what the hell???

Discussion in 'adware, spyware & hijack cleaning' started by tiger, Jan 18, 2004.

Thread Status:
Not open for further replies.
  1. tiger

    tiger Registered Member

    Joined:
    Jan 18, 2004
    Posts:
    2
    Okay now this really gets me mad.

    My home page does not appear
    I got a different home page called ( Find4u.net )


    at the bottom of the page
    I click on (help) and it says exactlly how to solve
    the problems I am having.

    I have tried it many times and yet nothing changes.

    Yes I do go to Tools and set my home page but it
    does not stay always.

    when I turn on or restart my computer
    it always starts with (find4u.net) website.

    I have 4 adult links on my favorites
    (which I have never put on) Yes I keep deleting them

    but makes no difference each time I turn on or
    restart my computer it's always there.

    I do have the 2004 antivirus and do a full system scan
    which detects nothing bad.

    Is somone playing around?
    what ever it is I need to stop it and take it away. :mad:
     
  2. subratam

    subratam Registered Member

    Joined:
    Nov 14, 2003
    Posts:
    1,310
    Location:
    Issaquah, WA
    hi tiger,
    welcome to wilders...
    would you please download CWShredder and run it once and then please follow the instructions
    And then do wait for an expert to help you in the best possible way
    thx
     
  3. tiger

    tiger Registered Member

    Joined:
    Jan 18, 2004
    Posts:
    2
    wow it work't!!! :eek: :eek: :eek:


    Thanks a lot :)
    but will I run into problems like this again?

    how do these things go on anyway?


    what ever it is Im glad I found these forums! :D
     
  4. snowbound

    snowbound Retired Moderator

    Joined:
    Feb 18, 2003
    Posts:
    8,723
    Location:
    The Big Smoke
    Hi tiger :)

    Just to be sure your system is clean u should post a HijackThis log to see if there is anymore malware.

    One of the experts will read your log and advise u if they see any more problems.

    If u like just go the instuctions page subratam gave u.





    snowbound
     
  5. subratam

    subratam Registered Member

    Joined:
    Nov 14, 2003
    Posts:
    1,310
    Location:
    Issaquah, WA
    hi thr tiger,
    glad wilders could help you. :)
    ok now your questions.. maybe these will answer some part if not the full to you..
    (--> CWShredder website )
    We are pretty sure now CoolWebSearch is part of a new strain of trojans that have recently been identified that all have one thing in common: they install through the ByteVerify exploit in the MS Java VM and change the IE homepage, search page, search bar, etc. Take a look at this snippet from the description of the Java.Shinwow trojan:
    This is a growing family of trojans that exploits the ByteCodeVerifier vulnerability in the Microsoft Virtual Machine to execute unauthorized code on an affected machine.
    The variants of this trojan that we have seen in the wild have been functionally diverse; the common factor amongst them has been the use of the ByteVerify exploit to achieve their goals. Some variants may do little more than change the user's default Internet Explorer home page and/or search page via modifications to the registry.

    We strongly recommend you install the patch, available from this MS security bulletin. If you have Windows XP with Service Pack 1a, your system has no MS Java VM. Information on removing the MS Java VM completely and replacing it with the newer, safer Sun Java VM can be found here.

    An a side note, some of the affiliates (Search-Meta has been verified) use another Java exploit to install their malware. It's classified as the JS.Exception.Exploit, and a patch can be downloaded from this MS security bulletin.

    In general, it's a good idea to keep your system up-to-date from WindowsUpdate!!


    thx
     
  6. unlucky

    unlucky Registered Member

    Joined:
    Feb 6, 2004
    Posts:
    1
    Was there a reply to this question? I too need to know how to get rid of Find4U.

     
  7. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    Hi unlucky,

    Download and run: http://www.merijn.org/files/CWShredder.exe
    Use the Fix button.

    Regards,

    Pieter
     
Thread Status:
Not open for further replies.