PDA

View Full Version : CoolwwwSearch...omg



CCF
13-01-2005, 04:25 PM
Just been to a friend's place and found out his computer was infected by COOLwwwSearch and Z-demon. Having being a victim myself to COOLwwwSearch I luckily still had some progammes that helped me to get rid of that nasty little spyware for once and for all. Though for some reason this COOLwwwSearch was un-like any other that I've ever came across, it does not get pick up by spyware scanners.

So far I've ran: Spybot 1.3 (updated)
Ad-aware 6 (updated)
aboutbuster (from majorgeeks.com)
cwshredder (from majorgeeks.com)
Norton AV 2003 (expired)
HijackThis
Stinger v2.4.5.1 (not the lastest, i know)

Norton AV were able to pick up several viruses, all were fixed. Ad-aware picked up nothing while Spybot 1.3 picked up 2 spywares though one of them always comes up and its not that 'DSO exploite' one, it was Z-demon. HijackThis would of helped though every time when I click on Fix it, the spyware would just reset everything back. How do I know that? because I also have that TeaTimer from Spybot that tells me when registry is being changed or not. And as for Cwshredder and aboutbuster both could not get rid of COOLwwwSearch. Because of that I went through some major folders to look for those nasty little exe that is activating all those changes in the registry. Places like Temp folder in Local Setting, System folder and System 32 folder in Windows folder, the content.ie5 folder in Temporary internet files and also some simple places like Program Files folder. Sadly I had no luck finding them.

I've also went through msconfig and the registry trying to stop and delete anything that is a spyware or part of the spyware. And now I'm in a dead end, it seems like there is nothing I can do to get rid of that COOLwwwSearch spyware and Z-demon. For reason where ever i start, using what ever programe, something will reset every back, plus I've also trying do something in Safe mode and that did not help.


It'll be nice to know if its possible to get rid of such thing. :badpc:

ninja
13-01-2005, 04:33 PM
Get CW Shredder from here http://www.intermute.com/spysubtract/cwshredder_download.html

The one on MajorGeeks is old.

FoxyMX
13-01-2005, 04:40 PM
Because of that I went through some major folders to look for those nasty little exe that is activating all those changes in the registry. Places like Temp folder in Local Setting, System folder and System 32 folder in Windows folder, the content.ie5 folder in Temporary internet files and also some simple places like Program Files folder. Sadly I had no luck finding them.

Firstly, I am not quite clear on whether you actually deleted all the contents of the temp folders and temp internet files. It is a good idea to run CCleaner (from MajorGeeks) first to get rid of all that before using the other tools.

Secondly, since Norton AV is expired, get rid of it if it is not going to be updated and get either AVG or Avast!. Alternatively or additionally you can run an online AV scanner if the PC can get on the internet OK.

You are also wasting your time running old versions of tools - you NEED the latest versions of everything. You should have Ad-Aware SE Personal 1.05 not Ad-aware 6 and you definitely need the latest version of Stinger. Grab all of the latest tools from MajorGeeks and also have a look through the forum's Spyware FAQ for more information on where to go for online scans.

FoxyMX
13-01-2005, 04:43 PM
Get CW Shredder from here http://www.intermute.com/spysubtract/cwshredder_download.html

The one on MajorGeeks is old.
Are you sure? This one (http://www.majorgeeks.com/download3019.html) looks the same to me. :confused:

Safari
13-01-2005, 04:49 PM
They seem to have two links.
http://www.majorgeeks.com/download4086.html

FoxyMX
13-01-2005, 05:05 PM
Yes, that is because InterMute, Inc. has taken over updating the program from the original author. The one Ninja and I posted to are the latest versions by InterMute, Inc. and the one you posted is the last version created by the original author of the program. It should not really be used and I am unsure why MajorGeeks still have it on their site.

CCF
15-01-2005, 11:24 AM
Sorry for replying this late, I've now downloaded the new version of CW Shredder and will try it on his computer. As for the temp folder cleaning, I used Window Washer on his computer instead of CCleaner, cause I found Window Washer is safer to use. And as for Ad-Aware SE Personal 1.05 , the reason why I didnt use that is because I found it quite buggy, it often crashes on my computer or some of its files gets corrupted for some unknown reason, thats why I went back to Ad-aware 6, plus its update still works. As for his Norton AV 2003, will it Avast or AVG be better than his curretn AV, I know Norton AV 2003 will lack in virus definitions but wouldnt its protection and function be a lot better than AVG or Avast. I have Avast and found it ok but still reckon it lacks in some part where AVG I always seem to see posts about AVG updates why is that :confused: ?

For now I'll give give that new CW Shredder and the new Stinger a try hopfully it'll get ride of some problem.

pheonix
15-01-2005, 11:55 AM
You might as well throw in Hijackthis as well.