Problem running spywareblaster

Discussion in 'SpywareBlaster & Other Forum' started by xXBrianXx, May 29, 2004.

Thread Status:
Not open for further replies.
  1. xXBrianXx

    xXBrianXx Registered Member

    Joined:
    May 29, 2004
    Posts:
    7
    I have have been having some serious problems with coolwebsearch crap and not being able to get rid of it... i wanted to install spywareblaster to keep further thrests from being installed except when i install spywareblaster and try to run it i get this error "The program has been damaged, possibly by a bad sector of the hard drive or a virus. please reinstall it" no matter how many times i reinstall it it gives me the same error... also i ran scan disk .. no errors or bad sectors, and all that norton has found is some adware no viruses...

    i run adaware all the time spybotsearch and destroy all the time i keep everyhting updated i cant get rid of this crap...arg please help thanks for any replys
     
  2. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    Hey Brian,

    You unfortunately are seeing a side effect of one of the CoolWebSearch variants. Hopefully JavaCool will be able to fix this in an upcoming update.

    Recent thread concerning this---> This program has been damaged

     
  3. xXBrianXx

    xXBrianXx Registered Member

    Joined:
    May 29, 2004
    Posts:
    7
    thank you sir... anytips on spyware programs that can help me get rid of coolwebsearch crap... its not like i go to porn sites all the time.. and on the rare cahnce i do... they arent shady ones.. so i dont know how they go there .. must of been my cousin... but i need to get rid of them i had this coolwebsearch shredder thing.. it didnt find anything.. but adaware keeps finding it... any help is appriciated.
     
  4. MCT

    MCT Registered Member

    Joined:
    Mar 10, 2004
    Posts:
    300
    LOL @
    98% of porn sites have some sort of popup/ spyware /cookie /dialer 2 get u

    anyways, have u tried adaware & spybot (update them both b4 every scan) ?

    make sure u enable ALL protections in spyware blaster once its working, it will keep u from getting 99% of cookies & dialers

    hope this helps :D
     
  5. xXBrianXx

    xXBrianXx Registered Member

    Joined:
    May 29, 2004
    Posts:
    7
    yup i update all my programs i run right before i run them ill even update them or try to several times a day... .. why would norton detect an adware program.. and not beable to delete it... and about the porn iv ebeen using the same sites for years... never had a problem.. ive noticed tracking cookies but those arnt anything this coolweb crap is getting me mad though... anyway...thanks for the reply
     
  6. MCT

    MCT Registered Member

    Joined:
    Mar 10, 2004
    Posts:
    300
    norton wont (cant) delete something if its being used..

    try removing it in safe mode, or killing explorer or the associated process and then enabling it again after its removed
     
  7. dread

    dread Registered Member

    Joined:
    May 18, 2004
    Posts:
    195
    What variant do you have.Get cwssdredder and find out which one you have.One or some actually close out cwsshreader,spybot and adaware.Look at this page for the variants http://www.spywareinfoforum.com/~merijn/cwschronicles.html One of my freinds had the CWS.Smartsearch.2 and it kept killing cwsshredder finally she downloaded a free trojan program and it killed part of CWS.Smartsearch.2 then she could run cwsshredder and if you do have that one you you can download a trojan program or on that page there is a link to download a small free file to kill part of CWS.Smartsearch.2 so you can run cwsshreader.Find out what variant you have and look here http://www.spywareinfoforum.com/~merijn/cwschronicles.html cwsshreader will tell you.
     
  8. xXBrianXx

    xXBrianXx Registered Member

    Joined:
    May 29, 2004
    Posts:
    7
    MCT i ran norton in safe mode and it still wouldnt get rid of it i beleive it said it was win.exe... which might be a problem.. i dunno though...

    and dread.. im not sure what variant i have...what do you mean by kill csw shredder and spybot...? kill as it they couldnt complete .. because i can odo a full scan and find some problems.. see the thing is the only thing that finds the csw is adaware... norton finds somethign else and spybots finds stuff that neither of them finds...oh what a tangled web we wieve.. anyway none of my programs get killed... its just that adaware is the only one that finds CSW aafter i reboot...
     
  9. dread

    dread Registered Member

    Joined:
    May 18, 2004
    Posts:
    195
    Well for CWS.Smartsearch.2 it tries to close CWShredder, HijackThis, Ad-Aware, Spybot S&D and the SpywareInfo forums when they are opened. When you run cwshreader it will tell what variant it is. Look at what it says, it was say you have varient so and so. Where does adaware find it look at the details and no offense but norton sucks run this one if you can http://housecall.antivirus.com/housecall/start_corp.asp and see what it tells you. It would help alot if you know what your dealing with. Did a search dont know if it will help but look at this http://www.computercops.biz/print-1-42582.html try to do a windows update or something if that post is right. From what I have I seen from a google search on your error cuases a problem for several programs.One site says do a windows update cuase its a exploit another says get cwshreader.
     
