Please support our Web Browsers advertiser: 64-bit Windows Community
Views: 7079 | Replies: 5
 |
•
•
Join Date: Dec 2003
Posts: 2
Reputation: 
Rep Power: 0
Solved Threads: 1
Newbie Poster
UPDATE 12/31/2003:
I ran all of the programs that were recommended and for which information, I am very grateful. However the problem persisted so I contacted Norton Utilities and was informed that this was a brand new Trojan Horse that first showed up on 12/20/2003 and that a fix was developed on 12/23/2003. I attempted to D/L the update but my PC froze and I was unsuccessful. I was running Norton Internet Security 2001. I have now purchased Norton Internet Security 2004 at BJs for $49.99 and Norton will give me a $30 rebate - not a bad deal. I haven't loaded it in yet and will have to run the Update before using it but I am optimistic about it being able to, finally, get rid of this Trojan.
To all of you who have been so helpful - I much appreciate your input.
Major
I'm trying to get rid of a program that has taken over my Home Page on IE6 and has deleted my Favorites and has loaded my Favorites list with a long list of junk. Whever I try to access Amazon, I get redirected to this Spyware site. It is called WEBCOOLSEARCH.COM.
Is there a Shareware program that will find and destroy this Spyware? I am using Norton Internet Security complete with Firewall and have run their Scan program but I still have the Spyware.
I'd greatly appreciate any help that you can offer.
Thanks.
Major
I ran all of the programs that were recommended and for which information, I am very grateful. However the problem persisted so I contacted Norton Utilities and was informed that this was a brand new Trojan Horse that first showed up on 12/20/2003 and that a fix was developed on 12/23/2003. I attempted to D/L the update but my PC froze and I was unsuccessful. I was running Norton Internet Security 2001. I have now purchased Norton Internet Security 2004 at BJs for $49.99 and Norton will give me a $30 rebate - not a bad deal. I haven't loaded it in yet and will have to run the Update before using it but I am optimistic about it being able to, finally, get rid of this Trojan.
To all of you who have been so helpful - I much appreciate your input.
Major
I'm trying to get rid of a program that has taken over my Home Page on IE6 and has deleted my Favorites and has loaded my Favorites list with a long list of junk. Whever I try to access Amazon, I get redirected to this Spyware site. It is called WEBCOOLSEARCH.COM.
Is there a Shareware program that will find and destroy this Spyware? I am using Norton Internet Security complete with Firewall and have run their Scan program but I still have the Spyware.
I'd greatly appreciate any help that you can offer.
Thanks.
Major
Last edited by Major : Jan 1st, 2004 at 4:01 pm. Reason: Update on my Spyware Problem
•
•
Join Date: Dec 2003
Location: sacrificed home for PC, so cardboard box
Posts: 21
Reputation:
Rep Power: 5
Solved Threads: 0
Newbie Poster
You can search for viruses or that crap for free online at housecall.trendmicro.com and delete them. After that, go to c:\windows\system32\drivers\etc and open up 'hosts'. In there you should delete any lines that contain amazon in it. It wouldn't hurt to delete lines with that spyware site in it as well.
I embrace poverty. To annoy me, send money.
•
•
Join Date: May 2003
Location: Royal Oak, Michigan
Posts: 864
Reputation:
Rep Power: 9
Solved Threads: 42
Practically a Posting Shark
•
•
•
•
Originally Posted by Major
I'm trying to get rid of a program that has taken over my Home Page on IE6 and has deleted my Favorites and has loaded my Favorites list with a long list of junk. Whever I try to access Amazon, I get redirected to this Spyware site. It is called WEBCOOLSEARCH.COM.
What I like about the download link I found for HijackThis is that the page includes easy-to-follow instructions for first-time users.
Last edited by TallCool1 : Jan 3rd, 2004 at 9:53 am. Reason: To add "HijackThis" note.
-- Michael RudasHow To Ask Questions The Smart Way (article by Eric Raymond).
Dealing with Malware
My Articles page.
My Best-of-Breed Free Software for Windows list
Other Windows- & Microsoft-related links
The Audio Tech's Page
My blog
The Oak Park Computer Club
PenguiCon 4.0 Open Source & Science Fiction convention, April 21-23, 2006.
Knoppix Linux (CD-bootable) download. information, & support.
•
•
Join Date: Oct 2003
Posts: 73
Reputation:
Rep Power: 6
Solved Threads: 1
Junior Poster in Training
Hi
Download and run this program :- (it deals specifically with the Coolwebsearch hijacker)
http://www.merijn.org/files/cwshredder.zip
Then if you are still having problems.......
Please Download hijackthis from
http://www.merijn.org/files/hijackthis.zip
Unzip, doubleclick HijackThis.exe, and hit "Scan".
