954,170 Members — Technology Publication meets Social Media
Username:
Password:
Lost login information?
Have something to say? Contribute New Article Reply to this Article
8 Years Ago
0

Spyware on my PC

UPDATE 12/31/2003:
I ran all of the programs that were recommended and for which information, I am very grateful. However the problem persisted so I contacted Norton Utilities and was informed that this was a brand new Trojan Horse that first showed up on 12/20/2003 and that a fix was developed on 12/23/2003. I attempted to D/L the update but my PC froze and I was unsuccessful. I was running Norton Internet Security 2001. I have now purchased Norton Internet Security 2004 at BJs for $49.99 and Norton will give me a $30 rebate - not a bad deal. I haven't loaded it in yet and will have to run the Update before using it but I am optimistic about it being able to, finally, get rid of this Trojan.

To all of you who have been so helpful - I much appreciate your input.

Major


I'm trying to get rid of a program that has taken over my Home Page on IE6 and has deleted my Favorites and has loaded my Favorites list with a long list of junk. Whever I try to access Amazon, I get redirected to this Spyware site. It is called WEBCOOLSEARCH.COM.
Is there a Shareware program that will find and destroy this Spyware? I am using Norton Internet Security complete with Firewall and have run their Scan program but I still have the Spyware.
I'd greatly appreciate any help that you can offer.

Thanks.
Major

Major
Newbie Poster
2 posts since Dec 2003
Reputation Points: 10
Solved Threads: 1
 
8 Years Ago
0

You can search for viruses or that crap for free online at housecall.trendmicro.com and delete them. After that, go to c:\windows\system32\drivers\etc and open up 'hosts'. In there you should delete any lines that contain amazon in it. It wouldn't hurt to delete lines with that spyware site in it as well.

sa_shadow
Newbie Poster
21 posts since Dec 2003
Reputation Points: 10
Solved Threads: 0
 
8 Years Ago
0
I'm trying to get rid of a program that has taken over my Home Page on IE6 and has deleted my Favorites and has loaded my Favorites list with a long list of junk. Whever I try to access Amazon, I get redirected to this Spyware site. It is called WEBCOOLSEARCH.COM.


You should trySpybot Search & Destroy and/or Ad-Aware spyware/adware tools. You can find links to both on my Malware Information page.

What I like about the download link I found for HijackThis is that the page includes easy-to-follow instructions for first-time users.

TallCool1
Practically a Posting Shark
Team Colleague
865 posts since May 2003
Reputation Points: 149
Solved Threads: 45
 
8 Years Ago
0

Hi

Download and run this program :- (it deals specifically with the Coolwebsearch hijacker)

http://www.merijn.org/files/cwshredder.zip

Then if you are still having problems.......

Please Download hijackthis from

http://www.merijn.org/files/hijackthis.zip

Unzip, doubleclick HijackThis.exe, and hit "Scan".

After the scan has finished the "scan" button will turn into a "save log" button

save the log file and paste it here

Do not delete anything yet, as most things hijackthis finds are harmless and needed.

steam

steamwiz
Junior Poster in Training
73 posts since Oct 2003
Reputation Points: 40
Solved Threads: 1
 
8 Years Ago
0

download ad-aware 6 and let it scan your entire machine

viperman224
Junior Poster
183 posts since Dec 2003
Reputation Points: 29
Solved Threads: 1
 
8 Years Ago
0

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Utilities\NPROTECT.EXE
C:\Program Files\Speed Disk\nopdb.exe
C:\windows\System32\svchost.exe
C:\windows\System32\MsPMSPSv.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Yahoo!\Messenger\YPager.exe
C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE
C:\WINDOWS\system32\osk.exe
C:\WINDOWS\system32\MSSWCHX.EXE
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Windows NT\Accessories\wordpad.exe
C:\windows\explorer.exe
C:\Documents and Settings\Rey\My Documents\Downloads\Video\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/ymsgr/defaults/sb/*http://www.yahoo.com/ext/search/search.html
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_3_7_0.dll
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - C:\PROGRA~1\FRESHD~1\FRESHD~1\fdcatch.dll
O2 - BHO: (no name) - {BCF96FB4-5F1B-497B-AECC-910304A55011} - C:\windows\hh.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\windows\System32\msdxm.ocx
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\windows\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [wcmdmgr] C:\RECYCLER\S-1-5-21-790525478-1580436667-1202660629-1010\Dc398\backup\1.6.0.037\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\windows\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\windows\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [spynuker_download] C:\WINDOWS\Downloaded Program Files\SpywareNukerInstaller.exe
O4 - Global Startup: Norton System Doctor.lnk = C:\Program Files\Norton Utilities\SYSDOC32.EXE
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\PROGRA~1\INTERN~2\IEExt.htm
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: ConferenceRoom Java Client - http://irc.chatpr.com:8000/java/cr.cab
O16 - DPF: Yahoo! Chat - http://cs7.chat.sc5.yahoo.com/c381/chat.cab
O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/games/clients/y/kt3_x.cab
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct1_x.cab
O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/games/clients/y/dot2_x.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 -

setokaiba
Light Poster
39 posts since Jan 2004
Reputation Points: 10
Solved Threads: 0
 

This article has been dead for over three months

Post: Markdown Syntax: Formatting Help
You
View similar articles that have also been tagged:
 
© 2012 DaniWeb® LLC
Home | About Us | Contact Us | Terms of Service | Advertising Opportunities
RSS Feed RSS Feed