Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

What are these?


  • This topic is locked This topic is locked
2 replies to this topic

#1 ashpash

ashpash

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:52 PM

Posted 26 July 2004 - 06:48 PM

I run Spyware Blaster, Spybot and SpySweeper. Just a quick question if I may. I also have BPS Spyware Remover which I know is a contoversial product at best but before I uninstall the program I keep getting these mesages from its SpyWatch:


8:47:52 AM Warning! Hijacker.CoolWebSearch Key detected: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\coolwwwsearch.com\

8:47:54 AM Warning! Possible Browser Hijack attempt Key detected: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\xxxtoolbar.com\

Are these legitimate problems? When I run Spybot I find nothing but when I run BPS Spyware Remover it finds 2 hijacks. Could the problem be in the program itself?

Thanks for shedding any light on this.

BC AdBot (Login to Remove)

 


#2 ColdinCbus

ColdinCbus

  • Members
  • 312 posts
  • OFFLINE
  •  
  • Local time:02:52 PM

Posted 26 July 2004 - 07:28 PM

Click Start -> Run. Type in regedit and click OK.

Navigate to "KEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains"

In that key, search for "coolwwwsearch.com" and look in the right pane for the "dword" value of that entry. If it is "0x00000004(4)", then that is probably from IE-SpyAd and is perfectly safe to have there. Same goes for the other entry.

edit=typo

Edited by ColdinCbus, 26 July 2004 - 07:31 PM.


#3 ashpash

ashpash
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:52 PM

Posted 27 July 2004 - 06:16 PM

Excellent, thanks for the answer. I have now uninstalled it, I really appreciate the help.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users