Full Version: I'm Infected With Cws.hompage
did a scan with xofspyse and it came back with cgi-bin cookie and cws.homepage. can anyone help?
Hey jetusus,
Welcome to BC,
I take it that you were not able to remove these entries with Xoftspy?
Do you have to pay for the full version to remove the spyware?
Xoftspy has a pretty murky past and is the most reputable scanner.
I would recommend that you use an alternative scanner such as adaware.
This might be able to delete the spyware for free,
The files found do not sound too serious.
Please download Ad-Aware SE Personal and install it.
If you already have Ad-Aware SE, please configure it as indicated below.
If you have a previous version of Ad-Aware, please uninstall your current version and install the newest version SE 1.06.
Run Ad-Aware, and click Check for updates now.
Select Configurations (click the Gear wheel at the top) as follows:
General Button > Safety & Settings > Check (Green) all three.
Tweak Button > Cleaning Engine > uncheck "Always try to unload modules before deletion".
Click Proceed.
To start the scan, Click > "Scan Now" at left.
Select "Search for low-risk threats".
Select "Perform full system scan".
Click "Next".
When the scan has completed, select Next.
In the Scanning Results window, select the "Critical Objects" tab.
Right-click on the screen and choose "Select all objects".
Click Next to remove the infections found, and click OK to the prompt.
Restart the computer.
Now run a scan with Xoftspy and see if they have been deleted.
David
Welcome to BC,
I take it that you were not able to remove these entries with Xoftspy?
Do you have to pay for the full version to remove the spyware?
Xoftspy has a pretty murky past and is the most reputable scanner.
I would recommend that you use an alternative scanner such as adaware.
This might be able to delete the spyware for free,
The files found do not sound too serious.
Please download Ad-Aware SE Personal and install it.
If you already have Ad-Aware SE, please configure it as indicated below.
If you have a previous version of Ad-Aware, please uninstall your current version and install the newest version SE 1.06.
Run Ad-Aware, and click Check for updates now.
Select Configurations (click the Gear wheel at the top) as follows:
General Button > Safety & Settings > Check (Green) all three.
Tweak Button > Cleaning Engine > uncheck "Always try to unload modules before deletion".
Click Proceed.
To start the scan, Click > "Scan Now" at left.
Select "Search for low-risk threats".
Select "Perform full system scan".
Click "Next".
When the scan has completed, select Next.
In the Scanning Results window, select the "Critical Objects" tab.
Right-click on the screen and choose "Select all objects".
Click Next to remove the infections found, and click OK to the prompt.
Restart the computer.
Now run a scan with Xoftspy and see if they have been deleted.
David
I ran both scan and Xoftspy still came back with infected with CWS.Hompage
Please follow the guidelines in the tutorial at the link below:
How to remove CoolWebSearch with CWShredder
How to remove CoolWebSearch with CWShredder
After using the tutorial, I would also recommend that you download and run About:Buster from one of these locations:
malwarebytes.org
subratam.org
1. Extract About:Buster to your desktop or its own folder such as C:\AboutBuster.
2. Open the AboutBuster folder and double-click AboutBuster.exe to launch the program.
4. Click the "Begin Removal" button. A message box will popup saying "About Buster will not shut down all Internet Explorer windows...", click "OK" and allow the program to run. It will shut down all Explorer windows and begin to check your computer for malicious files.
5. AboutBuster will finish, indicate "Scan Completed" and open a new page. Follow the instructions for protection on that page.
Note: If you receive any error messages please open the readme file in the AboutBuster folder and follow the directions in Section II provided for correcting that error.
malwarebytes.org
subratam.org
1. Extract About:Buster to your desktop or its own folder such as C:\AboutBuster.
2. Open the AboutBuster folder and double-click AboutBuster.exe to launch the program.
4. Click the "Begin Removal" button. A message box will popup saying "About Buster will not shut down all Internet Explorer windows...", click "OK" and allow the program to run. It will shut down all Explorer windows and begin to check your computer for malicious files.
5. AboutBuster will finish, indicate "Scan Completed" and open a new page. Follow the instructions for protection on that page.
Note: If you receive any error messages please open the readme file in the AboutBuster folder and follow the directions in Section II provided for correcting that error.
I've done everything that i've been instructed to do, and it shows clean in all applications, however when i run it through Xofspy it still shows infected with CWS.Homepage
Does it give you an exact location of the file.
I'm starting to think this might be a flase postive / orphaned entry.
Is it an infected file / registry entry etc..
I'm starting to think this might be a flase postive / orphaned entry.
Is it an infected file / registry entry etc..
XoftSpy was listed on the Rogue/Suspect Anti-Spyware Products list because of concerns with false positives, questionable license terms, and the use of aggressive, deceptive advertising in the past. They were removed with a note added after taking steps to correct this. However, IMO it is not a program I would recommend using in place of others with a proven track record.
In any event, it would be helpful if you could provide the scan results or log generated that shows exactly what the program is telling you.
In any event, it would be helpful if you could provide the scan results or log generated that shows exactly what the program is telling you.
here are the result of Xoftspy
Vendor Type Category Object Danger
CWS.Homepage Registry Value Adware Software\Microsoft\Internet Explorer\main\conc Severe Risk
live365 cookie File Data Miner C:\Documents and Settings\bob\Cookies\bob@live365[1].txt Low Risk
real cookie File Data Miner C:\Documents and Settings\bob\Cookies\bob@real[1].txt Low Risk
Vendor Type Category Object Danger
CWS.Homepage Registry Value Adware Software\Microsoft\Internet Explorer\main\conc Severe Risk
live365 cookie File Data Miner C:\Documents and Settings\bob\Cookies\bob@live365[1].txt Low Risk
real cookie File Data Miner C:\Documents and Settings\bob\Cookies\bob@real[1].txt Low Risk
Hey there,
You can clear those two cookies by completing the following.
° Close all instances of Internet Explorer .
° Go to your control panel and open "Internet Options".
° Click on the "General" tab.
° Click the "Delete Cookies" button, then the "Delete Files" button.
° When prompted, place a tick in the "Delete all offline content" box and click OK.
I think you were actually dealing with a dialer on your computer.
It's now deleted, but the registry entry remains. Should be easy to fix.
Please open notepad and and copy and paste next bold in it:
(don't forget to copy and paste REGEDIT4)
Save this as "fix.reg" Choose to save as *all files and place it on your desktop.
It should look like this:
Doubleclick on it and when it asks you if you want to merge the contents to the registry, click yes/ok.
Reboot, run Xoftspy again and let me know what it finds.
David
You can clear those two cookies by completing the following.
° Close all instances of Internet Explorer .
° Go to your control panel and open "Internet Options".
° Click on the "General" tab.
° Click the "Delete Cookies" button, then the "Delete Files" button.
° When prompted, place a tick in the "Delete all offline content" box and click OK.
I think you were actually dealing with a dialer on your computer.
It's now deleted, but the registry entry remains. Should be easy to fix.
Please open notepad and and copy and paste next bold in it:
(don't forget to copy and paste REGEDIT4)
QUOTE
REGEDIT4
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\conc]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\conc]
Save this as "fix.reg" Choose to save as *all files and place it on your desktop.
It should look like this:
Doubleclick on it and when it asks you if you want to merge the contents to the registry, click yes/ok.
Reboot, run Xoftspy again and let me know what it finds.
David
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.