    Last edited: May 30, 2004
  10. MCT

    MCT Registered Member

    Joined:
    Mar 10, 2004
    Posts:
    300
    also, just note, norton isnt an Anti-Spyware/Adware program, it is an antivirus, thus only detecting viruses, maybe some harmful malware but its not 2 be used as an adware/spyware scanner

    regards
     
  11. xXBrianXx

    xXBrianXx Registered Member

    Joined:
    May 29, 2004
    Posts:
    7
    dread: yea i can run all the programs none of them get shut down... and i cant goto that website to do a virus scan... im using firefox.. and when i try using ie it goes to the page that downloads the software and it just gives me one of those dumb windows errors.. oh and yea i know i hate norton to...

    MCT: oh im not using it just for that i ran a virus scan to see if i have any viruses and it detected something and said it was adware in its description...

    blah down with norton... oh and im running spywarebuard now and it detected BHO changes to my IE when i tried running IE and adaware found more CSW but i dont beelive hijack this finds anything.... oh well ill continue to plug away at this thanks for the help
     
  12. dread

    dread Registered Member

    Joined:
    May 18, 2004
    Posts:
    195
    xXBrianXx what variant is it. If you can run all of these program it tells you what variant so what variant is it.
     
  13. xXBrianXx

    xXBrianXx Registered Member

    Joined:
    May 29, 2004
    Posts:
    7
    see the thing is hijack this doesnt say i have it .. adaware does.. heres my hijack log

    Logfile of HijackThis v1.97.7
    Scan saved at 2:50:19 PM, on 5/30/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    C:\Program Files\SpywareGuard\sgmain.exe
    C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE
    C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
    C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
    C:\Program Files\SpywareGuard\sgbhp.exe
    C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe
    C:\WINDOWS\System32\vssvc.exe
    C:\WINDOWS\System32\dllhost.exe
    C:\WINDOWS\System32\dllhost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Documents and Settings\Brian\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\ogmpaaa.dll/sp.html (obfuscated)
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\ogmpaaa.dll/sp.html (obfuscated)
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {248D29C5-7370-45D6-B9CD-96C918A336F6} - C:\WINDOWS\System32\pccpa.dll (file missing)
    O2 - BHO: (no name) - {27FF790B-608E-47AD-8BA0-D5FCA78214CC} - C:\WINDOWS\System32\iiloaa.dll (file missing)
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [ScreenPrint32] C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe -startup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [Ad-aware] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe" +c
    O4 - HKCU\..\Run: [Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID {DA9935BA-22F7-44ee-BD12-BD8B87700BEA}
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2e529727a6ef04/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab



    norton says i have this win.exe adware.startpage.. i went through the steps to get rid of it form my registry but i couldnt find it in my registry.. heh oh well ill reboot and soo if anything popsup
     
  14. xXBrianXx

    xXBrianXx Registered Member

    Joined:
    May 29, 2004
    Posts:
    7
    ok these are my results from rebooting
    adaware found http://65.75.186.160/picserver/img.php?/H2UV79L0N8K1/4Q3AQMW58678/JPEG/1085944324//1560

    spybot found this

    and this is what norton keeps giving me HERE

    And THIS is what i get if i dont run adaware everytime i start up..

    and this is my most recent log of hijack this done 1 min ago

    ogfile of HijackThis v1.97.7
    Scan saved at 3:18:50 PM, on 5/30/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\AIM\aim.exe
    C:\Program Files\SpywareGuard\sgmain.exe
    C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE
    C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
    C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
    C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Brian\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\ogmpaaa.dll/sp.html (obfuscated)
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\ogmpaaa.dll/sp.html (obfuscated)
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {248D29C5-7370-45D6-B9CD-96C918A336F6} - C:\WINDOWS\System32\pccpa.dll (file missing)
    O2 - BHO: (no name) - {27FF790B-608E-47AD-8BA0-D5FCA78214CC} - C:\WINDOWS\System32\iiloaa.dll (file missing)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [ScreenPrint32] C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe -startup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKCU\..\Run: [Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID {DA9935BA-22F7-44ee-BD12-BD8B87700BEA}
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2e529727a6ef04/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - ]

    ive also updated my windows, so i should be all upto date
     
    Last edited: May 30, 2004
  15. orvar1001

    orvar1001 Guest

    i was able to fix the problem by runnig a system restore in win xp
    then i could install and update spware blaster
     
Loading...
Thread Status:
Not open for further replies.