| 0 |
Subject: CoolSearch/Search Everything sucks
Posted by: Khahan
- [64371716] Mon, May 17, 2004, 17:40
I need help. I keep getting coolsearch hijack trojans. Up until today I was pretty good at cleaning them off myself. Now I've got one that appears to be pretty new.
It sets my browser page to mypoiskovik.com (DO NOT GO THERE). There are a number of well hid processes that run. My system alerted me the moment it was detected (just about 2 hours ago by an email virus). I've noticed a huge difference in performance since then.
I've run CWShredder (which is made specifically to deal w/ various coolsearch programs).
I've run adaware and spybot and mcafee antivirus (which sucks for trojans). I've gone into the regedit and deleted a few of the files. ITS STILL HERE!.
Can anybody help? |
| 1 | j o s h
ID: 384161713
Mon, May 17, 2004, 18:54
|
It happened to me once and i dont remember exactly. Try here if cool search and "cws" are one in the same.
|
| 2 | PermDude
ID: 2343587
Mon, May 17, 2004, 20:10
|
As a prevetative, get Spyware Blaster which runs in the background (like a good anti-virus program does).
See if you can run AdAware and/or Spybot to run at the next bootup (that is, before Windows loads). Sometimes the spyware is engaged by Windows and can't be removed--getting it at bootup gets it before it ties in.
pd
|
| 3 | Khahan
ID: 364131722
Mon, May 17, 2004, 23:19
|
Thanks guys. Those helped a little. This is what I've learned of coolsearch in the past few weeks:
Its a company that specializes in trojans and hijackers.
All they do is update coolsearch, almost on a daily basis. Because of that, most spyware removal programs miss it.
Coolsearch (or coolwebsearch) is to the point where it is programmed to actually shut down spyware removal programs when they are started.
Typically, the only way I've been able to get rid of it is to hunt down the executable from "MY Computer" and physically delete it myself. Then go into the regedit and delete all instances of it (usually in local_machine/software/microsoft/iexplorer/main and local_machine.../search
So far I have found 2 executables: jushed32.exe and ieegine.exe
Other programs that usually accompany these pains in the arses:
purityscan
wanmpsvc.exe
winlogin.exe (not to be confused with winlogon which is a good thing, winlogin is a bad thing).
|
| 4 | TB
Leader
ID: 31811922
Tue, May 18, 2004, 00:23
|
Baldwin posted a link to this in the politics forum: Start-Up Monitor
Great little program that notifes you anytime a program tries to add itself or modify your registry. Lets you block access. My favorite program by far.
He also posted a link to this site Hijack This
HijackThis examines certain key areas of the Registry and Hard Drive and lists their contents. These are areas which are used by both legitimate programmers and hijackers. It's up to you to decide what should be removed. Some items are perfectly fine. They have a help forum where you can post your results. Another great program.
|
| 5 | chizz1
ID: 454541816
Tue, May 18, 2004, 18:04
|
I posted on the politics board a few weeks ago about some nasty stuff I was dealing with and Baldwin's link to the forums at hijackthis was life-saving. I couldn't recommend it any higher.
|
| 6 | R9
Leader
ID: 2624472
Tue, May 18, 2004, 21:01
|
I also use Hijack This! regularly, great little program. I know what to look for as far as whats good and what isn't, but if your not sure post your results over at the Hijack This! forum and the experts there can let you know what to get rid of.
StartupMonitor looks solid as well, I'm going to check it out now.
|
|
|
|
Post a reply to this message: (But first, how about checking out this sponsor?)
|