CWshredder found the following items on my PC:
CWS.Mupdate
CWS. Msconfd
CWS.Smartsearch
CWS.Aboutblank

After running fix, the program told that the items were not present.

After rebooting, I did a new scan and the items were 'found' again.

What's going on there?

Did CWshredder remove them or not?

I can't figure it out.

Can anyone help?

Have been a bit to hasty. I would recommend posting at this site: http://www.spywareinfoforum.com , because most likely a hijackthis-log will be needed and those aren't done on Wilders anymore ( http://www.wilderssecurity.com/showthread.php?t=31835 ).

Did u try SuperAntispyware free and AVG antspyware free?

2nd to what aigle has suggested but run them both in safe mode:thumb:


The reason why CWS is failing is that it has not been updated to deal with most of the recent stuff and only dose a part job which then allows the infection to restore itself on reboot::)

Guys, thanks for the help. I got rid of them eventually. My internet connection is faulty and that's how they got in in the first place. I need a new provider. At least I discovered what was going wrong and I won't be using the old ISP anymore.

They're gone anyway after a dreadful struggle.

Thanks again folks.

Found the following suspicious file on my system:C:\WINDOWS\Alcmtr.exe. CWShredder indicates that it might be connected to Cool Web Search. Does anyone recognise it?

Upload it to virus total.

http://www.processlibrary.com/directory/files/alcmtr

-{ Quote: "Upload it to virus total" }-
A very good idea.

http://www.virustotal.com/en/indexf.html

Here's the direct url for VirusTotal service:)

Thanks for the help, guys.

Looks like C:\WINDOWS\Alcmtr.exe is not infected. Thanks again for the help.

What were the results.( don,t put a screenshot though).

Didn't get a reply yet but scanned with Avira and Kaspersky and it came out clean.

On their homepage, u can just upload the file to get results online instantly rather than sending a mail to them.

Aigle, I tried that, uploaded the file and couldn't find the scan button. Didn't like to pester people by asking again for help.

OK, here goes, how do I scan once I've loaded the file?

All I can see is a send button. I press that and nothing happens. ???

go here
http://www.kaspersky.com/scanforvirus
click browse point to the file click on it then clikc ok.
then click on the submit button
lodore

Did the Kaspersky file scan and it's come up clean...of virus at any rate. I'm more concerned about malware infection.

I think Virustotal is scanning now. I had scripts disallowed for that site.

I give up...I just can't scan it with Virustotal...phew:-[

sometimes you have to allow scripts for certain sites then refresh the page to upload files.
lodore

-{ Quote: "I think Virustotal is scanning now. I had scripts disallowed for that site." }-
U need to allow scrips for Virus total. It does not work for me in Opera( unless I allow scripts globally in Opera) but works Ok in FireFox and IE. U can try InternetExplorer.

It,s uploading file. You have to wait a bit for results, for few minutes on dial up for me and more if site load is more.

Here is another scanner

http://virusscan.jotti.org/

One more here.

http://scanner.virus.org/

Have fun!!:)

Guys, thanks again for the help. It just wouldn't work with FF. Tried it on IE and it worked a dream. No worries...the decision was unanimous, no virus found. That's a relief. I thought I might be infected. Boy, am I glad. Great suggestion! Thanks again. ;D ;D ;D

Nice to hear.

In the past few days I've learnt that CWS infections occur because of an exploit in Microsoft's Java Virtual Machine and that this can be uninstalled safely thus preventing the problem from recurring.

I'm contemplating doing so but thought I'd check here before carrying out the following procedures:
Removing MJVM
Patching the Registry
Installing Sun's JVM

I plan to use Microsoft Java Virtual Machine v1.1.4 Removal Tool.

Can anyone recommend a reliable location from which to download these tools?

Not sure if I should enact these kind of changes in the first place and I'd appreciate some good advise.

Not going to do anything hasty.

Removing MS JVM should be easy if you follow these instructions:-

http://www.java.com/en/download/help/uninstall_msvm.xml

AutoPatcher also has this option in its list to do it automatically.

dja2k