|
|
#1
February 21st, 2005, 06:21 PM
|
|||
|
|||
coolwebsearchprob; can't stay logged in
hope this gets out to the forum. I'm posting here as I can't stay logged in other places to make a post, when I login and click a page to make a post it comes up as guest again. I have something that's very persistent. repeated scans with adaware keep finding things although it's down to one or two and not the 20 or more before. Haven't rebooted yet, these are all scans one after the other. Spywareguard won't come up but it was giving me repeated warnings about BHO's and changing start page and search page etc. There was a 'coolwebsearch' warning at one point. 'about blank' has also been a warning. I am also getting popups, all seem to be false spyware 'help' ads.
I have; adaware, spywareblaster, spywareguard, spybot, and just tried 'blankbuster'. all have found things, all are updated. I do have a temp file that seems to be related; se.dll, and it won't delete. any comments? |
|
#2
February 21st, 2005, 06:42 PM
|
||||
|
||||
|
Re: coolwebsearchprob; can't stay logged in
Hi jerryc,
Make sure you have the most recent version of the following. I'll post the links here for you if you don't. Download the stand-alone version of CWShredder ver. 2.13 http://www.intermute.com/spysubtract..._download.html Download HijackThis ver 1.99.1 http://www.wilderssecurity.com/showthread.php?t=12516 Make sure Ad-AwareSE and Spybot S&D along with your antivirus is up-todate, then boot your computer into Safe Mode by tapping the F8 key just before windows begins to load. Scan with CWShredder first, pressing the *Fix* button, and fix what it finds. While still in safe mode, scan with Ad-AwareSE, Spybot S&D, and your Anti-virus (if you have one) and fix what they find. Boot your system back into normal mode and re-scan with the above. Next, do an on-line virus scan at one (preferably at two) of the following sites: http://security.symantec.com/default.asp? http://housecall.trendmicro.com/ http://www.pandasoftware.com/activescan/ http://www.ravantivirus.com/scan/ http://www3.ca.com/virusinfo/ http://www.bitdefender.com/scan/licence.php http://www.commandondemand.com/eval/index.cfm http://www.freedom.net/viruscenter/o...iruscheck.html http://info.ahnlab.com/english/ http://www.pcpitstop.com/pcpitstop/AntiVirusCntr.asp Then with HijackThis placed in it's own folder on your C drive (not a Temp folder or the desktop) double-click on the hijackthis.exe and press the "Do a system scan and save a logfile". Save the log file as a .txt file. Do not fix anything in Hijackthis by yourself without expert advice. Take the Hijackthis scan to one of the following sites for analysis where a Hijackthis Expert will review it and give you further directions on cleaning your system: CastleCops - http://castlecops.com/forums.html Spywareinfo - http://www.spywareinfoforum.com/index.php Please let us know if you were able to get to CastleCops or Spywareinfo to post a log. (I'll move this thread into a better section of the forum in a little bit) Regards, snap PS - While you are in safe mode, clear your Temp folders. You can use the Disk Cleanup Wizard in XP to clear the Temporary Internet files and Temp Folder files. Go to Start, click Run, and type in cleanmgr and then click "OK" to bring up the Disk Cleanup Wizard.
__________________
@-`-,-- |
|
#3
February 22nd, 2005, 06:26 PM
|
|||
|
|||
|
Re: coolwebsearchprob; can't stay logged in
thx snapdragin,
done the downloads and made the folders, have to wait to do the stuff a day or two, due to having a life... heh. I'm now on another computer temporarily. I have noticed that the repeated scans I did, one after the other, seem to have eliminated the warnings about coolwebsearch and bho's, and homepage change that I mentioned in the original post. Now, or that is up til I shutdown, all I was getting were the popup ads I had mentioned. Now I suppose I'll see if they return, using the system restore, which I did not turn off. I just mention this as it seems that repeated scans are quite valuable. I will be using the proggies though that you linked me to, and I'll issue a report as it happens, or nearly so. I forgot; between the time I originally posted and your reply, I had tried Panda scan, which found 3 virus and 2 suspicious. I had not clicked the 'fix' or 'repair' or immunize'; one like that box, which I didn't realize til the scan was done. On reading the results it said that was an option so I rescanned, clicking the box. Now, this is where it gets odd, as it said that immunize or whatever they call it is not an option for the free service. So then why the box?? and then the results are, the 3 virus do not show and there's only one suspicious, which is the same one I mention above, se.dll. I did send it to Panda and they haven't gotten back to me about it yet. So I don't know if the 3 virus, which I have the path for, are gone or not. Last edited by jerryc : February 22nd, 2005 at 06:39 PM. Reason: forgot something |
