Spyware on my PC
 

UPDATE 12/31/2003:
I ran all of the programs that were recommended and for which information, I am very grateful. However the problem persisted so I contacted Norton Utilities and was informed that this was a brand new Trojan Horse that first showed up on 12/20/2003 and that a fix was developed on 12/23/2003. I attempted to D/L the update but my PC froze and I was unsuccessful. I was running Norton Internet Security 2001. I have now purchased Norton Internet Security 2004 at BJs for $49.99 and Norton will give me a $30 rebate - not a bad deal. I haven't loaded it in yet and will have to run the Update before using it but I am optimistic about it being able to, finally, get rid of this Trojan.

To all of you who have been so helpful - I much appreciate your input.

Major


I'm trying to get rid of a program that has taken over my Home Page on IE6 and has deleted my Favorites and has loaded my Favorites list with a long list of junk. Whever I try to access Amazon, I get redirected to this Spyware site. It is called WEBCOOLSEARCH.COM.
Is there a Shareware program that will find and destroy this Spyware? I am using Norton Internet Security complete with Firewall and have run their Scan program but I still have the Spyware.
I'd greatly appreciate any help that you can offer.

Thanks.
Major

Re: Spyware on my PC
 

You can search for viruses or that crap for free online at housecall.trendmicro.com and delete them. After that, go to c:\windows\system32\drivers\etc and open up 'hosts'. In there you should delete any lines that contain amazon in it. It wouldn't hurt to delete lines with that spyware site in it as well.

Re: Spyware on my PC
 

You should try Spybot Search & Destroy and/or Ad-Aware spyware/adware tools. You can find links to both on my Malware Information page.

What I like about the download link I found for HijackThis is that the page includes easy-to-follow instructions for first-time users.

Re: Spyware on my PC
 

Hi

Download and run this program :- (it deals specifically with the Coolwebsearch hijacker)

http://www.merijn.org/files/cwshredder.zip

Then if you are still having problems.......

Please Download hijackthis from

http://www.merijn.org/files/hijackthis.zip

Unzip, doubleclick HijackThis.exe, and hit "Scan".

After the scan has finished the "scan" button will turn into a "save log" button

save the log file and paste it here

Do not delete anything yet, as most things hijackthis finds are harmless and needed.

steam

Re: Spyware on my PC
 

download ad-aware 6 and let it scan your entire machine

Re: Spyware on my PC
 

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Utilities\NPROTECT.EXE
C:\Program Files\Speed Disk\nopdb.exe
C:\windows\System32\svchost.exe
C:\windows\System32\MsPMSPSv.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Yahoo!\Messenger\YPager.exe
C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE
C:\WINDOWS\system32\osk.exe
C:\WINDOWS\system32\MSSWCHX.EXE
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Windows NT\Accessories\wordpad.exe
C:\windows\explorer.exe
C:\Documents and Settings\Rey\My Documents\Downloads\Video\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/ymsgr/...ch/search.html
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_3_7_0.dll
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - C:\PROGRA~1\FRESHD~1\FRESHD~1\fdcatch.dll
O2 - BHO: (no name) - {BCF96FB4-5F1B-497B-AECC-910304A55011} - C:\windows\hh.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\windows\System32\msdxm.ocx
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\windows\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [wcmdmgr] C:\RECYCLER\S-1-5-21-790525478-1580436667-1202660629-1010\Dc398\backup\1.6.0.037\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\windows\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\windows\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [spynuker_download] C:\WINDOWS\Downloaded Program Files\SpywareNukerInstaller.exe
O4 - Global Startup: Norton System Doctor.lnk = C:\Program Files\Norton Utilities\SYSDOC32.EXE
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\PROGRA~1\INTERN~2\IEExt.htm
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: ConferenceRoom Java Client - http://irc.chatpr.com:8000/java/cr.cab
O16 - DPF: Yahoo! Chat - http://cs7.chat.sc5.yahoo.com/c381/chat.cab
O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/game...ts/y/kt3_x.cab
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/game...ts/y/ct1_x.cab
O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/game...s/y/dot2_x.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O17 -