Ad:

Web Browsers Discussion Thread
Unsolved
Views: 7817

Dec 28th, 2003

Spyware on my PC

Expand Post »

UPDATE 12/31/2003:
I ran all of the programs that were recommended and for which information, I am very grateful. However the problem persisted so I contacted Norton Utilities and was informed that this was a brand new Trojan Horse that first showed up on 12/20/2003 and that a fix was developed on 12/23/2003. I attempted to D/L the update but my PC froze and I was unsuccessful. I was running Norton Internet Security 2001. I have now purchased Norton Internet Security 2004 at BJs for $49.99 and Norton will give me a $30 rebate - not a bad deal. I haven't loaded it in yet and will have to run the Update before using it but I am optimistic about it being able to, finally, get rid of this Trojan.

To all of you who have been so helpful - I much appreciate your input.

Major

I'm trying to get rid of a program that has taken over my Home Page on IE6 and has deleted my Favorites and has loaded my Favorites list with a long list of junk. Whever I try to access Amazon, I get redirected to this Spyware site. It is called WEBCOOLSEARCH.COM.
Is there a Shareware program that will find and destroy this Spyware? I am using Norton Internet Security complete with Firewall and have run their Scan program but I still have the Spyware.
I'd greatly appreciate any help that you can offer.

Thanks.
Major

Last edited by Major; Jan 1st, 2004 at 4:01 pm. Reason: Update on my Spyware Problem

Similar Threads

Mom and Pop catch teen sex paedo using spyware in Viruses, Spyware and other Nasties
A tale of sex and spyware in South Korea in Viruses, Spyware and other Nasties
GTA IV drive-by spyware warning in Viruses, Spyware and other Nasties
Zango cannot bully anti-spyware vendors into submission in Viruses, Spyware and other Nasties
Vista anti-spyware to be renamed Windows Emmental in Windows Vista and Windows 7

Major

Reputation Points: 10

Solved Threads: 1

Newbie Poster

Offline

2 posts
since Dec 2003

Permalink

Dec 28th, 2003

Re: Spyware on my PC

You can search for viruses or that crap for free online at housecall.trendmicro.com and delete them. After that, go to c:\windows\system32\drivers\etc and open up 'hosts'. In there you should delete any lines that contain amazon in it. It wouldn't hurt to delete lines with that spyware site in it as well.

sa_shadow

Reputation Points: 10

Solved Threads: 0

Newbie Poster

Offline

21 posts
since Dec 2003

Permalink

Dec 28th, 2003

Re: Spyware on my PC

Quote originally posted by Major ...

I'm trying to get rid of a program that has taken over my Home Page on IE6 and has deleted my Favorites and has loaded my Favorites list with a long list of junk. Whever I try to access Amazon, I get redirected to this Spyware site. It is called WEBCOOLSEARCH.COM.

You should try Spybot Search & Destroy and/or Ad-Aware spyware/adware tools. You can find links to both on my Malware Information page.

What I like about the download link I found for HijackThis is that the page includes easy-to-follow instructions for first-time users.

Last edited by TallCool1; Jan 3rd, 2004 at 9:53 am. Reason: To add "HijackThis" note.

TallCool1

Team Colleague

Reputation Points: 149

Solved Threads: 45

Practically a Posting Shark

Offline

865 posts
since May 2003

Permalink

Dec 30th, 2003

Re: Spyware on my PC

Hi

Download and run this program :- (it deals specifically with the Coolwebsearch hijacker)

http://www.merijn.org/files/cwshredder.zip

Then if you are still having problems.......

Please Download hijackthis from

http://www.merijn.org/files/hijackthis.zip

Unzip, doubleclick HijackThis.exe, and hit "Scan".

After the scan has finished the "scan" button will turn into a "save log" button

save the log file and paste it here

Do not delete anything yet, as most things hijackthis finds are harmless and needed.

steam

Last edited by steamwiz; Dec 30th, 2003 at 3:24 pm.

steamwiz

Reputation Points: 40

Solved Threads: 1

Junior Poster in Training

Offline

73 posts
since Oct 2003

Permalink

Dec 30th, 2003

Re: Spyware on my PC

download ad-aware 6 and let it scan your entire machine

viperman224

Reputation Points: 29

Solved Threads: 1

Junior Poster

Offline

183 posts
since Dec 2003

Permalink

Jan 6th, 2004

Re: Spyware on my PC

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Utilities\NPROTECT.EXE
C:\Program Files\Speed Disk\nopdb.exe
C:\windows\System32\svchost.exe
C:\windows\System32\MsPMSPSv.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Yahoo!\Messenger\YPager.exe
C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE
C:\WINDOWS\system32\osk.exe
C:\WINDOWS\system32\MSSWCHX.EXE
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Windows NT\Accessories\wordpad.exe
C:\windows\explorer.exe
C:\Documents and Settings\Rey\My Documents\Downloads\Video\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/ymsgr/...ch/search.html
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_3_7_0.dll
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - C:\PROGRA~1\FRESHD~1\FRESHD~1\fdcatch.dll
O2 - BHO: (no name) - {BCF96FB4-5F1B-497B-AECC-910304A55011} - C:\windows\hh.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\windows\System32\msdxm.ocx
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\windows\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [wcmdmgr] C:\RECYCLER\S-1-5-21-790525478-1580436667-1202660629-1010\Dc398\backup\1.6.0.037\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\windows\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\windows\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [spynuker_download] C:\WINDOWS\Downloaded Program Files\SpywareNukerInstaller.exe
O4 - Global Startup: Norton System Doctor.lnk = C:\Program Files\Norton Utilities\SYSDOC32.EXE
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\PROGRA~1\INTERN~2\IEExt.htm
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: ConferenceRoom Java Client - http://irc.chatpr.com:8000/java/cr.cab
O16 - DPF: Yahoo! Chat - http://cs7.chat.sc5.yahoo.com/c381/chat.cab
O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/game...ts/y/kt3_x.cab
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/game...ts/y/ct1_x.cab
O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/game...s/y/dot2_x.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O17 -

setokaiba

Reputation Points: 10

Solved Threads: 0

Light Poster

Offline

39 posts
since Jan 2004

This thread is more than three months old

No one has posted to this discussion for at least three months. Please let old threads die and do not reply to them unless you feel you have something new and valuable to contribute that absolutely must be added to make the discussion complete. Otherwise, please start a new thread in this forum instead.

Previous Thread in Web Browsers Forum Timeline: ie wont open

Next Thread in Web Browsers Forum Timeline: No e-mail pulldown default in IE6

DaniWeb Message

Cancel Changes

User Name
Password