Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

CoolWWWSearch infection


  • Please log in to reply
2 replies to this topic

#1 kevguth

kevguth

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:04 AM

Posted 18 September 2005 - 11:39 AM

You guys probably cringe when you see this topic title. The reason I am posting is because I came across the following on this website and decided to do it:

Home Search Assistant / CWS_NS3 Removal / BackDoor-BDD Guide. (It was written in Oct 2004).

The entire process took a very long time. I really appreciate that somebody went throught the trouble of writing all of this down, but there are just a couple of kinks in it. Furthermore, when I was done and re-ran ad-aware personal SE and spybot at the very end (updated versions of both), both programs picked up multiple threats, and in particular spybot picked up multiple instances of CoolWWWSearch. I said "great"...

Here are the threats that still come up:
CoolWWWSearch
CoolWWWSearch.Aff.Winshow
CoolWWWSearch.Feat2DLL
CoolWWWSearch.Feat2Installer
CoolWWWSearch.HomeSearch
CoolWWWSearch.SearchKlick
CoolWWWSearch.SearchService
Klez
Trek Blue Error Nuker
Windows Security Center.AntiVirusOverride
Windows Security Center.FirewallDisableNotify



So here were the problems with the guide:
1. It doesn't mention that when you reboot your computer in safe mode, that you need networking ability to download a couple of additional files later in the process. During the process, I was forced to reboot my computer in safe mode with the networking ability in order to download said file(s).
Could this explain why I am still infected?

2. Not really a problem with the guide, but when I ran AboutBuster5:
- I was unable to update it (it wouldnt let me)
- It froze on both attempts on the same file which was "C:\WINDOWS\_default.pif:acvlm", and I could not continue the program.
Could this explain why I am still infected?

Thanks for the help.

Kevin

BC AdBot (Login to Remove)

 


#2 tg1911

tg1911

    Lord Spam Magnet


  • Members
  • 19,274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SW Louisiana
  • Local time:12:04 AM

Posted 18 September 2005 - 11:56 AM

If you're infected with CoolWWWSearch, I suggest you post a HijackThis log for examination.
A member of the HijackThis Team will show you, step by step, how to disinfect your computer.

Read How to post a HijackThis Log.
Please read, and follow, all directions carefully.

Then, run a log, and post it in the HJT forum, at this link. Do not, fix anything, yet.
A member, of the HJT Team, will help you out.
It may take a while to get a response, because the HJT Team are very busy. Please, be patient, these people are volunteers. They will help you out, as soon as possible.

NOTE:
Once you have made the post, please, DO NOT make another post in the HJT forum, until it has been responded to by a member of the HJT Team. The first thing they look for, when looking for logs to reply to, is 0 replies. If you make another post, there will be 1 reply. The team member, glancing over the replies, might assume someone is already helping you out, and will not respond. So, just make your post, and let it sit there, until a team member responds. This way you will be taken care of, in the most timely manner.
MOBO: GIGABYTE GA-MA790X-UD4P, CPU: Phenom II X4 955 Deneb BE, HS/F: CoolerMaster V8, RAM: 2 x 1G Kingston HyperX DDR2 800, VGA: ECS GeForce Black GTX 560, PSU: Antec TruePower Modular 750W, Soundcard: Asus Xonar D1, Case: CoolerMaster COSMOS 1000, Storage: Internal - 2 x Seagate 250GB SATA, 2 x WD 1TB SATA; External - Seagate 500GB USB, WD 640GB eSATA, 3 x WD 1TB eSATA

Become a BleepingComputer fan: Facebook

#3 kevguth

kevguth
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:04 AM

Posted 18 September 2005 - 12:18 PM

I appreciate the info, and I will post a HijackThis log.

On an unrelated issue, now I am unable to use my CD-rom drive....not sure if this is the appropriate forum for this question, but perhaps there is an easy fix:

syzygy.exe - Unable to Locate Component
This application has failed to start because wnaspi32.dll was not found. Re-installing the application may fix this problem.


If I download the wnaspi32.dll file, where would I extract it to? Thanks.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users