|
#4
February 22nd, 2005, 06:41 PM
|
||||
|
||||
|
Re: coolwebsearchprob; can't stay logged in
Hi jerry,
Quote:
Quote:
 Quote:
Please do let us know how it works out. Best of luck, jerry.  Regards, snap
__________________
@-`-,-- |
|
#5
February 22nd, 2005, 06:46 PM
|
||||
|
||||
|
Re: coolwebsearchprob; can't stay logged in
Quote:
With some of the more recent variants of CWS infections...most of the conventional methods of removal (meaning scanners) cannot remove it, and it takes special tools and guided instructions by spyware experts to help you remove the hidden files. That is why with CWS infections, or any hints of it...it is strongly advised to followup with a HijackThis analysis.  Regards, snap
__________________
@-`-,-- |
|
#6
February 22nd, 2005, 07:56 PM
|
|||
|
|||
|
Re: coolwebsearchprob; can't stay logged in
hmm; maybe I misspoke or don't have the correct understanding of system restore. but I know when/where/how I got the baddie, and I've only been online with this OS (I am multibooting 4 OS) for a few days so going to a 'before' startup is simple actually. So, then what? I guess that would mean that the whateveritis wouldn't get started, so that's good, and it would be easier to find/eliminate. Right? Or is it easy to go after it from one of the other OS's? That is, boot into xp say, (the affected OS is 2003 server; I'm taking a class), and try to use one or all of the various tools. Actually this is one reason I partitioned my new HD, to try to stay on top of things and access one drive from another. I have the concept, just not on top of the execution.
Thx. |
|
#7
February 24th, 2005, 01:37 AM
|
|||
|
|||
|
Re: coolwebsearchprob; can't stay logged in
So this is an update; I booted into xp safemode and went over to the server drive to the CW shredder and scanned; nothing. because it doesn't specify what it's scanning I wasn't sure it did the drive with the problems, so I rebooted into the server drive in safemode and scanned again; nothing. I was able to delete temp and TIF files that I couldn't before, apparently because I was in safemode, and that's where things are at the moment. I'm going to reboot into normal mode in that drive and see what happens. Some of the files I deleted had a path that had originated from a PC Health website, so that's interesting; I remember being there but not what I did so don't remember why they were on my system. Hope this isn't too confusing.
Thx again. |
|
#8
February 24th, 2005, 07:12 PM
|
||||
|
||||
|
Re: coolwebsearchprob; can't stay logged in
Quote:
I am not familiar with 2003 server OS, or mutibooting 4 OS, so I cannot comment on how that is done or if it would clean the infected system completely or not. Have you gone to one of the sites I linked to above and posted a HijackThis log for review? Rather than guessing if your system is clean, it would be safer to ensure that it's clean with a more deeper analysis by an experienced spyware removal Expert. Regards, snap
__________________
@-`-,-- |
|
#9
February 24th, 2005, 07:59 PM
|
|||
|
|||
|
Re: coolwebsearchprob; can't stay logged in
Oh, no assumptions here and I have posted a HJT, at bleepingcomputer.com.
which seems to also be a knowledgeable and helpful site. The stuff isn't all gone, that's clear after booting up. Some of the files I had deleted in safemode are back. I did hear from Panda about the online scan I did, and they say it's a new form of an Adware/search.exe that they'll have an online fix for in a short time. But I'm going to go with the manual fix. Thx for paying attention to my difficulties, I'll let you know how it goes Jerry |
|
#10
February 24th, 2005, 09:40 PM
|
||||
|
||||
|
Re: coolwebsearchprob; can't stay logged in
Hi,
Speaking of CW Shredder. SpyCop has detected it again as Spector Pro eBlaster and deleted it !! I have another post on this issue from a few weeks ago for anyone that may be interested. I have now added the detection to the SpyCop ignore list since I have downloaded another version of CW Shredder.  Hard Rocker !! |
|
#11
February 25th, 2005, 10:12 AM
|
||||
|
||||
|
Re: coolwebsearchprob; can't stay logged in
Hi Hard Rocker,
I realize you are new to the forum and still getting use to how things work here, but if you are still having problems with the SpyCop program detecting false/positive, could you please follow that up in your thread so we don't take this thread off topic. You can find your thread here: http://www.wilderssecurity.com/showthread.php?t=63959 Thank you, snap
__________________
@-`-,-- |
| « Previous Thread | Next Thread » |
| Thread Tools | Search this Thread |
|
|
