for some reason I can't start a thread in the addware spyware and hijack cleaning forum so I've come here

"One other thing, it seems I might have a problem with coolwwwsearch as occasionally ZA is catching a connection attempt (routed to 127~, loopback right?), any recommendations on dealing with that? I ran spysweeper 3.5 without success. Currently I'm using a cloned backup that hasn't had spysweeper installed."


update to my coolwwsearch prob.

ran f-prot for dos with updates and full options (was not slow btw)-nadda

ran Pepi's smartkiller, older version though for cool~ v1 and v2-nadda
ran cwshredder-nadda

installed avast free and ran-nadda

have had one more instance of ZA catching outbound destination coolwwsearch

will of course try latest smartkiller, is there any diff. to prog?
what else might I try?
-I left Tea Timer running S&Dv1.3 (does the 1.4dl now include latest engine and det. files?)
I also wonder if MS sec updates for 98 might be causing issue for any of these progs.

try an online scan at trendmicro.com they have the coolweb detection in the scan for spyware. hope that catches it.

If nothing works :

Download HijackThis v1.99.1 from this link :
http://www.spywareinfoforum.com/~merijn/downloads.html

Install it in a separate folder, run it and copy/paste your HijackThis Log + a description of the problem and what you already tried to solve it at this Malware forum :
http://www.spywareinfoforum.com/
Subforum "Malware Removal" and wait for a qualified helper.

PS: Wilders Security Forum doesn't solve HijackThis Logs anymore according my readings.

you need "aboutbuster.exe" google for it. It is free. There is also something called CWShredder at the free Trend online virus scan site.

It (aboutbuster) kicked the hell out of coolwebsearch for me. I also risked my neck and removed everything that I did not recognize with Hijackthis. It worked.

I was almost going crazy because of this evil program. Coolwebsearch is horrible. I hope the author gets a nasty case of something.

I myself found this little spyware or whatever it is on my pc today - I just tried scanning with Panda's online scanner because my pc was all weird and slow. It found it, but of course couldnt remove it...

Ewido didn't find anything
Ad-Aware didn't find anything
Spybot didn't find anything

I'll try aboutbuster (http://www.bleepingcomputer.com/files/aboutbuster.php)

Yep aboutbuster.exe removes also CWS, but CWS has SO MANY variations.
I hope aboutbuster.exe is able to remove that specific CWS-variant.
Download aboutbuster from the original homepage :
http://www.malwarebytes.biz/index.php?page=downloads

Well this sucks... Panda still finds it, can't remove it.
Aboutbuster didn't find anything (I updated prior to scan)

Post a HJT log over here,

http://gladiator-antivirus.com/forum/index.php?showforum=170

and the experts there will help u get rid of it. ;) ;D


snowbound

And CWShredder didn't find anything either .. :lurking:

Hi Brian,

If you have CWS you may like to have a look over on here, and see if it helps.

Detection for new CWS variant yet????
http://www.dslreports.com/forum/remark,14093526


StevieO

Bah wish there was a boclean trial :) Looks like it can beat this nasty one.

Man this is weird...
Panda ActiveScan detects it, but none of their apps does... 05 and 06 beta detects nothing.

Thanks for responses guys, I see that Wilder's has closed thei hijackthis section too, so I've dl'd the latest hijack this as per castlecops.com (http://castlecops.com/forums.html) instructions. I read around here somewhere a recommendation for this site.
I'll be trying the other recommendations too.
And there is always fdisk, give me an opportunity to partition the drive anyway. Sad part is this infection got into my machine somewhere along the way with this new install, clone, install next, rinse repeat. ::) Not sure how or when, maybe I should be checking md5s. Anyone know of a prog to generat them? hmm, will change sig font.....

Looks like this one can save the current md5 and test them later against the same files, and report if they have changed.

http://www.brandonstaggs.com/filecheckmd5.html

-{ Quote: " Not sure how or when, maybe I should be checking md5s. Anyone know of a prog to generat them? hmm, will change sig font....." }- Karen has a nice one -> http://www.karenware.com/powertools/pthasher.asp

-{ Quote: "Karen has a nice one -> http://www.karenware.com/powertools/pthasher.asp" }-
Well that looks more advanced indeed :) Hmm.. Must try it

well, well, well, i just got an email purporting to be from net-integration instrucing me to dl from antivirusprotection.pisem.net, ibforums
Anybody know if this site is legit?
Avast detects the dl as a trojan

net-integration hacked! beware email purporting to be from net-integration!

http://www.wilderssecurity.com/showthread.php?p=533597