Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Not sure if Im infected


  • This topic is locked This topic is locked
6 replies to this topic

#1 Megaman1076

Megaman1076

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:28 AM

Posted 23 May 2009 - 01:00 PM

Hello!

I scan my cpu regularly with Mcafee and Spybot. Spybot never finds anything and says Im clean. Mcafee finds this:

Adware-Coolwebsearch Registry Key: HKLM\currentcontrolset\enum\root\LEGACY_ ZESOFT

It says it cannot be completly removed. Mcafee also finds:

Artemis!E95F4939D4E7 File name: C:\RECYCLER\S-1-51-21-2240424720-878742820-2990942535-1007\Dc11.exe

It also says it cannot be completely removed.

After searching your forums I foun CWShredder Downloaded it, ran it and it says I don't have Coolwebsearch on my machine. Confused I looked further and found Malwarebytes. So I ran thata and after the scan it said I had 8 items to fix. Below is that log along with the scan results and a recent HJT log. Thanks in advance for your help!

Attached Files



BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:08:28 AM

Posted 23 May 2009 - 04:46 PM

Hello Megaman1076,

Posted Image

I notice that you have Spybot's TeaTimer running. While this is normally a wonderful tool to protect against hijackers, it can also interfere with the fixes. So please disable TeaTimer by doing the following:
1) Run Spybot-S&D
2) Go to the Mode menu, and make sure "Advanced Mode" is selected
3) On the left hand side, choose Tools -> Resident
4) Uncheck "Resident TeaTimer" and OK any prompts

You can reenable TeaTimer once your system is clean.

Please run HijackThis! and click "Scan." Place checks next to the following entries, if present:

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - (no file)
O9 - Extra button: Corel Network monitor worker - {8B5CEA66-3382-4681-A4FD-36B01229CB8B} - (no file)
O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {8B5CEA66-3382-4681-A4FD-36B01229CB8B} - (no file)
O9 - Extra button: Corel Network monitor worker - {8B5CEA66-3382-4681-A4FD-36B01229CB8B} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Corel Network monitor worker - {8B5CEA66-3382-4681-A4FD-36B01229CB8B} - (no file) (HKCU)
O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)


Close all browsers and other windows except for HijackThis!, and click "Fix checked".

Reboot your computer.

Click Start Menu > Run > type (or copy and paste)

%SystemRoot%\System32\restore\rstrui.exe

Press OK. Choose Create a Restore Point then click Next. Name it ( something you'll remember) and click Create, when the confirmation screen shows the restore point has been created click Close.

Next goto Start Menu > Run > type

cleanmgr

Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created.

To close Disk Cleanup and remove the Temporary Internet Files detected in the initial scan click OK then choose Yes on the confirmation window.

In your reply, please post a new HijackThis log and let me know if the problem persists. :thumbup2:

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 Megaman1076

Megaman1076
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:28 AM

Posted 23 May 2009 - 11:08 PM

Here is the most recent log

Attached Files



#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:08:28 AM

Posted 24 May 2009 - 02:09 PM

Hello there,

How is it today? Has the problem stopped please? :thumbup2:

tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 Megaman1076

Megaman1076
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:28 AM

Posted 25 May 2009 - 11:47 PM

I rescanned my cpu with McAfee and it still finds the coolwebsearch. The other is gone and Malwarebytes does not find anything.

#6 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:08:28 AM

Posted 09 June 2009 - 11:41 PM

Hello,

I apologize for my abrupt departure. :thumbup2: I've been fighting an infection and it hasn't been pleasant. If you still need help, please let me know. Otherwise I'll close the thread out as solved in the next few days. :)

Thank you for understanding,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#7 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:08:28 AM

Posted 21 June 2009 - 01:02 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users