After the scan has finished the "scan" button will turn into a "save log" button
save the log file and paste it here
Do not delete anything yet, as most things hijackthis finds are harmless and needed.
steam
Download and run this program :- (it deals specifically with the Coolwebsearch hijacker)
http://www.merijn.org/files/cwshredder.zip
Then if you are still having problems.......
Please Download hijackthis from
http://www.merijn.org/files/hijackthis.zip
Unzip, doubleclick HijackThis.exe, and hit "Scan".
After the scan has finished the "scan" button will turn into a "save log" button
save the log file and paste it here
Do not delete anything yet, as most things hijackthis finds are harmless and needed.
steam
Last edited by steamwiz : Dec 30th, 2003 at 3:24 pm.
•
•
Join Date: Dec 2003
Location: Rhode Island
Posts: 183
Reputation:
Rep Power: 5
Solved Threads: 1
Junior Poster
download ad-aware 6 and let it scan your entire machine
Owner/PC Technician of:
The PC Doctor
"If we can't fix it, it's just not fixable"
The PC Doctor
"If we can't fix it, it's just not fixable"
•
•
Join Date: Jan 2004
Posts: 39
Reputation:
Rep Power: 5
Solved Threads: 0
Light Poster
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Utilities\NPROTECT.EXE
C:\Program Files\Speed Disk\nopdb.exe
C:\windows\System32\svchost.exe
C:\windows\System32\MsPMSPSv.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Yahoo!\Messenger\YPager.exe
C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE
C:\WINDOWS\system32\osk.exe
C:\WINDOWS\system32\MSSWCHX.EXE
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Windows NT\Accessories\wordpad.exe
C:\windows\explorer.exe
C:\Documents and Settings\Rey\My Documents\Downloads\Video\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/ymsgr/...ch/search.html
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_3_7_0.dll
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - C:\PROGRA~1\FRESHD~1\FRESHD~1\fdcatch.dll
O2 - BHO: (no name) - {BCF96FB4-5F1B-497B-AECC-910304A55011} - C:\windows\hh.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\windows\System32\msdxm.ocx
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\windows\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [wcmdmgr] C:\RECYCLER\S-1-5-21-790525478-1580436667-1202660629-1010\Dc398\backup\1.6.0.037\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\windows\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\windows\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [spynuker_download] C:\WINDOWS\Downloaded Program Files\SpywareNukerInstaller.exe
O4 - Global Startup: Norton System Doctor.lnk = C:\Program Files\Norton Utilities\SYSDOC32.EXE
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\PROGRA~1\INTERN~2\IEExt.htm
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: ConferenceRoom Java Client - http://irc.chatpr.com:8000/java/cr.cab
O16 - DPF: Yahoo! Chat - http://cs7.chat.sc5.yahoo.com/c381/chat.cab
O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/game...ts/y/kt3_x.cab
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/game...ts/y/ct1_x.cab
O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/game...s/y/dot2_x.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O17 -
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Utilities\NPROTECT.EXE
C:\Program Files\Speed Disk\nopdb.exe
C:\windows\System32\svchost.exe
C:\windows\System32\MsPMSPSv.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Yahoo!\Messenger\YPager.exe
C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE
C:\WINDOWS\system32\osk.exe
C:\WINDOWS\system32\MSSWCHX.EXE
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Windows NT\Accessories\wordpad.exe
C:\windows\explorer.exe
C:\Documents and Settings\Rey\My Documents\Downloads\Video\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/ymsgr/...ch/search.html
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_3_7_0.dll
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - C:\PROGRA~1\FRESHD~1\FRESHD~1\fdcatch.dll
O2 - BHO: (no name) - {BCF96FB4-5F1B-497B-AECC-910304A55011} - C:\windows\hh.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\windows\System32\msdxm.ocx
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\windows\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [wcmdmgr] C:\RECYCLER\S-1-5-21-790525478-1580436667-1202660629-1010\Dc398\backup\1.6.0.037\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\windows\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\windows\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [spynuker_download] C:\WINDOWS\Downloaded Program Files\SpywareNukerInstaller.exe
O4 - Global Startup: Norton System Doctor.lnk = C:\Program Files\Norton Utilities\SYSDOC32.EXE
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\PROGRA~1\INTERN~2\IEExt.htm
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: ConferenceRoom Java Client - http://irc.chatpr.com:8000/java/cr.cab
O16 - DPF: Yahoo! Chat - http://cs7.chat.sc5.yahoo.com/c381/chat.cab
O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/game...ts/y/kt3_x.cab
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/game...ts/y/ct1_x.cab
O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/game...s/y/dot2_x.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O17 -
|
•
•
•
•
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
Linear Mode
