Cookie on system cannot be deleted - Even in safe mode

  • Thread starter Thread starter Diana
  • Start date Start date
D

Diana

I deleted all the cookies on my system in hopes of
eliminating the spyware no one's software seems to be
able to eliminate. One cookie was from
diamondorganocs.com and could not be deleted. I restarted
in safe mode and couldn't delete it either. I visited the
site to see what it was about. It seems to be an innocent
site that sells organic foods, but while there, I got a
pop-up that looked like a system message. It couldn't be
closed using alt/F4. If you click anywhere on it,
the "Yes" button presses in and tries to download. I have
a hunch that Microsoft can find the latest spyware out
there by visiting this site.

Any suggestions on how to get rid of this pest?
 
Hi diana Ive just tried to get this cookie by visiting
the site as its very strange you cannot delete it
especially if you have also tried in safe mode

I cannot find a listing for diamondorganocs.com but
assumed the o was a mistake as there is
diamondorganics.com but after scanning a few pages it
still didnt place a cookie into my pc,Are you a member of
this site?,i think if i signed up and opened a account
there then it would place a cookie to remember my
username and password but didnt want to go that far.

What makes you think you have spyware that nothing is
finding or is it just the cookie that you cannot remove
that is worrying you

you could run hijack this if you think you have problems
that nothing is fixing and must admit have never heard of
a cookie that cant be deleted,thats why i tried to get it
myself but with the site i visited i didnt get any pop
ups or any cookies placed on my pc so its hard to say
what the problem is.I have a fair bit of protection on my
pc so maybe mine is blocking something silently which is
showing up on yours.

You can get hijack this at this link should you feel that
its needed
http://www.spywareinfo.com/~merijn/files/hijackthis.zip

Theres alot of support forums that can help you with this
hijack this log,You can even email it to me and i will
take a look at it for you if you want,it will take me a
couple of days though to reply if its in the week as i
work long hours.Its not MSAntispy related so think they
might object to us discussing it on this forum


Regards Andy
 
I think I got the cookie during a visit to
http://plproduction.sphosting.com. The cookie is
diamondorganics.com. I'd never been to this site. That's
why I thought it was odd that I had the cookie. I wrote
to the site webmaster to see if they can help.

I updated to service pack 2, and still can't remove it.
 
I used the "erase footprints" function in AntiSpyWare to
eliminate all cookies and suceeded in getting rid of
diamondorganics.com. However, when I rebooted, I re-ran
AntiSpyware. SearchMiracle.AdDownloader is still in the
system and the diamondorganics.com cookie reappeared
shortly after I connected to the Internet.
 
Hi again Diana that shows you have another problem
(searchmiracle) that is hard to remove as it keeps
regenerating itself but im sure we can get rid of it Im
not going the MS Antispy way as i know spybot and adaware
doesnt remove this either unless they have added it into
the new definitions but follow these tips and im sure we
can can remove it for good.

First download these if you dont already have them,its
important you use all as they all do something different
and then update the definitions when istalled but dont
need to run any of them yet just update now while we are
still in normal mode:

Ad-aware SE

http://www.majorgeeks.com/downloadget.php?
id=506&file=11&evp=8dbaff7daca8f4b55bf695220993fc0f

Spybot Search & Destroy

http://www.majorgeeks.com/downloadget.php?
id=2471&file=11&evp=2470f9bfb0cc682334ff8c4459556118

SpywareBlaster

http://majorgeeks.com/downloadget.php?
id=2859&file=11&evp=61b0e8ad41924a03c37615f4682b4cef

CWShredder

http://www.majorgeeks.com/downloadget.php?
id=4086&file=11&evp=6742c4ccda2599a3d6c5901960cc6e24

CCleaner (removes unused and temporary files from your
system)

http://majorgeeks.com/downloadget.php?
id=4191&file=11&evp=a12d758b021af1a4f0a6bfe45b0c7a82


Now to removing :

Reboot and go into safe mode(Tapping F8 on the bios
screen to you get the options)

Check the Add/Remove screen for any signs of these and
remove if found

SearchMiracle
SurfSideKick 2
EliteToolBar
ZESOFT
Windows ControlAd
WeatherBug

Search for these files and delete any found(go to search
then to tools at the top bar,then folder options,go to
the second page and make sure there is a tick next
to 'show hidden files and folders' )

