Spyware on my PC

Question

Major 0 Newbie Poster

20 Years Ago

UPDATE 12/31/2003:
I ran all of the programs that were recommended and for which information, I am very grateful. However the problem persisted so I contacted Norton Utilities and was informed that this was a brand new Trojan Horse that first showed up on 12/20/2003 and that a fix was developed on 12/23/2003. I attempted to D/L the update but my PC froze and I was unsuccessful. I was running Norton Internet Security 2001. I have now purchased Norton Internet Security 2004 at BJs for $49.99 and Norton will give me a $30 rebate - not a bad deal. I haven't loaded it in yet and will have to run the Update before using it but I am optimistic about it being able to, finally, get rid of this Trojan.

To all of you who have been so helpful - I much appreciate your input.

Major

I'm trying to get rid of a program that has taken over my Home Page on IE6 and has deleted my Favorites and has loaded my Favorites list with a long list of junk. Whever I try to access Amazon, I get redirected to this Spyware site. It is called WEBCOOLSEARCH.COM.
Is there a Shareware program that will find and destroy this Spyware? I am using Norton Internet Security complete with Firewall and have run their Scan program but I still have the Spyware.
I'd greatly appreciate any help that you can offer.

Thanks.
Major

web-browsers

6 Contributors
5 Replies
166 Views
1 Week Discussion Span
Latest Post 20 Years Ago Latest Post by setokaiba

All 5 Replies

TallCool1 81 Practically a Posting Shark

20 Years Ago

I'm trying to get rid of a program that has taken over my Home Page on IE6 and has deleted my Favorites and has loaded my Favorites list with a long list of junk. Whever I try to access Amazon, I get redirected to this Spyware site. It is called WEBCOOLSEARCH.COM.

You should try Spybot Search & Destroy and/or Ad-Aware spyware/adware tools. You can find links to both on my Malware Information page.

What I like about the download link I found for HijackThis is that the page includes easy-to-follow instructions for first-time users.

steamwiz 29 Junior Poster in Training

20 Years Ago

Hi

Download and run this program :- (it deals specifically with the Coolwebsearch hijacker)

http://www.merijn.org/files/cwshredder.zip

Then if you are still having problems.......

Please Download hijackthis from

http://www.merijn.org/files/hijackthis.zip

Unzip, doubleclick HijackThis.exe, and hit "Scan".

After the scan has finished the "scan" button will turn into a "save log" button

save the log file and paste it here

Do not delete anything yet, as most things hijackthis finds are harmless and needed.

steam

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

sa_shadow 0 Newbie Poster · Answer 1 · 2003-12-29T04:18:16+00:00

You can search for viruses or that crap for free online at housecall.trendmicro.com and delete them. After that, go to c:\windows\system32\drivers\etc and open up 'hosts'. In there you should delete any lines that contain amazon in it. It wouldn't hurt to delete lines with that spyware site in it as well.

viperman224 18 Junior Poster · Answer 2 · 2003-12-31T09:41:19+00:00

download ad-aware 6 and let it scan your entire machine

setokaiba 0 Light Poster · Answer 3 · 2004-01-07T05:26:57+00:00

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Utilities\NPROTECT.EXE
C:\Program Files\Speed Disk\nopdb.exe
C:\windows\System32\svchost.exe
C:\windows\System32\MsPMSPSv.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Yahoo!\Messenger\YPager.exe
C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE
C:\WINDOWS\system32\osk.exe
C:\WINDOWS\system32\MSSWCHX.EXE
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Windows NT\Accessories\wordpad.exe
C:\windows\explorer.exe
C:\Documents and Settings\Rey\My Documents\Downloads\Video\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/ymsgr/defaults/sb/*http://www.yahoo.com/ext/search/search.html
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_3_7_0.dll
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - C:\PROGRA~1\FRESHD~1\FRESHD~1\fdcatch.dll
O2 - BHO: (no name) - {BCF96FB4-5F1B-497B-AECC-910304A55011} - C:\windows\hh.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\windows\System32\msdxm.ocx
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\windows\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [wcmdmgr] C:\RECYCLER\S-1-5-21-790525478-1580436667-1202660629-1010\Dc398\backup\1.6.0.037\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\windows\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\windows\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [spynuker_download] C:\WINDOWS\Downloaded Program Files\SpywareNukerInstaller.exe
O4 - Global Startup: Norton System Doctor.lnk = C:\Program Files\Norton Utilities\SYSDOC32.EXE
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\PROGRA~1\INTERN~2\IEExt.htm
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: ConferenceRoom Java Client - http://irc.chatpr.com:8000/java/cr.cab
O16 - DPF: Yahoo! Chat - http://cs7.chat.sc5.yahoo.com/c381/chat.cab
O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/games/clients/y/kt3_x.cab
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct1_x.cab
O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/games/clients/y/dot2_x.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 -

Spyware on my PC

Recommended Answers Collapse Answers

All 5 Replies

Recommended Answers