CWShredder finds what others are miss but I can't seemed to get rid of the stuff.

Discussion in 'malware problems & news' started by Proverbs 9:10, Mar 3, 2005.

Thread Status:
Not open for further replies.
  1. Proverbs 9:10

    Proverbs 9:10 Registered Member

    Joined:
    Jan 20, 2005
    Posts:
    4
    Have run general cleaning instructions from Blackspear once before successfully. Due to a recent poor decision of one family member our computer is being attacked once again. Have run the following in order (in safe mode) and come out clean: AVG anti-virus, Stinger, Ewido, Spybot, AdAware SE. I then ran CWShredder 2.12 and it finds the following:
    svchost32, mupdate, googlems, therealsearch, smartsearch, aboutblank, and jksearch. Is there a way to locate these items and get rid of them?

    Just for kicks I also tried TDS-3 but it "shut down" improperly. Not sure what happened there. I ran the online scan from Trend-Micro after I rebooted and nothing was detected. Made sure that I updated my Windows XP service pack (now 2).

    Windows XP Version 2002 Service Pack 2
    IE 6.0
    Zone Alarm 5.5 (At one point I noticed that this was not in my bottom tray; but I did not move it...not sure if it was active or not during this time. Could that have been the reason this stuff could get through?)

    VX2Finder came up with this:
    VX2Finder Files Found---
    Guardian Key--- is called:
    User Agent String---
    SV1

    I know there is still something going on and there is still a problem. I have just visited PCWorld's webpage and a pornagraphic list tabled over part of it.

    I ran through the procedure mentioned above twice with the same results. What should I do next?

    Thanks for helping.
     
    Last edited: Mar 3, 2005
  2. MushfiQ

    MushfiQ Registered Member

    Joined:
    Jan 8, 2005
    Posts:
    131
    CWSgreeder have new version out which is 2.13. Have u tried immunizing through Spybot S & D ? It have got updated 2 hrs ago too. Try adding SpyWare Blaster in ur list as well. I am sure some major senior members would help u out too.
     
  3. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Don’t be too hard on them, we’ve all been there at some point. Let’s get you all cleaned up and then look at securing your system even better.


    I would suggest that you need to download and run “Hijack This” found here and post your log at one of the forums found at A-SAP. The two bigger forums for HijackThis log processing, (meaning they process more log threads each day than most others) are: SpywareInfo.com and CastleCops.com. Be sure to read their posting policy in the links at their log review forum sections prior to posting.

    The steps mentioned in General Cleaning use software that ought to be part of your security, as an absolute minimum.

    Once your system is clean you may want to take a look HERE. As well there are discussions HERE and even more HERE.

    Hope this helps...

    Let us know how you go.

    Cheers :D
     
  4. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    If you have not already done so, try re-running CWShredder in safe mode (see Starting the computer in safe mode for details on how to do this). CoolWebSearch will restore its settings if active on your system, starting in Safe Mode should ensure it does not get started.
     
  5. Sweetie(*)(*)

    Sweetie(*)(*) Registered Member

    Joined:
    Aug 10, 2004
    Posts:
    419
    Location:
    Venus
    Hi the pop up sounds like a BHO ( browser hijack object) also probably more Spyware.

    Try Microsoft Antispyware and download Hijack this post the HJT log HERE.

    This should fix your problems.

    For future protection give some thought to getting Mozilla Firefox browser, its safer and fatser than IE, also consider running a good Antivirus and Firewall.
     
  6. bpm3k

    bpm3k Registered Member

    Joined:
    Feb 28, 2005
    Posts:
    30
    I recently cleaned a system. Here are all the tools I used (I ran them all and most found things):

    A. AntiSpyware:
    1. CWShredder
    2. About:Buster
    3. Spybot S&D
    4. Ad-aware free
    5. Microsoft AS
    6. WhenUremover (ad-aware)

    AntiTrojan:
    7. A squared free
    8. Ewido free
    9. Mcafee Stinger
    10. Microsoft Windows Malicious Software Removal Tool (KB890830)

    AntiVirus, installed (only one resident scanner at a time!!):
    11. AVG free
    12. Kaspersky Anti-Virus Personal 5.0 free trial

    Antivirus, online:
    13. Bitdefender online scan
    14. CA ETrust Antivirus webscanner
    15. Panda ActiveScan
    16. TrendMicro online antivirus scan

    Other:
    17. Hijackthis


    I also had to go into msconfig and uncheck some boxes. Be sure to look at the remove programs area i could remove a suprisingly large amount of stuff this way (some of the uninstallers require you to be online).

    To help clean up the VX2 business try the ad-aware add-on "vx2 cleaner":
    http://www.lavasoftusa.com/software/addons/vx2cleaner.shtml


    I cleaned this up in 90 minutes using the above programs (it ws my first time cleaning a system):

    ~snipped HJT log - snap~
     
    Last edited by a moderator: Mar 8, 2005
  7. snapdragin

    snapdragin Registered Member

    Joined:
    Feb 16, 2002
    Posts:
    8,415
    Location:
    Southern Ont., Canada
    Hi bpm3k,

    I have removed the HijackThis log from your post. Please see this Announcment regarding the posting of Hijackthis logs here at Wilders.

    You have also posted this log in this thread at dslreports, and receiving assistance there. I would advise that you continue following up with your thread at dslreports for further cleaning instructions.

    Regards,

    snap
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.