Jump to content

Coolwebsearch trojan


mob
 Share

Recommended Posts

I've been dealing with a nasty new variant of the CoolWebSearch hijacker (switches your homepage, spits out random RAM-eating tasks, NEVER DIES) and after running a scan in AdAware6.0 I found that several .exe files in Canadian Ops and HX4 were removed because they were "droppers" for some malicious nasty.

My games are on a different hard drive from Windows, and this is the first time I've seen evidence of infection on the game HD.

Anyone else had this sort of experience? Is my anti-spyware/virus scan falsely identifying mod files as destructive? I don't want to delete my mods! Help!

Edited by mob
Link to comment
Share on other sites

download spybot search and destroy (immunize) and CWShredder. Also download "winpatrol" which will allow you to stop anything from being added to your startup without you being prompted.

edit: if you cant find CWShredder (a program written specifically to deal with cool web search) or where to download the other products, drop me a pm. (i'd post links here but i dont think the mods like links to warez in public posts :thumbsup: ).

Edited by Kewl
Link to comment
Share on other sites

At my parents computer i frequently duelled with CoolWebSearch, till now still lost every fight. Its really a big pain and im at the point of a clean sys install.

As for your question; you can consider the .exe files in your mod folder save. The exe's you referring to are probably selfextracting zip files, these files are on the not list of antisy/virusscanners. You can unselect your games-drive from scanning in your antivirus/spy programs to prevent deleting by these programs. Beware that other malicious files on these drives arent deleted too.

Link to comment
Share on other sites

I have used Adware for the past six months and I have finally found something better. Pest Patrol by the company that makes Zone Alarm. You have to pay for it, but it found 80 spyware objects that Adawre did not find. HiJack This is also an awesome program. BTW...you should download the windows meesenger plugin for Adaware and make sure Windows Messenger is stopped.

Edited by Cobra6
Link to comment
Share on other sites

Thanks alot for the tips (i love all ya gr.net folk ***except SF poseurs***). But I've run CWShredder, AdAware, Norton, F-Protect, Spybot, and am checking out PestPatrol. And it ALWAYS...............COMES.................BACK. I have found and destroyed many files and registry entries, but it seems that some little speck remains that replenishes the computer with various nasties, most all CW-related. The CWShredder site had an update, asking people not to beg for solutions to my problems because the author as yet hasn't found one (apologies if that has changed). My friend had the same kind of problems a couple months back and eventually just formatted his hard drive. Ouch.

I should mention the computer is running win98, norton and F-prot constant protection.

So far this looks like a stumper. It would be shame to have to get a new computer, with a 4 gig chip, and a GeForce whatever-the-number-is-now, and a plasma screen, ...... :shifty:

Link to comment
Share on other sites

I have used Adware for the past six months and I have finally found something better. Pest Patrol by the company that makes Zone Alarm.

Did you update it... Adaware can be updated via the check updates above the start button for free. It usually gets about 80 more or so then the non updated. The version 6 you download does not have the latest updates. there is one released about every week. Also adaware has a pro version which will monitor installs and show all processes running on your pc, with the file location and i think registry if i remember correctly.

Link to comment
Share on other sites

Thanks alot for the tips (i love all ya gr.net folk ***except SF poseurs***). But I've run CWShredder, AdAware, Norton, F-Protect, Spybot, and am checking out PestPatrol. And it ALWAYS...............COMES.................BACK. I have found and destroyed many files and registry entries, but it seems that some little speck remains that replenishes the computer with various nasties, most all CW-related. The CWShredder site had an update, asking people not to beg for solutions to my problems because the author as yet hasn't found one (apologies if that has changed). My friend had the same kind of problems a couple months back and eventually just formatted his hard drive. Ouch.

I should mention the computer is running win98, norton and F-prot constant protection.

So far this looks like a stumper. It would be shame to have to get a new computer, with a 4 gig chip, and a GeForce whatever-the-number-is-now, and a plasma screen, ...... :shifty:

use what I told you......Hijack This

Link to comment
Share on other sites

Thanks alot for the tips (i love all ya gr.net folk ***except SF poseurs***). But I've run CWShredder, AdAware, Norton, F-Protect, Spybot, and am checking out PestPatrol. And it ALWAYS...............COMES.................BACK. I have found and destroyed many files and registry entries, but it seems that some little speck remains that replenishes the computer with various nasties, most all CW-related. The CWShredder site had an update, asking people not to beg for solutions to my problems because the author as yet hasn't found one (apologies if that has changed).  My friend had the same kind of problems a couple months back and eventually just formatted his hard drive. Ouch.

