back to my original rant. I had problems as bad as you've got a while back. Had 'em for a couple of months. I'd given up to the point of formatting -- even taking my computer to a shop!!! (O M G !) But before doing that I thought I try again. It was my good fortune to stumble across Spy Sweeper from Webroot. The first time I ran Spy Sweeper it cleaned every &*#@in' bit of crap out of my computer that CWShredder, Spybot, HiJack this and all the others couldn't, and I haven't had any such trouble since. I was so impressed that after awhile I went ahead and bought a two year subscription. (You only get one update with the free trial, but you can use it as long as you like.)
Go here, http://www.webroot.com/downloads/ and download Spy Sweeper. If it doesn't work, I reckon you'll have to format.
Also, if you're having hijacking problems, you can set the Homepage Shield in Spy Sweeper, and you won't even be able to change it youself until you change your settings in Spy Sweeper.
This has been an unsolicited testimonial.
tenacity, patience, and perseverance becauseā¦... I AM THE HUMAN
0
Did you delete all windows temp folders and files and temporary internet folders and files before running all those programs. If not you simply reinfected yourself.
0
You may want to read up on fixes for spyware/hijackers here. Several fixes for common problems relating to spyware and hijackers.
0
ok,, yes,, I have deleted and continue to delete the cookies and temp, and temp internet files before, i even run the scan
spysweeper did not fix the problem, it's still there.
although I relize now, that this frickin spyware will change the homepage back to about:blank right after I set it to something else,, it doesn't even wait for me to connect. the spysweeper is nice,, it will ask me if I want to allow a change to the homepage.
ahh,, rebuild tomarrow. I hope the firewall in sp2 will protect against this crap.
----- My own thoughts ----
you shouldn't have to have sweepers,, and blockers,, just to surf the internet.
0
You have updated Adaware to AdawareSE with the latest updates installed, haven't you. Spybot search & Destroy has frequent updates also. Without updates these programs are useless. One program I didn't see you mention was HiJackthis. Find it here:
http://www.pcworld.com/downloads/file_description/0,fid,22262,00.asp
0
I have always deleted the trash after removing the temp and temp internet
All of the programs have been updated,, before I even ran them the first time to the current version.
I have downloaded
but need a little help with the log
here it is
I have installed some much stuff over the last three days,, not sure what all of it is anymoreLogfile of HijackThis v1.98.2
Scan saved at 12:20:28 PM, on 11/24/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Symantec\Ghost\ngserver.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Symantec\Ghost\bin\dbserv.exe
C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
C:\Program Files\Symantec\Ghost\bin\rteng7.exe
C:\Program Files\Iomega HotBurn Pro\Autolaunch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\sysns.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.exe
C:\Program Files\ATI Multimedia\MAIN\ATISched.exe
C:\WINDOWS\wiaservc.log:wddrv
C:\Program Files\RemoteScan Server\RemoteScanServer.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\InterMute\SpySubtract\SpySub.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Spyware Doctor\spydoctor.exe
C:\Documents and Settings\Temp\Desktop\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/p/d.html?v
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\ihbbw.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/p/d.html?v
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\ihbbw.dll/sp.html#37049
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\PCHEALTH\HELPCTR\System\panels\blank.htm
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {B6EAAF25-944D-865E-29DA-FA44C656A5DF} - C:\WINDOWS\system32\javamp.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {CEBAD012-13C4-4D24-410D-C7155144CF79} - C:\WINDOWS\system32\msub32.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [OneTouch Monitor] C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Drag'n'Drop_Autolaunch] "C:\Program Files\Iomega HotBurn Pro\Autolaunch.exe"
O4 - HKLM\..\Run: [NGServer] C:\Program Files\Symantec\Ghost\ngserver.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [sysns.exe] C:\WINDOWS\system32\sysns.exe
O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.exe
O4 - HKCU\..\Run: [ATI Scheduler] C:\Program Files\ATI Multimedia\MAIN\ATISched.exe
O4 - HKCU\..\Run: [Cmemnnz] C:\WINDOWS\System32\t?skmgr.exe
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O4 - HKCU\..\Run: [BestPopUpKiller] C:\Program Files\BestPopUpKiller\BestPopupKiller.exe /startup
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - Startup: RemoteScan Server.lnk = C:\Program Files\RemoteScan Server\RemoteScanServer.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O14 - IERESET.INF: START_PAGE_URL=http://www.yahoo.com/
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1096978559951
O16 - DPF: {ADB880A6-D8FF-11CF-9377-00AA003B7A11} (HHCtrl Object) - http://www.gdgsoft.com/pb/pbhelp/hhctrl.ocx
0
Have you read about CoolWEb hijacker in the link I gave you above. Once you understand what has happened it seems the fix is quite simple. Look here
0
Yes,, I looked into that,, and made some changes using the hijack log and reglite. no such luck,, the sypare returned. I have rebuilt now, and am using sp2. I would have liked wait until all of the issues with sp2 be resolved,, but no such luck
thanks for all you help... everyone
0  |
 |
 |
This post is quite old and has been locked from receiving new replies. Please create a new posting instead.
| Ads by Google |
