I have a major problem..

[MetaJoe]

Ok, I'm not exactly sure where this would go, but I need urgent help. Ok, I own a Win XP home edition with DSL internet and lately my computer has been acting strangely. I went to a webpage the other day (I forget the page, some geocities page)and my internet just shut down on me. Then my mail program detected new mail and when I went to open the program, it would shut itself down right before it fully loaded. I tried using other emailsystems online, and the internet will just close out on me. I've tried my AOL, Yahoo and Hotmail accounts and the internet just closes out on me. (I use IE 6.0 by the way)
I also tried going to a website I went to the other day before and the internet closed out on me. (Square Enix's homepage)

I have had problems lately with some malicious spyware though for the past month. "CWS.MsConfig".. I've used HiJackThis to get rid of it..SEVERAL times (20+) but nothing seems to work as to getting rid of it completely..
I'm not sure, but I think it might have something to do with this new problem of mine.. I have to go into Safe mode though to get rid of the CWS every time it infects my computer (which is almost every damn day) and my computer is running a hell lot slower than it has in the past. Can someone please help me out here?

 

[rclarke250]

turn off the system restore. then use csshredder,adaware,hijackthis. to delete the offending code. Rich

I shall use google before asking stupid questions!

 

[MetaJoe]

<b>turn off the system restore. then use csshredder,adaware,hijackthis. to delete the offending code.</b>

System Restore does not work, that is why I start up the computer in safe mode.

 

[franklin97355]

OK start in safe mode and run the above programs. Also check for viruses.

 

[MetaJoe]

And I've run Nortan in safe mode, and I got no results whatsoever..I've run the other programs and all i get is spyware from my wildtangent program on my winxp, none of which concerns me at the least. In safe mode, I've run: Nortan Antivirus (although its the 2003 version), HiJackthis, AdAware, Spyblaster, and Spybot S&D and it does no good at all.

 

[MetaJoe]

Please help me out here!

 

[TekTippy4U]

Get a Hardware Firewall (Router)....Implement ZoneAlarm. You need to close the ports that allow the Infections. Set your Security Settings higher.

http://www.mvps.org/winhelp2002/unwanted.htm

using OE

http://web.brandeis.edu/pages/view/Bio/OutlookExpressSecurity

Disable Windows Messenger service

http://www.microsoft.com/windowsxp/pro/using/howto/communicate/stopspam.asp

http://www.kb.cert.org/vuls/id/575892

Disable System Restore (uncheck the box). don't even try to use it.
Use CWSmartKiller

http://www.safer-networking.org/minifiles.html

Still got probs?....go Forum760

TT4U

Notification:
These are just my thoughts....and should be carefully measured against other opinions.
Backup All Important Data/Docs

 

[TekTippy4U]

Btw; I see you are infected with a CWS variant....have you run the Orig. CWShredder at all yet?? then run the SmartKiller

http://www.spywareinfo.com/articles/cws/

and stay off those darn porn sites

TT4U

Notification:
These are just my thoughts....and should be carefully measured against other opinions.
Backup All Important Data/Docs

 

[MetaJoe]

...Um, I wasnt looking at adult stuff.. i was looking for some game info, and i think i got this from a geocities site..

 

[TekTippy4U]

I was kidding...

Did you put it in the mulcher?

TT4U

Notification:
These are just my thoughts....and should be carefully measured against other opinions.
Backup All Important Data/Docs

 

[MetaJoe]

If I knew how to do that, I would have done that long ago (a backup for the computer)

I found something rather interesting, I downloaded Process Explorer from Sysinternals, and looked up the file that is affecting my cpomputer, and it seems to be affecting aim.exe (AIM), explorer.exe (something important I guess) and IEXPLORE.exe (internet) on the task manager..

If I could, I would upload a pic, but this damn thing wont let me upload anything onto the internet (anything from a site where you can upload files on anyways..)

 

[franklin97355]

I don't see anywhere that you have run ad removal or virus software. Have you done this yet?

 

[imquazar]

Wow... Sounds like one of my kid's machines.
If I'm understanding you correctly you have the CWS (Is this the CoolWebSearch?) and when you ran the process explorer you noticed it's affecting Aim, Explorer, and Iexplorer. So what that means, if I understand this correctly is that everytime you launch AOL's Instant Messenger, (Aim.exe) or anytime you launch your "computer" (Explorer.exe is the actual desktop environment you work in when you bring up Windows) and anytime you surf the web using Internet Explorer - You have this Malware "wrapped" in these programs... and it'll either launch the CWS program or reinstall itself whichever the case may be. I've been fortunate enough to not have this on my pc, but the kids are constantly having issues, because they keep going to particular sites that have this malware on it (course, they don't realize it)

As for the System restore - The check mark must be PRESENT in order to turn off system restore on all drives. When you place the check mark and apply it deletes all stored restore points.

Last - I think the HiJaak this program is worth a shot to try to remove the wraps from these programs.

Good Luck!
-IQ