C:\Program Files\Windows AdTools (whole folder)
C:\WINDOWS\EliteToolBar (whole folder)
C:\WINDOWS\autoupdt.exe
C:\WINDOWS\SYSTEM32\WINYRS32.EXE
C:\WINDOWS\EliteBar <---- delete the whole directory
C:\windows\system32\winvju32.exe
searchmiracle (look for any files but unlikely to find)

Now while still in safe mode run Adaware,Spybot and
CWShredder

Then run CCleaner and follow the onscreen commands

Then go to Start,Run type %temp% and delete anything you
find in here or as much as possible as they are not needed

Then go to start again run and type cleanmgr to clean up
your disk space

Now reboot your PC and hopefully it will be gone,now run
Spyware blaster and update then enable all protection.

And thats it I think we would of killed it I'm going to
post Nortons Way at the bottom of this page but
personally find it to be a pain but if you feel confident
using regedit then maybe check for them,the problem with
there method is that they group alot of adware together
as searchmiracle tries to add these other sites into your
safe list which makes it possible other stuff has got
through but if you think its searchmiracle then this will
have deleted all the files and folders.


If you need any more help just post back and i will be
back on later today so will reply then

Good luck

Regards Andy






Heres Nortons Approach to removing the registry changes



Click Start > Run.

Type regedit

Then click OK.


Navigate to and delete these keys:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersi
on\Internet Settings\ZoneMap\Domains\blazefind.com
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersi
on\Internet Settings\ZoneMap\Domains\clickspring.net
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersi
on\Internet Settings\ZoneMap\Domains\flingstone.com
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersi
on\Internet Settings\ZoneMap\Domains\mt-download.com
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersi
on\Internet Settings\ZoneMap\Domains\my-internet.info
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersi
on\Internet Settings\ZoneMap\Domains\searchbarcash.com
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersi
on\Internet Settings\ZoneMap\Domains\searchmeup.cc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersi
on\Internet Settings\ZoneMap\Domains\searchmiracle.com
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersi
on\Internet Settings\ZoneMap\Domains\skoobidoo.com
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersi
on\Internet Settings\ZoneMap\Domains\slotch.com
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersi
on\Internet Settings\ZoneMap\Domains\xxxtoolbar.com
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersi
on\Internet Settings\ZoneMap\Ranges\Range1
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersio
n\Internet Settings\ZoneMap\Domains\blazefind.com
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersio
n\Internet Settings\ZoneMap\Domains\clickspring.net
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersio
n\Internet Settings\ZoneMap\Domains\flingstone.com
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersio
n\Internet Settings\ZoneMap\Domains\mt-download.com
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersio
n\Internet Settings\ZoneMap\Domains\my-internet.info
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersio
n\Internet Settings\ZoneMap\Domains\searchbarcash.com
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersio
n\Internet Settings\ZoneMap\Domains\searchmeup.cc
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersio
n\Internet Settings\ZoneMap\Domains\searchmiracle.com
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersio
n\Internet Settings\ZoneMap\Domains\skoobidoo.com
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersio
n\Internet Settings\ZoneMap\Domains\slotch.com
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersio
n\Internet Settings\ZoneMap\Domains\xxxtoolbar.com
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersio
n\Internet Settings\ZoneMap\Ranges\Range1


Navigate to the key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersio
n\WinTrust\Trust Providers\Software Publishing\Trust
Database\0


In the right pane, delete the values:

" ppcimdnnnjbeahepfabjipfginloedkg egckak" = "CDT inc."
"goicfboogidikkejccmclpieicihhlpo ejemdn" = "MediaTickets"
"goicfboogidikkejccmclpieicihhlpo bihgbp" = "Integrated
Search Technologies"


Navigate to the keys:

HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVers
ion\Internet Settings
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersio
n\Internet Settings


In the right pane, delete the values:

"MinLevel" = "Code Download"
"Safety Warning Level" = "SucceedSilent"
"Security_RunActiveXControls" = "0x01000000"
"Security_RunScripts" = "0x01000000"
"Trust Warning Level" = "No Security"


Navigate to the key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersio
n\Internet Settings\Zones\2


In the right pane, delete the values:

"2001" = "0x00000000"
"2004" = "0x00000000"


Exit the Registry Editor.
 
Back
Top