Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Registry Question


  • Please log in to reply
31 replies to this topic

#1 killmypc

killmypc

  • Members
  • 221 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:06:43 AM

Posted 11 August 2006 - 09:05 AM

Hey ya'll,

While running the anti-spy on the Yahoo toolbar, it showed an entry at
'CURRENT USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\Media-motor.net'
Classified as Adware
Name Network1.Popups
I went to this location in the registry, and there are a few entries here that are questionable... :thumbsup:
coolwebsearch.com
cool-web-search.com
coolwebsearsh.com
coolwwwsearch.com
etc. etc.
And some with titles I'll NOT post..

What are these..are they sites that have been visited by this computer? If so...TIME for a FAMILY MEETING!
Hoping that they are blocked sites by my Anti-virus Software, etc.
Little confused here...

Thanks

BC AdBot (Login to Remove)

 


#2 Albert Frankenstein

Albert Frankenstein

  • Members
  • 2,707 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Michigan, USA
  • Local time:07:43 AM

Posted 11 August 2006 - 09:30 AM

Well, my friend, you are infected. You do not want Cool Web Search on your computer. How to remove it depends on what version you have. HERE is one link, or you can search the 'self help' forum in the security area here at BC.

Of course, this may not be all that you are infected with. And you have to wonder how you got it in the first place. Perhaps there is other bad boys on your computer, or someone downloaded something they shouldn't have, or it came into your computer in some other way.

At any rate, I think you would be wise to go the route of creating a HijackThis log and posting it in the appropriate forum here at BC. I will post instructions below in case you decide to go this route.

