Jump to content

Cannot remove CoolWebSearch


paper

Recommended Posts

This is a very clear Log:

Logfile of HijackThis v1.99.1

Scan saved at 11:01:10, on 26/02/2006

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2800.1106)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Lin\Tool\ewido\security suite\ewidoctrl.exe

C:\WINDOWS\System32\inetsrv\inetinfo.exe

C:\WINDOWS\system32\ZONELABS\vsmon.exe

C:\WINDOWS\Explorer.EXE

C:\Lin\Tool\ZoneAlarm\zlclient.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Lin\Tool\hijackthis_199\HijackThis.exe

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Lin\Tool\PDF\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Lin\Tool\SpybotSD14\SDHelper.dll

O4 - HKLM\..\Run: [Zone Labs Client] C:\Lin\Tool\ZoneAlarm\zlclient.exe

O4 - HKLM\..\Run: [KAVPersonal50] "C:\Lin\Tool\Kaspersky\kav.exe" /minimize

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotion...canner37240.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...509/mcfscan.cab

O23 - Service: ewido security suite control - ewido networks - C:\Lin\Tool\ewido\security suite\ewidoctrl.exe

O23 - Service: kavsvc - Kaspersky Lab - C:\Lin\Tool\Kaspersky\kavsvc.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

Link to post
Share on other sites

I have run the updated ewido again and again, and unfortunately the CWS still there. This is what ewido said:

Registry: HKLM\SOFTW..\Classes\CLSID\{D2B24D87-699F-16C6-2875-242...

Infection: Adware.CoolWebSearch

Threat: High

I clicked the button in ewido to remove it but nothing happened. Until finishing the scan, the list in ewido still was

Infected objects: 6

Cleaned infections: 0

Ignored infections: 0

(note: only one CWS, the rest are TrackingCookie)

Moreover, when finished scan, the Save report and View report buttons remain grey and after a second ewido closed automatically. I just could't read any report and cannot send any report here.....Do you think the CWS made ewido not work properly?

I didn't recieve notice of your 1st response..but you are correct in that it's a very clean log...

Updated Ewido and run a full scan in SAFEMODE...fixing evertything it finds..then post the log from Ewido here next please

Link to post
Share on other sites

If all of the Examples are similar to the one you posted part of they are just old registry entries. CWShredder may well remove them or it may not..if AB and CWS won't remove them; give AdAware a shot..it's great a removning old reg entries also..run it in with the following Options

Ad-aware SE - Download - Home Page

If you have a previous version of Ad-Aware installed, during the installation of the new version you will be prompted to uninstall or keep the older version - be sure to uninstall the previous version.

After installing Ad-aware, you will be prompted to update the program and run a full scan. De-select all boxes so that it does not run.

Manually run "Ad-Aware SE Personal" and from the main screen Click on "Check for Updates Now".

Once the definitions have been updated:

Reconfigure Ad-Aware for Full Scan as per the following instructions:

  • Launch the program, and click on the Gear at the top of the start screen.
  • Under General Settings the following boxes should all be checked off: (Checked will be indicated by a green circle with a check mark in it, Un-Checked is a red circle with an X in it. If it is greyed out, those features are only available in the retail version.)
    • "Automatically save logfile"
    • Automatically quarantine objects prior to removal"
    • Safe Mode (always request confirmation)
    • Prompt to update outdated confirmation) - Change to 7 days.

    [*]Click the "Scanning" button (On the left side).

    [*]Under Drives & Folders, select "Scan within Archives"

    [*]Click "Click here to select Drives + folders" and select your installed hard drives.

    [*]Under Memory & Registry, select all options.

    [*]Click the "Advanced" button (On the left hand side).

    [*]Under "Shell Integration", select "Move deleted files to Recycle Bin".

    [*]Under "Log-file detail", select all options.

    [*]Click on the "Defaults" button on the left.

    [*]Type in the full url of what you want as your default homepage and searchpage e.g. http://www.google.com.

    [*]Click the "Tweak" button (Again, on the left hand side).

    [*]Expand "Scanning Engine" by clicking on the "+" (Plus) symbol and select the following:

    • "Unload recognized processes during scanning."
    • "Obtain command line of scanned processes"
    • "Scan registry for all users instead of current user only"

    [*]Under "Cleaning Engine", select the following:

    • "Automatically try to unregister objects prior to deletion."
    • "During removal, unload explorer and IE if necessary"
    • "Let Windows remove files in use at next reboot."
    • "Delete quarrantined objects after restoring"

    [*]Click on "Safety Settings" and select "Write-protect system files after repair (Hosts file, etc)"

    [*]Click on "Proceed" to save these Preferences.

    [*]Click on the "Scan Now" button on the left.

    [*]Under "Select Scan Mode, be sure to select "Use Custom Scanning Options".

Close all programs except ad-aware.

Click on "Next" in the bottom right corner to start the scan.

Run the Ad-Aware scan and allow it to remove everything it finds and then REBOOT - Even if not prompted to.

After you log back in, Ad-Aware may run to finalize the scan and remove any locked files that it may of found. Allow it to finish.

Link to post
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.