[guacimo] need help cleaning malware

Hello:
I am new to this forum and really ned help to solve my dilema. approximately 4-5 months ago, I was not aware that spyware could commandare my system. The proble is that I am unable to delte the malware that is on my system each time I re-boot and specially when I try to download anything from the net. the malware that is on my system lead me to either:
1. nkvd.us/1507/ or a search page.
The malware has installed five IE icons on my desktop that I cannot destroy.

REQUESTING HELP IMMEDIATELY, beacause I want to take an online course and i am unable to do so due to downloading problem.. This malware is really doing me in

 

Re: need help cleaning malware

HI guacimo, welcome to forums....

First you really should have started a separate thread, as I am sure a Moderator will probably split this off anyway....

OK.. Here is some info on your troubles...

Its a variant of Coolwebsearch variant 29.

http://www.mysteryjuice.co.uk/virus-nkvd.us-remove.php

There is an mkvd.us remover on this site, as well as manual removal instruction in the Registry if you are comfortable in there.

I cannot vouch for its reliability, and as this is a browser hijacker, Wilders no longer does HijackThis logs.

TAS

 

Hi: Tassie Devils
Thanks for the tips, I wil proceed immediately and let U know if it worked.

Guacimo

 

Hi guacimo,

It looks like you have a CoolWebSearch infection (hijacker), which can sometimes be difficult to remove depending on the variant(s) you may have been infected with and any other malware files that may have been installed while you are infected with CWS.

Since CWS can be difficult to remove, the best thing you can do right now is to go to one of the dedicated spyware removal sites (forums) and post a HijackThis log and have a Spyware Expert analyse it and give you instructions on what needs to be cleaned, and the safest way to clean the infection.

Since we no longer do HijackThis log analysis here at Wilders, here is a list of spyware removal sites that you can go to and post a HijackThis log: http://a-sap.org/

Be sure and follow the posting guidelines and proceedures of the site you choose to go to.

Regards,

snap

 

Hey: Tassie

I followed your instructions and could not enter the site that was mentioned. It came back with: PAGE CANNOT BE DISPLAYED. and the browser had the following: http//nkvd.us/1507/.

this malware has complete charge of my browser and does not allow me to download anything that I have tried to utilize for removal. It just does not allow anything to disengage from the IE boot sector.

 

Hi guacimo

Humm...since CWS is making it difficult for you to get to sites, do this first:

Download the following:
CWShredder v.1.59.01.

Download either one of these spyware removal programs (both are recommended)
Spybot Search & Destroy v1.3 - install and update.

Ad-Aware Version SE build 1.03 - install, and update by click on "check for updates now" to make sure you have the latest reference file.

You can find a tutorial on how to setup and scan with Spybot S&D and Adware here: Scanning with Spybot and Ad-Aware

Once you have downloaded the above, then disconnect from the internet, make sure ALL browsers and any other running programs are closed, then run CWShredder first. Click the *Fix button (not the scan button) and follow the instructions you will receive when the program runs. Reboot if prompted.

Then scan with AdAwareSE and fix what it finds.
Next scan with Spybot S&D and fix what it shows in red.
Reboot after each scan.

Do another scan with AdAware and Spybot S&D until nothing more shows up as needing fixed.

If you do not have an anti-virus installed, then do a full system scan at one of these on-line scan sites: Free Services

Then go to the link I posted above to post a HijackThis log for analysis to ensure the infection is removed completely.

Let us know how you do.

Regards,

snap

 

Thank U Snap, I will try it and let U know tomorrow.

Guacimo

 

Ok, guacimo.

Hope you are successful in downloading the above programs I've listed (they are free programs) but if you still have trouble downloading them, then try one of the on-line scans first.

Good luck,

Regards,

snap

 

Hey: Snap

I just want to tahnk U and Tassie for the assistance. I followed your instructions and had a hard time in the beginning, becasuee it was not allowing me to download the CWShredder v.1.59.01. I had Aaware installed on my system, but unable to download SS&D.
Anyway, the CWS was downloaded and ran with an immediate result. I ccould see the spyware fron the search file dissapearing from my desktop and destroyed.
It is very good feeling to be free and regain control of your own PC.

Once again Snap. thanks for the assistance. You help me in such a shrot period of time. With this knowledge, I can start helping other people at my work place with a similar situation like mine.

Thanks,

Guacimo

 

May I suggest that you take a look at some of the following threads to see if you can tighten you security a little:

https://www.wilderssecurity.com/showthread.php?t=45284&page=1&pp=25

and here for more:

https://www.wilderssecurity.com/showthread.php?t=43117

Let us know how you go…

Cheers

 

Hi guacimo,

Glad to hear you were able to download and run CWShredder.

I would still advise you to followup with posting a HijackThis log at one of the spyware removal forums (in the link I provided above) as this variant of CWS has other files that are downloaded with it and may need more manual removal for them under the advice of a Spyware Expert.

See this write-up by Unzy on this variant of CoolWebSearch for more details (scroll down until you come to Post #12)

https://www.wilderssecurity.com/showthread.php?t=28658

Regards,

snap