Good luck!
~~~~~~~~~~~~~~~~~~~~

FIRST
Read the Preparation Guide found HERE. It is very important that you follow ALL of the instructions found within. (There are many important steps in this guide that may clean your computer.)

NEXT
Post your system information along with a brief description of the problems you are having, and your HJT log in the HJT forum found HERE.

NOTE: Please, after you post your HJT log DO NOT make another post in the HJT forum until it has been responded to by a member of the HJT Team. The first thing they look for, when looking for logs to reply to, is 0 replies. If you make another post there will be 1 reply. The team member glancing over the replies might think someone is already helping you out and will not respond. So, just make your post and let it sit there until a team member responds. The volunteers who work that forum are very busy, so please be patient and wait. It can sometimes take a few days for a response. If after 5 days you still have gotten no response, then post a link to your HJT log HERE.

FINALLY
If, after finishing your work with the folks at the HJT forum you have issues with Windows related to the removal of the infection, then come to the other forums and let us help you get your computer back to normal.

You are in good hands! Good luck!
ALBERT FRANKENSTEIN
I'M SO SMART IT'S SCARY!


Currently home chillin' with the fam and my two dogs!


#3 killmypc

killmypc
  • Topic Starter

  • Members
  • 221 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:06:43 AM

Posted 11 August 2006 - 09:38 AM

Thanks AF,
I have experienced no symptoms that I am aware of... Computer runs fine, no pop ups, no home page change.
PC-Cillin, Spybot, AdAware, Defender have not come up with these... Maybe thats normal....seems odd to me..

I suppose deleting these items from the registry would be a bad idea?

I'll post it now..Thanks AF

Edited by killmypc, 11 August 2006 - 09:56 AM.


#4 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,011 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:07:43 AM

Posted 11 August 2006 - 10:58 AM

Are those entries UNDER or IN a registry folder for your anti-spyware or anit-virus programs? If so, these are the registry keys for the definition files or database of files that these programs block or look for. I freaked out at first when I saw something like that in my registry until I went up the tree and saw it was in Spybot's registry folder.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#5 killmypc

killmypc
  • Topic Starter

  • Members
  • 221 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:06:43 AM

Posted 11 August 2006 - 07:50 PM

Hey Orange Blossom,

I'm really not sure, that was something I was really hoping for....These entries are VERY similar to what you see at the bottom of Spybot when you scan and it shows you what it is looking for.... All I know is I found them after going to the registry where the Yahoo Anti-spy had pointed to a problem...then I saw all these.
I found them at:
CURRENT USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains
?????

#6 killmypc

killmypc
  • Topic Starter

  • Members
  • 221 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:06:43 AM

Posted 11 August 2006 - 07:56 PM

I'm going to check the registry on the other computer, and compare....
..
Other computer also shows same entries.....with the exception of media-motor.net which is still on other computer, but not this one....

Anyone else see anything like this?

Edited by killmypc, 11 August 2006 - 08:06 PM.


#7 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,011 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:07:43 AM

Posted 11 August 2006 - 08:06 PM

What ZoneAlarm product do you use? I suspect their free firewall?

I'm not a 100% sure, but this may be ZoneAlarm's firewall definition files. I've got ZoneAlarm Pro at home, and I'll check to see if I have keys like yours. I'll post as soon as I have found out. Please note: I am quite some distance from home right now, so it may take awhile before I get back to you on this. I'm assuming you don't have anything in

If this is the case, it would appear as if the anti-spy on the Yahoo toolbar either posts false positives like crazy or is a gimmick to try to get you to buy fishy kinds of security programs.

An important point: I know that if you had, for example coolwebsearch.com, on your system Spybot would find it in its scan as those are in its definition files.

Orange Blossom :thumbsup:

Edited by Orange Blossom, 11 August 2006 - 08:07 PM.

Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#8 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,011 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:07:43 AM

Posted 11 August 2006 - 08:08 PM

Oops! :thumbsup: I misread your post. I see it is ZoneMap not ZoneAlarm. I don't know what ZoneMap is.

Orange Blossom :cherry
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#9 killmypc

killmypc
  • Topic Starter

  • Members
  • 221 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:06:43 AM

Posted 11 August 2006 - 08:10 PM

I don't use ZoneAlarm...tried it, I couldn't make it work like I wanted. I use (below signature), and thought they were working well.... :thumbsup: :flowers:

#10 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,011 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:07:43 AM

Posted 11 August 2006 - 08:12 PM

Aha! I just found out what it is. Those files are part of the blocked sites of your anti-spyware etc.

Read this exchange from SWI forums for more information on this.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#11 killmypc

killmypc
  • Topic Starter

  • Members
  • 221 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:06:43 AM

Posted 11 August 2006 - 08:14 PM

:thumbsup: :flowers: I just Googled it also... :inlove: :cool:
was reading when mail alert came in.....BIG SIGH..... :trumpet:

#12 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,011 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:07:43 AM

Posted 11 August 2006 - 08:27 PM

I'll second that!! :thumbsup: Isn't it great to get GOOD news?

Orange Blossom :flowers:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#13 killmypc

killmypc
  • Topic Starter

  • Members
  • 221 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:06:43 AM

Posted 11 August 2006 - 08:35 PM

Now I guess I need to figure out the best way to get the entry that I deleted With the Yahoo Anti-spy back in there.....I won't use it anymore :thumbsup:

#14 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,011 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:07:43 AM

Posted 11 August 2006 - 08:50 PM

Plan 1: open system restore and choose a restore point just before you removed that item. This should restore the item you deleted.

If that doesn't work:

Plan 2: update each security system one-by-one and see if it will replace what you deleted.

If that doesn't work:

Plan 3 (which hopefully won't be necessary): One at a time, uninstall and reinstall each security program. I'd suggest that you download the security programs to a disk before uninstalling any of them, then disconnect from the internet, shut down the security program in question, and restart into safe mode by hitting on the F8 key repeatedly just as windows starts to load up. Use the cursur keys on the keyboard to get to safe mode. Choose the one without internet connection. It will look a little strange, but that's okay. Now uninstall the program since you are in safe mode, none of the security program should be running making for a clean uninstall. Reboot into normal mode, then install the newly downloaded program and update it. I trust you have any registration keys you need for the programs? It will require a lot of restarting, but I think it's safer to do them one at a time.

I fervently hope Plan 1 works.

Good luck,

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#15 killmypc

killmypc
  • Topic Starter

  • Members
  • 221 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:06:43 AM

Posted 11 August 2006 - 09:16 PM

What about 'Restore' on the Yahoo Anti-Spy scanner... Will restoring the entry from there do any good?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users