CoolWebSearch

[Harry Tuttle]

Hi All, looks like I got coowebsearch last night. I ran adware right away
and it finds the cws files but hangs
my computer and does not remove them. Tryed CWSreader several times and most
times it reported
no cws files, then the last time I ran it it found one and
supposedly repaired it, however my homepage is still being redirected to
?blank.com?. I've read that this
CWS is next to impossible to remove. Could you please
point me in the right direction.
About 6 months I had a malware I couldn't remove so I reinstalled my OS and
everything else. I would like to avoid that this time if possiable.
Thanks
Dave
My OS.. WinXP-Home

 

[sh4d03]

Hi All, looks like I got coowebsearch last night. I ran adware right away
and it finds the cws files but hangs
my computer and does not remove them. Tryed CWSreader several times and most
times it reported
no cws files, then the last time I ran it it found one and
supposedly repaired it, however my homepage is still being redirected to
?blank.com?. I've read that this
CWS is next to impossible to remove. Could you please
point me in the right direction.
About 6 months I had a malware I couldn't remove so I reinstalled my OS and
everything else. I would like to avoid that this time if possiable.
Thanks
Dave
My OS.. WinXP-Home

www.dcnetworks.com.au/downloads

Go there and grab SpySweeper - I find it removes CWS without any troubles.

Sh4d03

--
If you require more assistance or if my suggestion works please E-mail me at
sh4d03 [at] TPG [dot] com [dot] au. Additionally, if you are able to provide
assistance to me and wish to E-mail me directly please also feel free to
contact me in this manner. Please ensure you include "Newsgroup_sh4d03"
in the
subject line. Please pay attention to the capitilisation. Emails sent to
this the above address which do NOT contain "Newsgroup_sh4d03" in the
subject line will fail to reach me.
Thanks,
Sh4d03

 

[Beauregard T. Shagnasty]

Hi All, looks like I got coowebsearch last night.

...and once you are clean, consider upgrading to a modern, secure,
unhijackable browser.

http://home.rochester.rr.com/bshagnasty/tips.html

 

[Andy]

Go there and grab SpySweeper -

www.dcnetworks.com.au/

Just downloaded a 30 day trial version of that and it looks good. I was
using Spybot Search & Destroy but this looks better - jury is still out on
whether its the best because I want to give it a run a little longer before
I make up my mind totally about it.

Cheers for the link,

Andy.


----------------------------------------------------------------------------
--------------------------

Hi All, looks like I got coowebsearch last night. I ran adware right away
and it finds the cws files but hangs
my computer and does not remove them. Tryed CWSreader several times and most
times it reported
no cws files, then the last time I ran it it found one and
supposedly repaired it, however my homepage is still being redirected to
?blank.com?. I've read that this
CWS is next to impossible to remove. Could you please
point me in the right direction.
About 6 months I had a malware I couldn't remove so I reinstalled my OS and
everything else. I would like to avoid that this time if possiable.
Thanks
Dave
My OS.. WinXP-Home

www.dcnetworks.com.au/downloads

Go there and grab SpySweeper - I find it removes CWS without any troubles.

Sh4d03

--
If you require more assistance or if my suggestion works please E-mail me at
sh4d03 [at] TPG [dot] com [dot] au. Additionally, if you are able to provide
assistance to me and wish to E-mail me directly please also feel free to
contact me in this manner. Please ensure you include "Newsgroup_sh4d03"
in the
subject line. Please pay attention to the capitilisation. Emails sent to
this the above address which do NOT contain "Newsgroup_sh4d03" in the
subject line will fail to reach me.
Thanks,
Sh4d03

 

[sh4d03]

Go there and grab SpySweeper -
www.dcnetworks.com.au/

Just downloaded a 30 day trial version of that and it looks good. I was
using Spybot Search & Destroy but this looks better - jury is still out on
whether its the best because I want to give it a run a little longer before
I make up my mind totally about it.

Cheers for the link,

Andy.


----------------------------------------------------------------------------
--------------------------

Hi All, looks like I got coowebsearch last night. I ran adware right

away

and it finds the cws files but hangs
my computer and does not remove them. Tryed CWSreader several times and

most

times it reported
no cws files, then the last time I ran it it found one and
supposedly repaired it, however my homepage is still being redirected to
?blank.com?. I've read that this
CWS is next to impossible to remove. Could you please
point me in the right direction.
About 6 months I had a malware I couldn't remove so I reinstalled my OS

and

everything else. I would like to avoid that this time if possiable.
Thanks
Dave
My OS.. WinXP-Home

www.dcnetworks.com.au/downloads

Go there and grab SpySweeper - I find it removes CWS without any troubles.

