I just sent the CWShredder download from InterMute to my friend who has been pulling her hair out over this issue. She ran it and it found nothing! She tried the SpySubtract and it found "lots of stuff" including some stuff related to CoolWebSearch. The software said it fixed the problems and she was able to reset her Homepage. If she closes IE and then re-opens it, The CoolWebSearch page re-hijacks her homepage. A few minutes later she gets a message syaing her some IE settings have been changed and prompting her to block it from happening again. She says yes and the Homepage looks OK until she closes IE and reopens. If someone can help us out we would truely appreciate it. TIA...
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
New CWShredder not helping :(
- Thread starter Hawkide
- Start date
- Thread starter
- #3
Yes she has XP.
No I did not have her run disable system restore. I don't know what that is. Neither of us are very familiar with this stuff. I am much more so than she is (that is why I am posting instead of her).
What should I tell her to do??? and thanks for your help by the way.
No I did not have her run disable system restore. I don't know what that is. Neither of us are very familiar with this stuff. I am much more so than she is (that is why I am posting instead of her).
What should I tell her to do??? and thanks for your help by the way.
Disable sys restore - ctl panel then system, then sys restore tab and turn off tick box....
I would then run spybot, adaware, hijack this and run a post on this board. Following, I would use sysclean in conj with the latest pattern file to be found @ and i would also ensure that anything sus is taken out of start up start-run-msconfig - the above may need a couple of tries, i have found cwwshredder to be useless personally and tend to think that many different options are needed in order to clean if you're infected....
Hope is helpful
Kes
I would then run spybot, adaware, hijack this and run a post on this board. Following, I would use sysclean in conj with the latest pattern file to be found @ and i would also ensure that anything sus is taken out of start up start-run-msconfig - the above may need a couple of tries, i have found cwwshredder to be useless personally and tend to think that many different options are needed in order to clean if you're infected....
Hope is helpful
Kes
biglebowski
Technical User
try this first and thank bcastner
faq608-4650
Are you suggesting coconuts migrate?
faq608-4650
Are you suggesting coconuts migrate?
biglebowski
Technical User
Are you suggesting coconuts migrate?
biglebowski
Technical User
ignore that last one TT is all screwy today
Are you suggesting coconuts migrate?
Are you suggesting coconuts migrate?
A little info as to "why" you need to turn off System Restore before performing any virus/malware removal.
Tired of waiting for an answer? Try asking better questions. See: faq222-2244
Tired of waiting for an answer? Try asking better questions. See: faq222-2244
biglebowski
Technical User
viruses hide in the system restore files I presume AV are unable to scan them don't ask me how or why I don't know.
Are you suggesting coconuts migrate?
Are you suggesting coconuts migrate?
diogenes10
Technical User
Hi,
There are variants of coolwebsearch that Merijn's last version of cwshredder did not/could not handle. Intermute's writeup did not specify what their changes were, but given the complexity of some coolwebsearch variants, it would be surprising if their updates handled all of them. One of the things that goes on, that you may be facing, is that they reload from hidden dll files. Sometimes there are additional tools needed to find those. There is a tool called Aboutbuster that helps with one of the variants.
I dont use XP, so I don't understand exactly how it works, but if the problems started very recently and there is an uninfected restore point, it might be possible to fix the problem that way.
-------------------------------------
It's 10 O'Clock ( somewhere! ).
Are your registry and data backed up?
There are variants of coolwebsearch that Merijn's last version of cwshredder did not/could not handle. Intermute's writeup did not specify what their changes were, but given the complexity of some coolwebsearch variants, it would be surprising if their updates handled all of them. One of the things that goes on, that you may be facing, is that they reload from hidden dll files. Sometimes there are additional tools needed to find those. There is a tool called Aboutbuster that helps with one of the variants.
I dont use XP, so I don't understand exactly how it works, but if the problems started very recently and there is an uninfected restore point, it might be possible to fix the problem that way.
-------------------------------------
It's 10 O'Clock ( somewhere! ).
Are your registry and data backed up?
- Status
Similar threads
- Locked
- Question