It deletes the HOSTS file.

Where is it discussed these days?

Hi yokenny,

The version that did that has been pulled and replaced by a new one.
At least, that is my understanding.

Regards,

Pieter

The URLs that I have

http://216.180.233.153/~merijn/files/CWShredder.exe
http://www.merijn.org/files/cwshredder.zip
http://www.spywareinfoforum.com/~merijn/files/cwshredder.zip
http://www.lurkhere.com/~nicefiles/cwshred15.zip

Either don't work or give the same version.

Try this link once

http://www.computercops.biz/zx/phoenix22/cws.zip

see if that helps

thx

I just got cwshredder 1.52.1 here:

http://www.spywareinfoforum.com/~merijn/files/cwshredder.zip

Hope this helps.

Daym, with all this DDoSing going around I need to have an intravenous of coffee instead of sipping it. :o

Looks like it worked but CWShredder changed my HOSTS file and all I have in there are 127.0.0.1 entries. I'll see if I can figure out why it changed it.

I use FileChecker to monitor the HOSTS file and it is doing its job well. :)

Edit: The spywareinfo reference does not work for me.

http://www.wilderssecurity.com/attachments/cwshredder1521.zip

I ran Fix from the 1.52 CWShredder yesterday 2/29 and it came up with the info in screen shot. Took my HOSTS file down to 0 also. I appreciate the heads up on this as I wouldn't have been able to access Merijn's site without entries in my HOSTS file. Not sure if there is a connection between the screen shot and the empty HOSTS file, but seems there probably is to me.

Thanks for this thread! After running CWSshredder yesterday, NAV refused to scan email. After finding this thread I, too, discovered that my HOSTS file had been zeroed. I just replaced it with a backup I'd made awhile back and now it's time to see if this fixed Norton.

Hey, it worked! It would be nice if CWSshredder warned of HOSTS being wiped before doing so.

never make the mistake of typing

xxx.Merijn.com

instead of typing

www.Merijn.org

Takes you right to some site trying to leach of Merijn. In fact to avoid this you may want to add a line to your hosts file since I am pretty sure that my short inadvertant visit there has infected me with CWS malware once again!

# Sites that try to leach of WWW.Merijn.org
127.0.0.1 xxx.privacymachine.com/

as you can see I decided to organize a section for my my additions to my host file for the rippoff CWS sites that I come accross. I base my assumption that it is a leach site on the fact that it appears to be leaching off Merijn.org, and appeared to route me to another sleazy site. I could be wrong. Use your best judgement.

- HandsOff

P.S. - I realize i should use wilders links for CWShreader, and HijackThis,
I just wanted to see what would happen...NOW I KNOW!!!


disabled those two links just to be on the safe side - Detox

Unless you actually believe yourself to be infected with CoolWebSearch (which should be rather obvious if it's happening) - you really shouldn't be running CWS every time a new version comes out.

You should only be using the "Scan Only" button, and comparing results to what it's been showing in that field prior to the latest update.

Even should you find something new or unusual in that "Scan Only" results screen, it wouldn't be a bad idea to wait before clicking on that "Fix" button.

Merijn is only human - he makes mistakes just like everyone else.

I'd much rather check around a little, after a new version comes out, to see whether there are any "issues" with it, rather than causing myself grief by clicking "Fix" if it's going to cause me more problems than I had to start with.

Think about it. Pete

Thank you Pete.

Want some coffee with that cookie. :)

Pieter

Thank you, Pieter, I think I will - oops, sorry, it's 'off-to-work-I go" time again.

Could you kindly place an order for 34-hour days for us, instead?

I think we'll all be needing them. pete

-{ Quote: " quoting: spy1 link=board=20;threadid=23339;start=0#msg138750 date=1078258600]
Could you kindly place an order for 34-hour days for us, instead?
" }-

I'll try. If you promise not to tell my boss about them. :D

Take care,

Pieter

To Detox: "Sorry about that chief!"

I never thought about the fact that those sites would turn into links. I was using a plain text editor and cut and pasted into the wilders forum window. I certainly appreciate your changes.

Also, excuse my ignorance one more time what must one do inorder for a web address not to be a link. I could probably insert a space or use quotes, but I mean, how do the pro's do it?

BTW - That site almost certainly was what I suspected I did a scan with spybots yesterday and was clean, but after visiting that site this morning I ran Spypbots Search and Destroy by Patrick M. Kolla, and found two (un) CoolWebSearch registry keys.

- HandsOff