Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I'm Infected With Cws.hompage


  • Please log in to reply
9 replies to this topic

#1 jetusus

jetusus

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:16 PM

Posted 07 August 2006 - 09:30 PM

did a scan with xofspyse and it came back with cgi-bin cookie and cws.homepage. can anyone help?

BC AdBot (Login to Remove)

 


#2 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:04:16 AM

Posted 08 August 2006 - 04:27 AM

Hey jetusus,
Welcome to BC,

I take it that you were not able to remove these entries with Xoftspy?
Do you have to pay for the full version to remove the spyware?
Xoftspy has a pretty murky past and is the most reputable scanner.
I would recommend that you use an alternative scanner such as adaware.
This might be able to delete the spyware for free,
The files found do not sound too serious.

Please download Ad-Aware SE Personal and install it.
If you already have Ad-Aware SE, please configure it as indicated below.
If you have a previous version of Ad-Aware, please uninstall your current version and install the newest version SE 1.06.

Run Ad-Aware, and click Check for updates now.
Select Configurations (click the Gear wheel at the top) as follows:
General Button > Safety & Settings > Check (Green) all three.
Tweak Button > Cleaning Engine > uncheck "Always try to unload modules before deletion".
Click Proceed.

To start the scan, Click > "Scan Now" at left.
Select "Search for low-risk threats".
Select "Perform full system scan".
Click "Next".

When the scan has completed, select Next.
In the Scanning Results window, select the "Critical Objects" tab.
Right-click on the screen and choose "Select all objects".
Click Next to remove the infections found, and click OK to the prompt.
Restart the computer.

Now run a scan with Xoftspy and see if they have been deleted.
David

#3 jetusus

jetusus
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:16 PM

Posted 14 August 2006 - 05:35 PM

I ran both scan and Xoftspy still came back with infected with CWS.Hompage

#4 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:04:16 AM

Posted 15 August 2006 - 03:06 AM

Please follow the guidelines in the tutorial at the link below:

How to remove CoolWebSearch with CWShredder

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,386 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:16 PM

Posted 15 August 2006 - 07:32 AM

After using the tutorial, I would also recommend that you download and run About:Buster from one of these locations:
malwarebytes.org
subratam.org
1. Extract About:Buster to your desktop or its own folder such as C:\AboutBuster.
2. Open the AboutBuster folder and double-click AboutBuster.exe to launch the program.
4. Click the "Begin Removal" button. A message box will popup saying "About Buster will not shut down all Internet Explorer windows...", click "OK" and allow the program to run. It will shut down all Explorer windows and begin to check your computer for malicious files.
5. AboutBuster will finish, indicate "Scan Completed" and open a new page. Follow the instructions for protection on that page.

Note: If you receive any error messages please open the readme file in the AboutBuster folder and follow the directions in Section II provided for correcting that error.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 jetusus

jetusus
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:16 PM

Posted 15 August 2006 - 08:37 PM

I've done everything that i've been instructed to do, and it shows clean in all applications, however when i run it through Xofspy it still shows infected with CWS.Homepage

#7 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:04:16 AM

Posted 16 August 2006 - 03:24 AM

Does it give you an exact location of the file.
I'm starting to think this might be a flase postive / orphaned entry.
Is it an infected file / registry entry etc..

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,386 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:16 PM

Posted 16 August 2006 - 06:15 AM

XoftSpy was listed on the Rogue/Suspect Anti-Spyware Products list because of concerns with false positives, questionable license terms, and the use of aggressive, deceptive advertising in the past. They were removed with a note added after taking steps to correct this. However, IMO it is not a program I would recommend using in place of others with a proven track record.

In any event, it would be helpful if you could provide the scan results or log generated that shows exactly what the program is telling you.

Edited by quietman7, 16 August 2006 - 06:16 AM.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 jetusus

jetusus
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:11:16 PM

Posted 18 August 2006 - 08:33 PM

here are the result of Xoftspy


Vendor Type Category Object Danger
CWS.Homepage Registry Value Adware Software\Microsoft\Internet Explorer\main\conc Severe Risk
live365 cookie File Data Miner C:\Documents and Settings\bob\Cookies\bob@live365[1].txt Low Risk
real cookie File Data Miner C:\Documents and Settings\bob\Cookies\bob@real[1].txt Low Risk

#10 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:04:16 AM

Posted 19 August 2006 - 01:35 PM

Hey there,

You can clear those two cookies by completing the following.
Close all instances of Internet Explorer .
Go to your control panel and open "Internet Options".
Click on the "General" tab.
Click the "Delete Cookies" button, then the "Delete Files" button.
When prompted, place a tick in the "Delete all offline content" box and click OK.

I think you were actually dealing with a dialer on your computer.
It's now deleted, but the registry entry remains. Should be easy to fix.

Please open notepad and and copy and paste next bold in it:
(don't forget to copy and paste REGEDIT4)

REGEDIT4

[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\conc]

Save this as "fix.reg" Choose to save as *all files and place it on your desktop.
It should look like this: Posted Image
Doubleclick on it and when it asks you if you want to merge the contents to the registry, click yes/ok.

Reboot, run Xoftspy again and let me know what it finds.
David




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users