Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


questions about ridding my pc of CWS_NS3 Hijacker

  • Please log in to reply
1 reply to this topic

#1 pcquestions


  • Members
  • 1 posts
  • Local time:08:24 PM

Posted 03 August 2005 - 05:30 PM

I've read through the 11 pages of instructions of removing this adware. Before I start the process, I have some Q's:

1. Under "Tools Needed for this fix:" there are 3 websites with downloads listed. Since I already have a new version of Spy Sweeper on my pc, can I omit the download from lavasoftusa.com that cotains the Ad-aware program to scan after the removal process is completed?

2. Re: Step 2 of the Removal Process which is to "Identify the file name and name of the malware service" Instructions are to go to Start-Control Panel-Administrative Tools-Services and then look for one of 3 services that are installed on my pc. Actually, I don't see any of these with the exact name listed in the instructions. The closest thing I have is as follows:

NT LM Security Support Provider (Note: the start-up type is Manual and path to executable field is C:\WINDOWS\System32\lsass.exe)

Workstation (Start-up type is Automatic and path to executable is C:\WINDOWS\System32\svchost.exe tc netsvcs) Actually, not sure that is a tc--it looks a little like a peculiar k??

Remote Procedure Call (RPC) Locator (Start-up type is Manual and path to exe is C:\WINDOWS\System32\locator.exe)

Remote Procedure Call (RPC) (Start-up type is not hightlighted and so cannot be changed, but is dim and says automatic. Path to exe is C:\WINDOWS\system32\svchost tc rpcss) Again, not sure this is a tc??

So, which of these is the file being used as the service and which we are to delete in Step 6?

Thanks for your help!

BC AdBot (Login to Remove)


#2 OldTimer


    Malware Expert

  • Members
  • 11,092 posts
  • Gender:Male
  • Location:North Carolina
  • Local time:09:24 PM

Posted 03 August 2005 - 05:37 PM

Hello pcquestions and welcome to the BC malware forum. In regards to your questions:

1- I can't say whether Spy Sweeper will work or not. We have not tested it with that.

2- All of the processes listed are valid windows services. Do not remove any of them.

I sould suggest that you post a HijackThis log to the forum and have a tech look at it.


I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.

Posted Image

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users