[guacimo] need help cleaning malware

Discussion in 'other security issues & news' started by guacimo, Aug 28, 2004.

Thread Status:
Not open for further replies.
  1. guacimo

    guacimo Registered Member

    Joined:
    Aug 28, 2004
    Posts:
    5
    Location:
    California, USA
    Hello:
    I am new to this forum and really ned help to solve my dilema. approximately 4-5 months ago, I was not aware that spyware could commandare my system. The proble is that I am unable to delte the malware that is on my system each time I re-boot and specially when I try to download anything from the net. the malware that is on my system lead me to either:
    1. nkvd.us/1507/ or a search page.
    The malware has installed five IE icons on my desktop that I cannot destroy.

    REQUESTING HELP IMMEDIATELY, beacause I want to take an online course and i am unable to do so due to downloading problem.. This malware is really doing me in :doubt:
     
    Last edited by a moderator: Aug 28, 2004
  2. Tassie_Devils

    Tassie_Devils Global Moderator

    Joined:
    May 8, 2002
    Posts:
    2,514
    Location:
    State Queensland, Australia
    Re: need help cleaning malware

    HI guacimo, welcome to forums....

    First you really should have started a separate thread, as I am sure a Moderator will probably split this off anyway....

    OK.. Here is some info on your troubles...

    Its a variant of Coolwebsearch variant 29.

    http://www.mysteryjuice.co.uk/virus-nkvd.us-remove.php

    There is an mkvd.us remover on this site, as well as manual removal instruction in the Registry if you are comfortable in there.

    I cannot vouch for its reliability, and as this is a browser hijacker, Wilders no longer does HijackThis logs.

    TAS
     
  3. guacimo

    guacimo Registered Member

    Joined:
    Aug 28, 2004
    Posts:
    5
    Location:
    California, USA
    Hi: Tassie Devils
    Thanks for the tips, I wil proceed immediately and let U know if it worked.

    Guacimo
     
  4. snapdragin

    snapdragin Administrator

    Joined:
    Feb 16, 2002
    Posts:
    8,415
    Location:
    Southern Ont., Canada
    Hi guacimo,

    It looks like you have a CoolWebSearch infection (hijacker), which can sometimes be difficult to remove depending on the variant(s) you may have been infected with and any other malware files that may have been installed while you are infected with CWS.

    Since CWS can be difficult to remove, the best thing you can do right now is to go to one of the dedicated spyware removal sites (forums) and post a HijackThis log and have a Spyware Expert analyse it and give you instructions on what needs to be cleaned, and the safest way to clean the infection.

    Since we no longer do HijackThis log analysis here at Wilders, here is a list of spyware removal sites that you can go to and post a HijackThis log: http://a-sap.org/

    Be sure and follow the posting guidelines and proceedures of the site you choose to go to.

    Regards,

    snap
     
  5. guacimo

    guacimo Registered Member

    Joined:
    Aug 28, 2004
    Posts:
    5
    Location:
    California, USA
    Hey: Tassie

    I followed your instructions and could not enter the site that was mentioned. It came back with: PAGE CANNOT BE DISPLAYED. and the browser had the following: http//nkvd.us/1507/.

    this malware has complete charge of my browser and does not allow me to download anything that I have tried to utilize for removal. It just does not allow anything to disengage from the IE boot sector.
     
  6. snapdragin

    snapdragin Administrator

    Joined:
    Feb 16, 2002
    Posts:
    8,415
    Location:
    Southern Ont., Canada
    Hi guacimo

    Humm...since CWS is making it difficult for you to get to sites, do this first:

    Download the following:
    CWShredder v.1.59.01.

    Download either one of these spyware removal programs (both are recommended)
    Spybot Search & Destroy v1.3 - install and update.

    Ad-Aware Version SE build 1.03 - install, and update by click on "check for updates now" to make sure you have the latest reference file.

    You can find a tutorial on how to setup and scan with Spybot S&D and Adware here: Scanning with Spybot and Ad-Aware

    Once you have downloaded the above, then disconnect from the internet, make sure ALL browsers and any other running programs are closed, then run CWShredder first. Click the *Fix button (not the scan button) and follow the instructions you will receive when the program runs. Reboot if prompted.

    Then scan with AdAwareSE and fix what it finds.
    Next scan with Spybot S&D and fix what it shows in red.
    Reboot after each scan.

    Do another scan with AdAware and Spybot S&D until nothing more shows up as needing fixed.

    If you do not have an anti-virus installed, then do a full system scan at one of these on-line scan sites: Free Services

    Then go to the link I posted above to post a HijackThis log for analysis to ensure the infection is removed completely.

    Let us know how you do.

    Regards,

    snap
     
  7. guacimo

    guacimo Registered Member

    Joined:
    Aug 28, 2004
    Posts:
    5
    Location:
    California, USA
    Thank U Snap, I will try it and let U know tomorrow.

    Guacimo
     
  8. snapdragin

    snapdragin Administrator

    Joined:
    Feb 16, 2002
    Posts:
    8,415
    Location:
    Southern Ont., Canada
    Ok, guacimo. :)

    Hope you are successful in downloading the above programs I've listed (they are free programs) but if you still have trouble downloading them, then try one of the on-line scans first.

    Good luck,

    Regards,

    snap
     
  9. guacimo

    guacimo Registered Member

    Joined:
    Aug 28, 2004
    Posts:
    5
    Location:
    California, USA
    Hey: Snap

    I just want to tahnk U and Tassie for the assistance. I followed your instructions and had a hard time in the beginning, becasuee it was not allowing me to download the CWShredder v.1.59.01. I had Aaware installed on my system, but unable to download SS&D.
    Anyway, the CWS was downloaded and ran with an immediate result. I ccould see the spyware fron the search file dissapearing from my desktop and destroyed.
    It is very good feeling to be free and regain control of your own PC.

    Once again Snap. thanks for the assistance. You help me in such a shrot period of time. With this knowledge, I can start helping other people at my work place with a similar situation like mine.

    Thanks,

    Guacimo
     
  10. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
  11. snapdragin

    snapdragin Administrator

    Joined:
    Feb 16, 2002
    Posts:
    8,415
    Location:
    Southern Ont., Canada
    Hi guacimo,

    Glad to hear you were able to download and run CWShredder. :)

    I would still advise you to followup with posting a HijackThis log at one of the spyware removal forums (in the link I provided above) as this variant of CWS has other files that are downloaded with it and may need more manual removal for them under the advice of a Spyware Expert.

    See this write-up by Unzy on this variant of CoolWebSearch for more details (scroll down until you come to Post #12)

    https://www.wilderssecurity.com/showthread.php?t=28658

    Regards,

    snap
     
Loading...
Thread Status:
Not open for further replies.