cooolwebsearch in regedit

Discussion in 'adware, spyware & hijack cleaning' started by oldtr111, Jun 20, 2004.

Thread Status:
Not open for further replies.
  1. oldtr111

    oldtr111 Registered Member

    Joined:
    Jun 19, 2004
    Posts:
    3
    I was hijacked a few months ago and my system works fine now (with the help of this forum) My question: in the registry there are many entries saying coolwebsearch. Do I have to delete these or since everything seems fine, should I just ignore them. Thanks.
     
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    Hi oldtr111,

    I'd rather not tell you to delete them without knowing where they are.

    Download https://www.wilderssecurity.com/attachment.php?attachmentid=137409
    unzip and run RegSrch.vbs
    Copy and paste the most common factor in the dialog box:
    (for example coolwebsearch)
    After a while a prompt will come up. Click OK to write the results to wordpad and post them.

    Regards,

    Pieter
     
  3. oldtr111

    oldtr111 Registered Member

    Joined:
    Jun 19, 2004
    Posts:
    3
    Here it is:

    REGEDIT4
    ; RegSrch.vbs © Bill James

    ; Registry search results for string "coolwebsearch" 6/20/2004 2:01:19 PM

    ; NOTE: This file will be deleted when you close WordPad.
    ; You must manually save this file to a new location if you want to refer to it again later.
    ; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)


    [HKEY_USERS\S-1-5-21-2562781850-3638726810-2032726562-1003\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit]
    "LastKey"="My Computer\\HKEY_USERS\\S-1-5-21-2562781850-3638726810-2032726562-1003\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\Domains\\coolwebsearch.biz"

    [HKEY_USERS\S-1-5-21-2562781850-3638726810-2032726562-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\coolwebsearch.biz]

    [HKEY_USERS\S-1-5-21-2562781850-3638726810-2032726562-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\coolwebsearch.co.uk]

    [HKEY_USERS\S-1-5-21-2562781850-3638726810-2032726562-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\coolwebsearch.com]

    [HKEY_USERS\S-1-5-21-2562781850-3638726810-2032726562-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\coolwebsearch.info]

    [HKEY_USERS\S-1-5-21-2562781850-3638726810-2032726562-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\coolwebsearch.net]

    [HKEY_USERS\S-1-5-21-2562781850-3638726810-2032726562-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\coolwebsearch.org]

    [HKEY_USERS\S-1-5-21-2562781850-3638726810-2032726562-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\coolwebsearch.us]
     
  4. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    Hi oldtr,

    If the value of those registry keys = dword:00000004
    then these entries may be due to a blocklist you are using.
    If they are a lower value they should be deleted (or changed to 4).

    Regards,

    Pieter
     
  5. oldtr111

    oldtr111 Registered Member

    Joined:
    Jun 19, 2004
    Posts:
    3
    :) Thanks so much for your help.
     
  6. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    My pleasure. :cool:

    Regards,

    Pieter
     
Thread Status:
Not open for further replies.