coolwwwsearch prob, nothing finds it?

jon123 · #1 August 15th, 2005, 09:44 AM

for some reason I can't start a thread in the addware spyware and hijack cleaning forum so I've come here

"One other thing, it seems I might have a problem with coolwwwsearch as occasionally ZA is catching a connection attempt (routed to 127~, loopback right?), any recommendations on dealing with that? I ran spysweeper 3.5 without success. Currently I'm using a cloned backup that hasn't had spysweeper installed."

update to my coolwwsearch prob.

ran f-prot for dos with updates and full options (was not slow btw)-nadda

ran Pepi's smartkiller, older version though for cool~ v1 and v2-nadda
ran cwshredder-nadda

installed avast free and ran-nadda

have had one more instance of ZA catching outbound destination coolwwsearch

will of course try latest smartkiller, is there any diff. to prog?
what else might I try?
-I left Tea Timer running S&Dv1.3 (does the 1.4dl now include latest engine and det. files?)
I also wonder if MS sec updates for 98 might be causing issue for any of these progs.

ravin · #2 August 15th, 2005, 02:16 PM

try an online scan at trendmicro.com they have the coolweb detection in the scan for spyware. hope that catches it.

ErikAlbert · #3 August 15th, 2005, 03:20 PM

If nothing works :

Download HijackThis v1.99.1 from this link :
http://www.spywareinfoforum.com/~merijn/downloads.html

Install it in a separate folder, run it and copy/paste your HijackThis Log + a description of the problem and what you already tried to solve it at this Malware forum :
http://www.spywareinfoforum.com/
Subforum "Malware Removal" and wait for a qualified helper.

PS: Wilders Security Forum doesn't solve HijackThis Logs anymore according my readings.

brjoon1021 · #4 August 15th, 2005, 06:16 PM

you need "aboutbuster.exe" google for it. It is free. There is also something called CWShredder at the free Trend online virus scan site.

It (aboutbuster) kicked the hell out of coolwebsearch for me. I also risked my neck and removed everything that I did not recognize with Hijackthis. It worked.

I was almost going crazy because of this evil program. Coolwebsearch is horrible. I hope the author gets a nasty case of something.

Brian N · #5 August 15th, 2005, 06:58 PM

I myself found this little spyware or whatever it is on my pc today - I just tried scanning with Panda's online scanner because my pc was all weird and slow. It found it, but of course couldnt remove it...

Ewido didn't find anything
Ad-Aware didn't find anything
Spybot didn't find anything

I'll try aboutbuster (http://www.bleepingcomputer.com/files/aboutbuster.php)

ErikAlbert · #6 August 15th, 2005, 07:08 PM

Yep aboutbuster.exe removes also CWS, but CWS has SO MANY variations.
I hope aboutbuster.exe is able to remove that specific CWS-variant.
Download aboutbuster from the original homepage :
http://www.malwarebytes.biz/index.php?page=downloads

Brian N · #7 August 15th, 2005, 07:22 PM

Well this sucks... Panda still finds it, can't remove it.
Aboutbuster didn't find anything (I updated prior to scan)

snowbound · #8 August 15th, 2005, 07:25 PM

Post a HJT log over here,

http://gladiator-antivirus.com/forum...?showforum=170

and the experts there will help u get rid of it.

snowbound

Brian N · #9 August 15th, 2005, 07:26 PM

And CWShredder didn't find anything either ..

#10 August 15th, 2005, 07:29 PM

Hi Brian,

If you have CWS you may like to have a look over on here, and see if it helps.

Detection for new CWS variant yet

?
http://www.dslreports.com/forum/remark,14093526

StevieO

Brian N · #11 August 15th, 2005, 07:43 PM

Bah wish there was a boclean trial

Looks like it can beat this nasty one.

Brian N · #12 August 15th, 2005, 09:34 PM

Man this is weird...
Panda ActiveScan detects it, but none of their apps does... 05 and 06 beta detects nothing.

jon123 · #13 August 16th, 2005, 10:09 AM

Thanks for responses guys, I see that Wilder's has closed thei hijackthis section too, so I've dl'd the latest hijack this as per castlecops.com instructions. I read around here somewhere a recommendation for this site.
I'll be trying the other recommendations too.
And there is always fdisk, give me an opportunity to partition the drive anyway. Sad part is this infection got into my machine somewhere along the way with this new install, clone, install next, rinse repeat.

Not sure how or when, maybe I should be checking md5s. Anyone know of a prog to generat them? hmm, will change sig font.....

Brian N · #14 August 16th, 2005, 10:17 AM

Looks like this one can save the current md5 and test them later against the same files, and report if they have changed.

http://www.brandonstaggs.com/filecheckmd5.html

#15 August 16th, 2005, 10:25 AM

Quote:

Originally Posted by jon123

Not sure how or when, maybe I should be checking md5s. Anyone know of a prog to generat them? hmm, will change sig font.....

Karen has a nice one -> http://www.karenware.com/powertools/pthasher.asp

Brian N · #16 August 16th, 2005, 10:28 AM

Quote:

Originally Posted by dog

Karen has a nice one -> http://www.karenware.com/powertools/pthasher.asp

Well that looks more advanced indeed

Hmm.. Must try it

jon123 · #17 August 16th, 2005, 12:48 PM

well, well, well, i just got an email purporting to be from net-integration instrucing me to dl from antivirusprotection.pisem.net, ibforums
Anybody know if this site is legit?
Avast detects the dl as a trojan

net-integration hacked! beware email purporting to be from net-integration!

http://www.wilderssecurity.com/showthread.php?p=533597

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search