Re: CWShredder v1.52.2

Other posts in this forum have indicated that an earlier version deletes the HOSTS file. This file has always been missing from my XP Home (IE 6) pc . There is a lmhosts.sam file located in C/Windows/Drivers/etc which seems to be an example of how a HOSTS file should look. When I do a CWS scan, the following results appear:

CWShredder v1.52.2 scan only report

Windows XP (5.01.2600 SP1)
Windows dir: C:\WINDOWS
Windows system dir: C:\WINDOWS\system32
AppData folder: C:\Documents and Settings\Joel\Application Data
Username: Joel

Hosts file not present
Shell Registry value: HKLM\..\WinLogon [Shell] Explorer.exe
UserInit Registry value: HKLM\..\WinLogon [UserInit] C:\WINDOWS\system32\userinit.exe,
CWS.Oslogo (if value is 2) Registry value: Domains: *.coolwebsearch.com [*] dword:4
CWS.Oslogo (if value is 2) Registry value: Domains: *.coolwwwsearch.com [*] dword:4
CWS.Googlems.2 (if value is 2) Registry value: Domains: *.xxxtoolbar.com [*] dword:4
Registry value: DefaultPrefix (should be http://) [] http://
Registry value: WWW Prefix (should be http://) [www] http://
Registry value: Mosaic Prefix (should be http://) [mosaic] http://
Registry value: Home Prefix (should be http://) [home] http://
Found Win.ini file: C:\WINDOWS\win.ini (596 bytes, A)
Found System.ini file: C:\WINDOWS\system.ini (256 bytes, A)

- END OF REPORT -

When I do a CWS fix, however, no CWS variants or affiliates are identified as present and the report indicates that my system is completely clean. A repeat scan comes up with the same results above.

I would greatly appreciate any assistance in interpreting the scan findings as well as help in taking any necessary corrective action.

 

Hi jole60,

No corrective action is needed.
Trust me, if you had been infected with CWS, you would know.
Popups, freezes, hijacked browser etc.

If you look at the Scan report you will see:

Windows dir: C:\WINDOWS
Windows system dir: C:\WINDOWS\system32
AppData folder: C:\Documents and Settings\Joel\Application Data

Shell Registry value: HKLM\..\WinLogon [Shell] Explorer.exe
UserInit Registry value: HKLM\..\WinLogon [UserInit] C:\WINDOWS\system32\userinit.exe,

Registry value: DefaultPrefix (should be http://) [] http://
Registry value: WWW Prefix (should be http://) [www] http://
Registry value: Mosaic Prefix (should be http://) [mosaic] http://
Registry value: Home Prefix (should be http://) [home] http://
Found Win.ini file: C:\WINDOWS\win.ini (596 bytes, A)
Found System.ini file: C:\WINDOWS\system.ini (256 bytes, A)

The above are all as they should be by default. (It just shows what values CWShredder checks.)

So are these, but they are not default on your computer:
CWS.Oslogo (if value is 2) Registry value: Domains: *.coolwebsearch.com
dword:4
CWS.Oslogo (if value is 2) Registry value: Domains: *.coolwwwsearch.com
dword:4
CWS.Googlems.2 (if value is 2) Registry value: Domains: *.xxxtoolbar.com
dword:4

You are probably using IE-Spyad or a similar program that puts these sites in your restricted zone (4) where CWS would put them in your trusted zone (2)

Hope this takes away any confusion.

Regards,

Pieter

 

Hello Pieter. I am much relieved! Both xxxtoolbar.com, coolwwwsearch.com, and coolwebsearch.com are in the restricted zone courtesy of SpySites. As a secondary issue, I would like to install IE-Spyad but have been hesitant to do so in view of my missing HOSTS file. In this regard, how do I create this file?

Again, thank you for your assistance.

 

Hi jole60,

There are several hosts files made by "people in the know" available, that you can download to the correct location and you would be ready.
You can find a good one with explanation here: http://www.mvps.org/winhelp2002/hosts.htm

Regards,

Pieter

 

To the best of my knowledge, IE-SPYAD doesn't interact with and is not part of your actual "hosts" file - it's simply a list of sites/addresses that gets added to your IE "Restricted Sites" Zone (which must be configured to block everything to work correctly). HTH Pete

 

I use IE Spyads and it doesn't do anything with your Hosts files. I don't adjust my Hosts file and the only thing that's ever been it it is the 127 local one. So to answer your question, IE Spyads doesn't affect your Hosts file.

One thing to point out though, is that IE Spyads is user dependent. If you have more than one user on WinXP/2000 or are using profiles on Win98/ME, then only the user/profile that is being used during the initial install will have the protection. You need to install it for every user to have full protection for the computer.

 

Another good info site for HOSTS file is at:

http://www.accs-net.com/hosts/how_to_use_hosts.html

 

Thank you Pieter, spy1, Nick, and Pretender for the additional useful information.

 

You're welcome, have a karma cookie on me.