Sh4d03

--
If you require more assistance or if my suggestion works please E-mail me
at

sh4d03 [at] TPG [dot] com [dot] au. Additionally, if you are able to
provide

assistance to me and wish to E-mail me directly please also feel free to
contact me in this manner. Please ensure you include "Newsgroup_sh4d03"
in the
subject line. Please pay attention to the capitilisation. Emails sent to
this the above address which do NOT contain "Newsgroup_sh4d03" in the
subject line will fail to reach me.
Thanks,
Sh4d03

The three programs listed at the top of:

http://www.dcnetworks.com.au/downloads.htm will keep you out of trouble.
you may in some cases find SpyBot necessary but VERY rarely. I'm a
computer technician and those are the programs I use as tools on a daily
basis.

Sh4d03

 

[Thomas G. Marshall]

sh4d03 coughed up:

....[rip]...

www.dcnetworks.com.au/downloads

Go there and grab SpySweeper - I find it removes CWS without any
troubles.

Sh4d03

Are you someone that bumps into the CWS variants often? If so, and you
discover that something continues to stomp that @$%ing thing to death, then
report back here to re-confirm it periodically.

alt.privacy.spyware
alt.comp.anti-virus
alt.comp.virus

Similarly, if you discover that your tool hit a variant of the CWS that it
cannot get rid of, but a /different/ (perhaps older, perhaps not) tool /did
remove/, then report that here as well.

These ng's are continually filled with Cool Web Search victims. I suspect
that for every post actually asking what to do about it, there are 10000x as
many tacitly searching for what to do, so up-to-date advice like yours is
very valuable.

 

[Silly Me]

I followed the link to Spy Audit at http://www.webroot.com and it reports
NeededWare on my system:

Spyware Found on Your Computer
Trojans 0
System Monitors 0
Adware (See list) 1
(Close list)
* NeededWare
Adware Cookies 0

Running Ad-Aware, Spybot S&D, NAV, Winpatrol, and SpywareBlaster updated
daily, they report no adware.

I read the info at
http://www.sarc.com/avcenter/venc/data/adware.neededware.html
and searched the registry for a few of the strings named in "3. Adds the
values:"
LastAdShownDate - no hits
wserv - hits as a substring of browserview, and a few other keys that are
valid

HijackThis Log:
Logfile of HijackThis v1.99.0
Scan saved at 10:27:40 AM, on 2/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Symantec\DeepSight Extractor\ExtractorService.exe
C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton Personal Firewall\ccPxySvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\taskswitch.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsmnt.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Microsoft Office\Office10\msoffice.exe
C:\Program Files\Xearth\xearth.exe
C:\Program Files\United Devices\UD.EXE
C:\Program Files\NIST\nistime-32bit.exe
C:\Program Files\United Devices\ud_7657531.exe
C:\Program Files\United Devices\ud_7657531_0.dir\WCGrid_Rosetta.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\40tude Dialog\dialog.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Castlecops\Hijack This\HijackThis.exe

O15 - Trusted Zone: http://www.shop.intuit.com
O16 - DPF: {1B9935E4-8A50-4DD8-BD09-A7518723BF97} (Talisma NetAgent
Customer ActiveX Control version 3) -
https://quicken.ehosts.net/netagent/objects/custappx3.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus
scanner) -
http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program
Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: DeepSight Extractor CC Service - Unknown - C:\Program
Files\Symantec\DeepSight Extractor\ccExtractorService.exe
O23 - Service: Symantec Password Validation Service - Symantec Corporation
- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service - Symantec Corporation - C:\Program
Files\Norton Personal Firewall\ccPxySvc.exe
O23 - Service: Deepsight Extractor - Unknown - C:\Program
Files\Symantec\DeepSight Extractor\ExtractorService.exe
O23 - Service: GhostStartService - Symantec Corporation -
C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation
- C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Personal Firewall Accounts Manager - Symantec
Corporation - C:\Program Files\Norton Personal Firewall\NISUM.EXE
O23 - Service: Norton Unerase Protection - Symantec Corporation -
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) - Unknown
- %ProgramFiles%\WinPcap\rpcapd.exe (file missing)
O23 - Service: ScriptBlocking Service - Symantec Corporation -
C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation -
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation -
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Program
Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

I run HijackThis about once a week and put everything in the ignorelist if
it checks out. That way I know if something new shows up. I cleared the
ignorelist before running HijackThis in the above log.

I do not see anything that looks like malware. Am I overlooking something
or is it a false positive?

TIA