dvk01
April 15th, 2004, 04:58 AM
as well as fixing the R1 & R0 entries
stop the running process on & delete this C:\WINDOWS\jushed32.exe
it doesn't always show in an HJT log in the O4 start ups but is normally in the running processes list
Updated information:
We have found out that this file is set to actively hide it's start up registry entry if any of these are run on the computer to make it difficult to find and remove it:
msconfig
cwshredder
hijackthis
regedit
It seems that the way to fix it is to run hijackthis, fix all the R1 & R0 entries relating to enjoy search. then open task manger, look in running processes and stop the process on jushed32.exe and then find and delete the jushed32.exe file
Also check for the existence of this file C:\Documents and Settings\All Users\Start Menu\Programs\Startup\winlogon.exe which might appear in some versions and if there delete it as well, even though cwshredder always targets that file as it is used in several other cws hijacks
then reboot and run hijackthis again and the O4 run entry for it should appear.
fix that entry in HJT, reboot again and the hijack should be gone
then run cwshredder to make sure
stop the running process on & delete this C:\WINDOWS\jushed32.exe
it doesn't always show in an HJT log in the O4 start ups but is normally in the running processes list
Updated information:
We have found out that this file is set to actively hide it's start up registry entry if any of these are run on the computer to make it difficult to find and remove it:
msconfig
cwshredder
hijackthis
regedit
It seems that the way to fix it is to run hijackthis, fix all the R1 & R0 entries relating to enjoy search. then open task manger, look in running processes and stop the process on jushed32.exe and then find and delete the jushed32.exe file
Also check for the existence of this file C:\Documents and Settings\All Users\Start Menu\Programs\Startup\winlogon.exe which might appear in some versions and if there delete it as well, even though cwshredder always targets that file as it is used in several other cws hijacks
then reboot and run hijackthis again and the O4 run entry for it should appear.
fix that entry in HJT, reboot again and the hijack should be gone
then run cwshredder to make sure