Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Coolwwwsearch Malware


  • Please log in to reply
5 replies to this topic

#1 hgfds

hgfds

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Location:Empire Colorado
  • Local time:10:28 AM

Posted 07 February 2007 - 04:27 PM

Hello All.
I'm running WinXP and IE7 (recently installed). All Windows Updates were installed prior to infection.

I've been infected by malware. I have used about ten on-line virus scans and spyware removal programs since January 28 to no avail.

My best guess is that the name of this malware is: CoolWWWSearch.
Aff.Winshow.
It hijacks my Home Page, changes system settings, redirects me to web sites, etc.,etc.

I read that malware named CoolWebSearch has been around since 2005 and has gone through two dozen versions. I'm guessing CoolWWW.Search is the latest variation.

I read on Microsoft's Sandi's Site that I can post HijackThis logs to this forum for examination. That would be great.

I hope I have given you enough information. Just reply to this post or email me if I've forgotten something.
Any advice you can give me will be greatly appreciated 'cause, frankly, I'm out of ideas!

Thanks,
Bob

BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,420 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:10:28 AM

Posted 07 February 2007 - 06:29 PM

You can post a Hijack This log in the appropriate forum by following the directions in the link below.
http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/
Welcome to Bleeping Computer!!
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,538 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:28 AM

Posted 07 February 2007 - 10:59 PM

Have you ran CWShredder yet. Try it ONLY if you haven't posted the log as suggested by buddy215.
http://www.intermute.com/spysubtract/cwshr...r_download.html

Click the stand alone version
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,954 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:28 AM

Posted 08 February 2007 - 10:24 AM

fozzie asked me about recommending CWShredder in this thread yesterday but I thought the OP wanted to post a hijackthis log. Since buddy215 posted the instructions and hgfds has not posted a log let me point out that CWShredder is now owned by TrendMicro and has not been as effective as prior versions released by its original author. There also have been reports of it giving false positives. You can download an archive of CWShredder 1.59.1 (last version by Merijn) which will take care of all the classic CWS versions. When launching the program, don't click on "Check for update" as you want to use this version, not a newer one. For more recent CWS infections you should download and use About:Buster.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 hgfds

hgfds
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Location:Empire Colorado
  • Local time:10:28 AM

Posted 08 February 2007 - 12:40 PM

Thanks everyone!!

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,954 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:28 AM

Posted 08 February 2007 - 12:53 PM

Your welcome. Post back if you continue to have problems or follow the instructions for posting a hijackthis log.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users