Problem running spywareblaster

I have have been having some serious problems with coolwebsearch crap and not being able to get rid of it... i wanted to install spywareblaster to keep further thrests from being installed except when i install spywareblaster and try to run it i get this error "The program has been damaged, possibly by a bad sector of the hard drive or a virus. please reinstall it" no matter how many times i reinstall it it gives me the same error... also i ran scan disk .. no errors or bad sectors, and all that norton has found is some adware no viruses...

i run adaware all the time spybotsearch and destroy all the time i keep everyhting updated i cant get rid of this crap...arg please help thanks for any replys

 

Hey Brian,

You unfortunately are seeing a side effect of one of the CoolWebSearch variants. Hopefully JavaCool will be able to fix this in an upcoming update.

Recent thread concerning this---> This program has been damaged

 

thank you sir... anytips on spyware programs that can help me get rid of coolwebsearch crap... its not like i go to porn sites all the time.. and on the rare cahnce i do... they arent shady ones.. so i dont know how they go there .. must of been my cousin... but i need to get rid of them i had this coolwebsearch shredder thing.. it didnt find anything.. but adaware keeps finding it... any help is appriciated.

 

LOL @

98% of porn sites have some sort of popup/ spyware /cookie /dialer 2 get u

anyways, have u tried adaware & spybot (update them both b4 every scan) ?

make sure u enable ALL protections in spyware blaster once its working, it will keep u from getting 99% of cookies & dialers

hope this helps

 

yup i update all my programs i run right before i run them ill even update them or try to several times a day... .. why would norton detect an adware program.. and not beable to delete it... and about the porn iv ebeen using the same sites for years... never had a problem.. ive noticed tracking cookies but those arnt anything this coolweb crap is getting me mad though... anyway...thanks for the reply

 

norton wont (cant) delete something if its being used..

try removing it in safe mode, or killing explorer or the associated process and then enabling it again after its removed

 

What variant do you have.Get cwssdredder and find out which one you have.One or some actually close out cwsshreader,spybot and adaware.Look at this page for the variants http://www.spywareinfoforum.com/~merijn/cwschronicles.html One of my freinds had the CWS.Smartsearch.2 and it kept killing cwsshredder finally she downloaded a free trojan program and it killed part of CWS.Smartsearch.2 then she could run cwsshredder and if you do have that one you you can download a trojan program or on that page there is a link to download a small free file to kill part of CWS.Smartsearch.2 so you can run cwsshreader.Find out what variant you have and look here http://www.spywareinfoforum.com/~merijn/cwschronicles.html cwsshreader will tell you.

 

MCT i ran norton in safe mode and it still wouldnt get rid of it i beleive it said it was win.exe... which might be a problem.. i dunno though...

and dread.. im not sure what variant i have...what do you mean by kill csw shredder and spybot...? kill as it they couldnt complete .. because i can odo a full scan and find some problems.. see the thing is the only thing that finds the csw is adaware... norton finds somethign else and spybots finds stuff that neither of them finds...oh what a tangled web we wieve.. anyway none of my programs get killed... its just that adaware is the only one that finds CSW aafter i reboot...

 

Well for CWS.Smartsearch.2 it tries to close CWShredder, HijackThis, Ad-Aware, Spybot S&D and the SpywareInfo forums when they are opened. When you run cwshreader it will tell what variant it is. Look at what it says, it was say you have varient so and so. Where does adaware find it look at the details and no offense but norton sucks run this one if you can http://housecall.antivirus.com/housecall/start_corp.asp and see what it tells you. It would help alot if you know what your dealing with. Did a search dont know if it will help but look at this http://www.computercops.biz/print-1-42582.html try to do a windows update or something if that post is right. From what I have I seen from a google search on your error cuases a problem for several programs.One site says do a windows update cuase its a exploit another says get cwshreader.

 

also, just note, norton isnt an Anti-Spyware/Adware program, it is an antivirus, thus only detecting viruses, maybe some harmful malware but its not 2 be used as an adware/spyware scanner

regards

 

dread: yea i can run all the programs none of them get shut down... and i cant goto that website to do a virus scan... im using firefox.. and when i try using ie it goes to the page that downloads the software and it just gives me one of those dumb windows errors.. oh and yea i know i hate norton to...

MCT: oh im not using it just for that i ran a virus scan to see if i have any viruses and it detected something and said it was adware in its description...

blah down with norton... oh and im running spywarebuard now and it detected BHO changes to my IE when i tried running IE and adaware found more CSW but i dont beelive hijack this finds anything.... oh well ill continue to plug away at this thanks for the help

 

xXBrianXx what variant is it. If you can run all of these program it tells you what variant so what variant is it.

 

see the thing is hijack this doesnt say i have it .. adaware does.. heres my hijack log

Logfile of HijackThis v1.97.7
Scan saved at 2:50:19 PM, on 5/30/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\SpywareGuard\sgmain.exe
C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE
C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Brian\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\ogmpaaa.dll/sp.html (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\ogmpaaa.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {248D29C5-7370-45D6-B9CD-96C918A336F6} - C:\WINDOWS\System32\pccpa.dll (file missing)
O2 - BHO: (no name) - {27FF790B-608E-47AD-8BA0-D5FCA78214CC} - C:\WINDOWS\System32\iiloaa.dll (file missing)
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ScreenPrint32] C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe -startup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [Ad-aware] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe" +c
O4 - HKCU\..\Run: [Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID {DA9935BA-22F7-44ee-BD12-BD8B87700BEA}
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2e529727a6ef04/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab



norton says i have this win.exe adware.startpage.. i went through the steps to get rid of it form my registry but i couldnt find it in my registry.. heh oh well ill reboot and soo if anything popsup

 

ok these are my results from rebooting
adaware found http://65.75.186.160/picserver/img.php?/H2UV79L0N8K1/4Q3AQMW58678/JPEG/1085944324//1560

spybot found this

and this is what norton keeps giving me HERE

And THIS is what i get if i dont run adaware everytime i start up..

and this is my most recent log of hijack this done 1 min ago

ogfile of HijackThis v1.97.7
Scan saved at 3:18:50 PM, on 5/30/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE
C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Brian\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\ogmpaaa.dll/sp.html (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\ogmpaaa.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {248D29C5-7370-45D6-B9CD-96C918A336F6} - C:\WINDOWS\System32\pccpa.dll (file missing)
O2 - BHO: (no name) - {27FF790B-608E-47AD-8BA0-D5FCA78214CC} - C:\WINDOWS\System32\iiloaa.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ScreenPrint32] C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe -startup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKCU\..\Run: [Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID {DA9935BA-22F7-44ee-BD12-BD8B87700BEA}
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2e529727a6ef04/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - ]

ive also updated my windows, so i should be all upto date

 

i was able to fix the problem by runnig a system restore in win xp
then i could install and update spware blaster