Coolwebsearch found

Discussion in 'SpywareBlaster & Other Forum' started by Michael_aust, Jan 28, 2005.

Thread Status:
Not open for further replies.
  1. Michael_aust

    Michael_aust Guest

    I run spyware blaster and spyware guard and there both all up to date and have all protection enabled. But just then i ran a scan with aol spyware protection software and it found coolwebsearch. I was never notified that it was trying to be installed by spyware guard. How coem spyware blaster didnt stop it. The only software I have downloaded recently is Ewido anti Trogen software. I read all its liscence and it didnt say anything about additional software being installed in it. So any ideas how it got through? I thouth spyware guard was supposed to alert you of these kind of things.

    I blocked and deleted it completely with aol spyware and it says its gone when i restarted my machine and ran the scan again. I also ran adaware personal se and that found nothing, neither did ewido i fact i ran that before aol and that didnt pick it up. Do you think it will have been gotten rid of from my machine or shouldi download spybot just to be sure?
     
  2. ~*Nat*~

    ~*Nat*~ Registered Member

    Joined:
    Jul 9, 2004
    Posts:
    8,129
    Location:
    Germany/Ohio-USA ~ between two worlds

    Hi Michael,

    The Coolwebsearch - pest is a very sneaky and dangerous thing on the net.
    With all those apps..its still easy to go through.

    You'd want to download the CWShredder if you haven't done so yet.
     
  3. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    Hey Michael,

    After the AOL scan....do you recall if the CoolWebSearch item\items it found were located in the below registry key or can you post a screen shot of what it found ?

    This reg key--->HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains


    FAQ: Screen Shots and Image Posting
     
  4. ~*Nat*~

    ~*Nat*~ Registered Member

    Joined:
    Jul 9, 2004
    Posts:
    8,129
    Location:
    Germany/Ohio-USA ~ between two worlds
  5. Michael_aust

    Michael_aust Guest

    Im not really sure what you mean by what you sai Bubba but here is the log for when it found it. I cant seem to find the link to add images like you FAQ post said. I have uploaded it to a webpage. Please post and tell me when you have viewed it so I can take it down

    http://www.geocities.com/toafaultrock/coolwebsearchinfo.JPG

    i dont thin k it gave me any windows registry info just the directories it was stored at. Hoope this is soem help.

    Do you think it will have actualy gone from my machine or could tere still be bits lurking around. I ditn want to have to go into the registry because i dotn have a clue what im doing in it.
     
  6. Michael_aust

    Michael_aust Guest

    just downloaded and ran the cws shredder from download.com i presume its the same as the other person posted. It found absolutly nothing. So presume the system is clear i ran it twice and it gave nothing so.
     
  7. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    Hey Michael....You can take your picture down.

    The file name nsreg.dat is a valid file name for Windows XP....which is what your operating system is....correct ?

    I also do not trust the AOL scan program and it's record for False positives. If I'm reading you correctly....you scanned with Adaware before you scanned with AOL and Adaware did not find anything....correct ?

    If that's the case....and if you have the latest version of Adaware with up to date signature files....I'm leaning toward a false positive with AOL spyware cleaner.
     

    Attached Files:

    Last edited: Jan 28, 2005
  8. Michael_aust

    Michael_aust Guest

    I scanned with ewido first, that found nothing. So i ran my usual aol scan expecting to find nothing it came up with that one file so cleaned it up. I ran adaware afterwards and it found nothing. I also ran that cwshredder and that said there was nothing. o your probobly right it was a false possitive. Yep I do run windows XP
     
  9. ghodgson

    ghodgson Registered Member

    Joined:
    Dec 20, 2003
    Posts:
    784
    Location:
    UK
    Dear Michael, I would agree with Bubba that it sounds like a false positive. Incidentally, I 'fixed' a friend of mines' PC last week which was infected with Coolweb 'about blank' and COOLWEB shredder did not pick that up either, which was surprising. BUT Adaware SE did, however, I ended up having to manually edit the registry to get rid completly.
    Gordon
     
Thread Status:
Not open for further replies.