Spyware Removal

  • Thread starter Thread starter Dennis Lazo
  • Start date Start date
D

Dennis Lazo

you can try mcafee's freescan found at
http://us.mcafee.com/root/mfs/default.asp?cid=9913

and see if it could remove the trojan. i've never been infected with a
virus in more than ten years using mcafee virusscan.

also you can also try using spybot search and destroy in order to check your
computer against spyware.
spybot search and destroy may be downloaded from
http://security.kolla.de/

hope this helps.
--
Regards,
Dennis Lazo

the email address from where this message has been sent from is unmonitored.
e-mails may be sent at http://dennislazo.com/email/.
information herein is provided as is with no warranties, and confers no
rights.
 
Newsgroup said:
I have a virus/Trojan 'type' of software that I can not get rid
off --CWS.Yexe

I have all the software, CWShredder (latest version), Norton's, Ad-ware,
Zone Alarm etc.. but I can not get rid off this virus!!!

This virus starts an iexplorer page by itself, that one can not see,
therefore it works in the back ground without anyone knowing. In the task
manager though you can see it under applications; therefore, now I control
it by not allowing iexplorer to connect through zone alarm. But this is
only a temp solution.

I have booted in safe mode, used CWShredder and removed the virus but it
keeps coming back every-time the machine is rebooted. Why are not the above
programs working to mitigate this threat on my PC and what other method can
I apply?

Thanks in advance for the help.
Click to expand...
There are not working because their is a second (hidden) .dll that will
regenerate the one that was removed.
I suggest that you download hijack this and post the results in
spywareinfo.com forums.

http://forums.spywareinfo.com/

They will also ask you to download register lite you can get that from here.
http://www.resplendence.com/reglite

Hijack this
http://www.majorgeeks.com/download3155.html

I wish you luck, Been their.
 
Your infection could be a new CoolWebSearch (CWS) hijack infection and is
hard to remove.

Note: Every time you reboot the files multiply and change names. This
process is like exterminating cockroaches.

Please download the tool called about:buster from:
http://www.downloads.subratam.org/AboutBuster.zip
or
http://www.majorgeeks.com/download4289.html

Unzip it to your desktop.
In WinME/XP turn off System Restore.
http://www.arnoldco.com/help/html/disable_restore.html

Important steps to getting this tool to work properly:

First unzip all files from the zip folder to a folder or your desktop. Run
AboutBuster.exe.
Then hit Ok, note that there is now an update button. Hit update and 'Check
for Update'.
If there is a newer version hit 'Download Update'. Wait while it downloads
then hit Start.

Then reboot into Safe Mode by tapping F8 key repeatedly during bootup.
Enable System Restore after the infection is removed.

Now for the scanning part. Run AboutBuster.exe Hit start and then Ok. The
program should start scanning.
This will scan your computer for the bad files and delete them. Then hit
exit and reboot into safe mode.

Run about:Buster again in safe mode to check that no remaining files remain.

The database will be updated very frequently so check your versions once a
day.

Install the prevention protection below:

Download and install WinPatrol.
http://www.winpatrol.com

Browser settings for increased security:
http://bshagnasty.home.att.net/browsersettings.htm

Install IE-SPYAD then run the install.bat in the ie-spyad folder and
download SpywareBlaster
https://netfiles.uiuc.edu/ehowes/www/resource.htm#IESPYAD
http://www.javacoolsoftware.com/spywareblaster.html
 
and one more thing,

your post indicates that the time and date of your windows xp is not
correct. for automatic time synch, double click on the time in your task
bar > click on internet time tab > check automatically synchronize with an
internet time server. you may use time.nist.gov, time.windows.com, or any
other ntp time server > click on apply > click on update now.

further, you may make sure that your computer is set on the correct time
zone you are present in by clicking the time zone tab > and choosing the
correct time zone > click apply.

hope this helps.
--
Regards,
Dennis Lazo

the email address from where this message has been sent from is unmonitored.
e-mails may be sent at http://dennislazo.com/email/.
information herein is provided as is with no warranties, and confers no
rights.
 
Newsgroup said:
I have a virus/Trojan 'type' of software that I can not get rid
off --CWS.Yexe
Click to expand...

Try Start -> run -> "MSconfig" -> OK

Select the startup tab and see there is anything listed there that isn't
mentioned at...

http://www.sysinfo.org/startuplist.php

If so don't just delete it. Do some more research first.

When my wifes PC got hit there were 60 (yes Sixty) processes there that were
pests.

Colin
 
Don't post your Hijack This log at the Spybot forum unless they ask for it.
They have redone their policies. You can post a regular message describing
the problems and solutions, but do not post your logs unless requested to do
so.
 
Newsgroup said:
I have a virus/Trojan 'type' of software that I can not get rid
Click to expand...
<snip>

BTW, you have another problem. Fix your clock to the correct current
date.
 
Create a directory on your hardrive to save HijackThis.exe. A directory
like c:\hijackthis. If you do not do this, you will not be able to use the
backup/restore features.

Download HijackThis from:

http://www.spywareinfo.com/~merijn/files/hijackthis.zip

or here:

http://www.bleepingcomputer.com/files/spyware/hijackthis.zip

Save this file into the directory you made previously and then run the
program named hijackthis.exe. When the program opens click on the Config
button, then click on the Misc Tools button, and click on the Check for
update online button. When it completes checking/applying updates press the
back button.

Now click on the Scan button and when it is finished click on the Save Log
button. A Notepad window will open with the contents of this log. Click on
Edit then click on Select all. Then click on Edit and then Click on Copy.

Create a reply to this post here or register an account and post a message
in the HijackThis Logs forums at http://www.bleepingcomputer.com and right
click in message area and select paste to paste the log into the post.

Someone will reply to you after reading this post. DO NOT fix any entries
unless you understand what you are doing.

To see a tutorial with screenshots on using HijackThis you can click on the
link below:

http://www.bleepingcomputer.com/forums/index.php?showtutorial=42
 
I have a virus/Trojan 'type' of software that I can not get rid
off --CWS.Yexe

I have all the software, CWShredder (latest version), Norton's, Ad-ware,
Zone Alarm etc.. but I can not get rid off this virus!!!

This virus starts an iexplorer page by itself, that one can not see,
therefore it works in the back ground without anyone knowing. In the task
manager though you can see it under applications; therefore, now I control
it by not allowing iexplorer to connect through zone alarm. But this is
only a temp solution.

I have booted in safe mode, used CWShredder and removed the virus but it
keeps coming back every-time the machine is rebooted. Why are not the above
programs working to mitigate this threat on my PC and what other method can
I apply?

Thanks in advance for the help.
 
Back
Top