cooolwebsearch in regedit

Discussion in 'adware, spyware & hijack cleaning' started by oldtr111, Jun 20, 2004.

Thread Status:
Not open for further replies.
  1. oldtr111

    oldtr111 Registered Member

    Joined:
    Jun 19, 2004
    Posts:
    3
    I was hijacked a few months ago and my system works fine now (with the help of this forum) My question: in the registry there are many entries saying coolwebsearch. Do I have to delete these or since everything seems fine, should I just ignore them. Thanks.
     
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,427
    Location:
    Netherlands
    Hi oldtr111,

    I'd rather not tell you to delete them without knowing where they are.

    Download https://www.wilderssecurity.com/attachment.php?attachmentid=137409
    unzip and run RegSrch.vbs
    Copy and paste the most common factor in the dialog box:
    (for example coolwebsearch)
    After a while a prompt will come up. Click OK to write the results to wordpad and post them.

    Regards,

    Pieter
     
  3. oldtr111

    oldtr111 Registered Member

    Joined:
    Jun 19, 2004
    Posts:
    3
    Here it is:

    REGEDIT4
    ; RegSrch.vbs © Bill James

    ; Registry search results for string "coolwebsearch" 6/20/2004 2:01:19 PM

    ; NOTE: This file will be deleted when you close WordPad.
    ; You must manually save this file to a new location if you want to refer to it again later.
    ; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)


    [HKEY_USERS\S-1-5-21-2562781850-3638726810-2032726562-1003\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit]
    "LastKey"="My Computer\\HKEY_USERS\\S-1-5-21-2562781850-3638726810-2032726562-1003\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\Domains\\coolwebsearch.biz"

    [HKEY_USERS\S-1-5-21-2562781850-3638726810-2032726562-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\coolwebsearch.biz]

    [HKEY_USERS\S-1-5-21-2562781850-3638726810-2032726562-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\coolwebsearch.co.uk]

    [HKEY_USERS\S-1-5-21-2562781850-3638726810-2032726562-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\coolwebsearch.com]

    [HKEY_USERS\S-1-5-21-2562781850-3638726810-2032726562-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\coolwebsearch.info]

    [HKEY_USERS\S-1-5-21-2562781850-3638726810-2032726562-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\coolwebsearch.net]

    [HKEY_USERS\S-1-5-21-2562781850-3638726810-2032726562-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\coolwebsearch.org]

    [HKEY_USERS\S-1-5-21-2562781850-3638726810-2032726562-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\coolwebsearch.us]
     
  4. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,427
    Location:
    Netherlands
    Hi oldtr,

    If the value of those registry keys = dword:00000004
    then these entries may be due to a blocklist you are using.
    If they are a lower value they should be deleted (or changed to 4).

    Regards,

    Pieter
     
  5. oldtr111

    oldtr111 Registered Member

    Joined:
    Jun 19, 2004
    Posts:
    3
    :) Thanks so much for your help.
     
  6. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,427
    Location:
    Netherlands
    My pleasure. :cool:

    Regards,

    Pieter
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.