Re: CWShredder v1.52.2

Discussion in 'other anti-malware software' started by jole60, Mar 3, 2004.

Thread Status:
Not open for further replies.
  1. jole60

    jole60 Registered Member

    Joined:
    May 26, 2003
    Posts:
    5
    Other posts in this forum have indicated that an earlier version deletes the HOSTS file. This file has always been missing from my XP Home (IE 6) pc . There is a lmhosts.sam file located in C/Windows/Drivers/etc which seems to be an example of how a HOSTS file should look. When I do a CWS scan, the following results appear:

    CWShredder v1.52.2 scan only report

    Windows XP (5.01.2600 SP1)
    Windows dir: C:\WINDOWS
    Windows system dir: C:\WINDOWS\system32
    AppData folder: C:\Documents and Settings\Joel\Application Data
    Username: Joel

    Hosts file not present
    Shell Registry value: HKLM\..\WinLogon [Shell] Explorer.exe
    UserInit Registry value: HKLM\..\WinLogon [UserInit] C:\WINDOWS\system32\userinit.exe,
    CWS.Oslogo (if value is 2) Registry value: Domains: *.coolwebsearch.com [*] dword:4
    CWS.Oslogo (if value is 2) Registry value: Domains: *.coolwwwsearch.com [*] dword:4
    CWS.Googlems.2 (if value is 2) Registry value: Domains: *.xxxtoolbar.com [*] dword:4
    Registry value: DefaultPrefix (should be http://) [] http://
    Registry value: WWW Prefix (should be http://) [www] http://
    Registry value: Mosaic Prefix (should be http://) [mosaic] http://
    Registry value: Home Prefix (should be http://) [home] http://
    Found Win.ini file: C:\WINDOWS\win.ini (596 bytes, A)
    Found System.ini file: C:\WINDOWS\system.ini (256 bytes, A)

    - END OF REPORT -

    When I do a CWS fix, however, no CWS variants or affiliates are identified as present and the report indicates that my system is completely clean. A repeat scan comes up with the same results above.

    I would greatly appreciate any assistance in interpreting the scan findings as well as help in taking any necessary corrective action.
     
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    Hi jole60,

    No corrective action is needed.
    Trust me, if you had been infected with CWS, you would know.
    Popups, freezes, hijacked browser etc.

    If you look at the Scan report you will see:

    Windows dir: C:\WINDOWS
    Windows system dir: C:\WINDOWS\system32
    AppData folder: C:\Documents and Settings\Joel\Application Data

    Shell Registry value: HKLM\..\WinLogon [Shell] Explorer.exe
    UserInit Registry value: HKLM\..\WinLogon [UserInit] C:\WINDOWS\system32\userinit.exe,

    Registry value: DefaultPrefix (should be http://) [] http://
    Registry value: WWW Prefix (should be http://) [www] http://
    Registry value: Mosaic Prefix (should be http://) [mosaic] http://
    Registry value: Home Prefix (should be http://) [home] http://
    Found Win.ini file: C:\WINDOWS\win.ini (596 bytes, A)
    Found System.ini file: C:\WINDOWS\system.ini (256 bytes, A)

    The above are all as they should be by default. (It just shows what values CWShredder checks.)

    So are these, but they are not default on your computer:
    CWS.Oslogo (if value is 2) Registry value: Domains: *.coolwebsearch.com
    dword:4
    CWS.Oslogo (if value is 2) Registry value: Domains: *.coolwwwsearch.com
    dword:4
    CWS.Googlems.2 (if value is 2) Registry value: Domains: *.xxxtoolbar.com
    dword:4

    You are probably using IE-Spyad or a similar program that puts these sites in your restricted zone (4) where CWS would put them in your trusted zone (2)

    Hope this takes away any confusion.

    Regards,

    Pieter
     
  3. jole60

    jole60 Registered Member

    Joined:
    May 26, 2003
    Posts:
    5
    Hello Pieter. I am much relieved! Both xxxtoolbar.com, coolwwwsearch.com, and coolwebsearch.com are in the restricted zone courtesy of SpySites. As a secondary issue, I would like to install IE-Spyad but have been hesitant to do so in view of my missing HOSTS file. In this regard, how do I create this file?

    Again, thank you for your assistance.
     
  4. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    Hi jole60,

    There are several hosts files made by "people in the know" available, that you can download to the correct location and you would be ready.
    You can find a good one with explanation here: http://www.mvps.org/winhelp2002/hosts.htm

    Regards,

    Pieter
     
  5. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    To the best of my knowledge, IE-SPYAD doesn't interact with and is not part of your actual "hosts" file - it's simply a list of sites/addresses that gets added to your IE "Restricted Sites" Zone (which must be configured to block everything to work correctly). HTH Pete
     
  6. Nick

    Nick Registered Member

    Joined:
    May 14, 2002
    Posts:
    187
    Location:
    California
    I use IE Spyads and it doesn't do anything with your Hosts files. I don't adjust my Hosts file and the only thing that's ever been it it is the 127 local one. So to answer your question, IE Spyads doesn't affect your Hosts file.

    One thing to point out though, is that IE Spyads is user dependent. If you have more than one user on WinXP/2000 or are using profiles on Win98/ME, then only the user/profile that is being used during the initial install will have the protection. You need to install it for every user to have full protection for the computer.
     
  7. Pretender

    Pretender Registered Member

    Joined:
    Apr 23, 2002
    Posts:
    670
    Location:
    Virtual Paradise
    Another good info site for HOSTS file is at:

    http://www.accs-net.com/hosts/how_to_use_hosts.html
     
  8. jole60

    jole60 Registered Member

    Joined:
    May 26, 2003
    Posts:
    5
    Thank you Pieter, spy1, Nick, and Pretender for the additional useful information.
     
  9. Pretender

    Pretender Registered Member

    Joined:
    Apr 23, 2002
    Posts:
    670
    Location:
    Virtual Paradise
    You're welcome, have a karma cookie on me.
     
Thread Status:
Not open for further replies.