I should mention the computer is running win98, norton and F-prot constant protection.

So far this looks like a stumper. It would be shame to have to get a new computer, with a 4 gig chip, and a GeForce whatever-the-number-is-now, and a plasma screen, ......  :shifty:

use what I told you......Hijack This

hijack this just lists, it doesnt actually fix anything.

Link to comment
Share on other sites

Hijack this is a class program, thou as Kewl has kinda demonstrated you need to be quite a clever PC user, what you do Kewl is, say you have your list, and at the top is www.ghostrecon.net once you press scan and lots of other stuff, and say you see one called, SPYWARE.exe you click the check box then click fix selected and it deletes it and your all clean :D

Link to comment
Share on other sites

Hijack this is a class program, thou as Kewl has kinda demonstrated you need to be quite a clever PC user, what you do Kewl is, say you have your list, and at the top is www.ghostrecon.net once you press scan and lots of other stuff, and say you see one called, SPYWARE.exe you click the check box then click fix selected and it deletes it and your all clean :D

Agreed. You just have to be careful using it and other programs (learned this the hard way as i deleted too much from the registry and had to reinstall windows; on the plus side my computer had never been so "clean").

Link to comment
Share on other sites

Hijack this is a class program, thou as Kewl has kinda demonstrated you need to be quite a clever PC user, what you do Kewl is, say you have your list, and at the top is www.ghostrecon.net once you press scan and lots of other stuff, and say you see one called, SPYWARE.exe you click the check box then click fix selected and it deletes it and your all clean :D

Agreed. You just have to be careful using it and other programs (learned this the hard way as i deleted too much from the registry and had to reinstall windows; on the plus side my computer had never been so "clean").

if your browser has been hijacked., and you use hijack this it will show you the url and or IP address of the site your hijacked browser is pointed to.

all you have to do is check the boxes and click fix it. it will remove the hijacker from your browser.

also you might want to run msconfig and see what programs are listed under startup. sometimes hijackers are in there too.

if you need some realtime help with hijack this, contact me and we can do it together.

there are certain websites that Ive .......searched :whistle: .......and quite often those sites hijack my browser and I always use hijack this to fix it.

Link to comment
Share on other sites

If you go to this website: http://forums.spywareinfo.com/ you will find out why the CWS hijacker keeps coming back, and a semi-complicated way of removing it. I did just recently manage to get rid of it myself by using the CWShredder tool as well as Adaware and finally A2 scanner. A2 scanner is a free trojan remover that i would suggest you give a try. (worked for me anyhoo).

Link to comment
Share on other sites

coolwebsearch is NO match for HijackThis !! trust me on this guys, at one point, my browser was getting hijacked at least once a week. HijackThis always fixes the problem.

check your common files folder and see if there is a file in there svchost.exe that too is a hijacker.

Link to comment
Share on other sites

You could also search for and download a program called "Spyware Blaster" (put that into your search engine - you'll easily find teh programs' home site for free download).

This program actually sets a "kill-bit" which stops spyware from ever installing itself onto your system. You can also use it to lock the IE homepage to wherever you want it, just like you can with Spybot S & D !

Good stuff, eh ?

Edited by Shemyaza
Link to comment
Share on other sites

Hijack this is a class program, thou as Kewl has kinda demonstrated you need to be quite a clever PC user, what you do Kewl is, say you have your list, and at the top is www.ghostrecon.net once you press scan and lots of other stuff, and say you see one called, SPYWARE.exe you click the check box then click fix selected and it deletes it and your all clean :D

Agreed. You just have to be careful using it and other programs (learned this the hard way as i deleted too much from the registry and had to reinstall windows; on the plus side my computer had never been so "clean").

if your browser has been hijacked., and you use hijack this it will show you the url and or IP address of the site your hijacked browser is pointed to.

all you have to do is check the boxes and click fix it. it will remove the hijacker from your browser.

also you might want to run msconfig and see what programs are listed under startup. sometimes hijackers are in there too.

if you need some realtime help with hijack this, contact me and we can do it together.

there are certain websites that Ive .......searched :whistle: .......and quite often those sites hijack my browser and I always use hijack this to fix it.

Wow i downloaded hijack this and its completely different than the hijack this i used a couple months ago. The one i used a couple months ago just gave a log of running processes and some other things. Sorry if i confused anyone with my previous posts. :thumbsup:

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...