Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

SpyBot tells me I have "CoolWWWSearch.SmartSearch".


  • Please log in to reply
4 replies to this topic

#1 Simple Simon

Simple Simon

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NEast USA
  • Local time:10:39 PM

Posted 13 August 2005 - 02:50 PM

Hi all, running Windows XP Pro/SP2.

Yesterday I seemed not to have any malware in this computer. This morning when I switched on my MicrosoftAntispyware told me there was a new version waiting to be downloaded. I allowed it and was told I now have MSAS Beta 1, v1.0.615/definition 5745 8/12/2005

I then ran a scan and came up clean.

I next checked for updates in Spybot S&D and found there to be some available. I downloaded them and then ran a scan, and it told me I had CoolWWWSearch.SmartSearch, and MySoft. I wondered why MSAS had not seen them; I also wondered if they had come in with the MSAS upgrade.

I was able to get rid of MySoft with SpyBot and it told me it had also destroyed four (unnamed) others. But even after a couple of reboots the CoolWWWSearch.SmartSearch remains... so it says. I wonder if this is a false positive as I have no symptoms.

I then ran Ad-Aware and it saw nothing unusual. I thought it should have seen the CoolWWWSearch.SmartSearch, that is why I am wondering about the false positive.

I then downloaded some new signatures for my a-squared and ran a scan with that. It found and killed two Trace Tracking Cookies, as is its wont, but it too saw nothing of the CoolWWW.

Is there a quick way of determining if I do indeed have this intruder, without putting you to all the trouble of a Hijack This?

Or, could I get rid of it by doing a restore? I created a new restore point a little over a week ago immediately after installing and scanning with a-squared.

Thanks for any help you can offer, :thumbsup:

Edited by Simple Simon, 13 August 2005 - 02:51 PM.

- Simon

All those who believe in telekinesis raise my right hand.

BC AdBot (Login to Remove)

 


m

#2 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,146 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:02:39 AM

Posted 13 August 2005 - 03:25 PM

hi simple simon
the best thing to do, is to download and run CW Shredder from here..
CW Shredder
It will find and delete the cool web search variants.
I think this would be the best place to start, if this program finds nothing... then you may well have a false positive. But best to be safe than sorry.

BBPP6nz.png


#3 Simple Simon

Simple Simon
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NEast USA
  • Local time:10:39 PM

Posted 13 August 2005 - 09:36 PM

Starbuck that's great. Thanks a lot, I'll take it for a run in the morning.
- Simon

All those who believe in telekinesis raise my right hand.

#4 Simple Simon

Simple Simon
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NEast USA
  • Local time:10:39 PM

Posted 14 August 2005 - 08:56 AM

Hi Starbuck. I ran CW Shredder and came up clean. I then ran Ad-Aware. MSAS, and A-Squared again and they too saw nothing. Then I ran SpyBot and it was as I had suspected, it showed me exactly the same false positive. It said I had CW and MySoft and when I allowed it to "fix" things it told me it had killed MySoft and another four (unidentified) problems. It was a carbon-copy report of yesterday's so I will remove SpyBot today and download a new copy. I have had to to this twice in the last five years, it seems easily compromised.

Thanks for the assist, I will keep CW Shredder on hand. :thumbsup:
- Simon

All those who believe in telekinesis raise my right hand.

#5 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,146 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:02:39 AM

Posted 14 August 2005 - 09:28 AM

Your welcome Simple Simon
Anytime.

BBPP6nz.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users