Re: strange virus/spyware

From: Malke (malke_at_nospoonnotreally.com)
Date: 07/29/04 

Date: Thu, 29 Jul 2004 05:28:26 -0700

BILLW wrote:

> I use WIN 98SE, IE 6.0 and OE 6.0.
>
> For some reason when I go to my.yahoo (personalized part of yahoo.com)
> netscape.net, the page momentarily appears but then is booted off and
> I get page of links to some businesses and a pop up asking about
> spyware on my system (believe this is trying to sell me something) The
> page is the same in
> both instances. It looks like some form of spyware I guess.
>
> I use updated Adaware, AVG, and a pop up stopper. and clean out my
> startup folder so minimal programs startup after a reboot.
>
> Apparently something is on my system causing this, any suggestions?
>

It does in fact sound like you have a hijacker on board. Make sure you
have the latest version of Ad-aware and have updated its reference file
before running. It takes more than one application to remove some of
the more difficult variants of CoolWebSearch, for instance. Here are
general instructions:

Remove spyware with Spybot Search & Destroy from
www.safer-networking.org and Ad-aware from www.lavasoftusa.com. Be sure
to update these programs before running them. These programs are free,
so run them both since they complement each other. It is best to run
antivirus and spyware removal tools in Safe Mode. You may also want to
run CWShredder and HijackThis from http://aumha.org/freeware.htm.
Although CWShredder is no longer being updated, it will still clean
older variants of the CoolWebSearch malware. Please read the
instructions carefully. I find a combination of HijackThis and AdBuster
work well to get rid of stubborn hijackers, but they are expert tools.
Also, make sure you've visited Windows Update and applied all security
patches. Do not install driver updates from Windows Update. Make sure
you are running a firewall.

Malke 

-- 
MS MVP - Windows Shell/User
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic!"

Relevant Pages

  • Re: about:blank page - where is this setting?
    ... even CWShredder, but the coolweb thing just comes back after a reboot. ... Next step is to hack the registry, ... I will try downloading HijackThis, though I'm losing so much time on ... >> any of the spyware apps to make any difference. ...
    (microsoft.public.windows.inetexplorer.ie6.browser)
  • Re: Home page hijacked by Cool Web Search
    ... Get CWShredder ... "Check for Spyware" suggestions: ... as does HijackThis (Only more so. ... Other tutorials for Spybot S&D ...
    (microsoft.public.windows.inetexplorer.ie6.browser)
  • Re: mouse pointer
    ... It is best to run antivirus and spyware ... HijackThis from http://aumha.org/freeware.htm. ... Although CWShredder is ... Do not install driver updates from Windows Update. ...
    (microsoft.public.windowsxp.general)
  • Re: SHELL.DLL
    ... disable the service in Safe Mode and do all the "normal" spyware ... Unfortunately, CWShredder ... Please read the instructions carefully and do not post your HijackThis ... make sure you've visited Windows Update ...
    (microsoft.public.windowsxp.general)
  • Re: ZHotkey.exe error
    ... Doing a Google for "ZHotkeye.exe" brings up nothing but spyware links, ... You may also want to run CWShredder and HijackThis from ... A combination of HijackThis and About:Buster ... Do not install driver updates from Windows Update. ...
    (microsoft.public.windowsxp.general)