Re: cOOL

From: paintpearl (paintpearl_at_discussions.microsoft.com)
Date: 12/05/04

• Next message: David H. Lipman: "Re: ope5b.exe"
• Previous message: cquirke (MVP Win9x): "Re: cOOL"
• In reply to: Malke: "Re: cOOL"
• Next in thread: David H. Lipman: "Re: cOOL"
• Reply: David H. Lipman: "Re: cOOL"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Sun, 5 Dec 2004 12:25:02 -0800

Ok guys.I have done the safe mode thing.I ran my Spybot Search and Destroy.It
found 3 entries which were DSO Exploit.I did the repair thing on these and it
said it repaired the 3 items.Then I ran my CWShredder.It said that the
CoolWeb was not found on my system,yet it is there in my programs list in the
control panel under add/remove programs.The only thing I did not understand
was how to make sure I am showing "all hidden files and extensions" in the
folder options.What folder options,and how do I get there.Any more help from
you guys?I am really aggravated with this.How do I get rid of the Trojan IRC
virus?You guys have been so friendly.Thanks for your patience and help.

"Malke" wrote:

> paintpearl wrote:
>
> > Does anyone know how to get rid of this program?It will pop up and my
> > Norton 2005 anti-virus will tell me about some viruses.Any help?
>
> You haven't given us a lot of information to work with, so do these
> malware troubleshooting steps. All scans should be done in Safe Mode.
> Links follow the steps.
>
> 1) Scan in Safe Mode with current version (not earlier than 2003)
> antivirus using updated definitions.
>
> 2) Remove spyware with Spybot Search & Destroy and Ad-aware. These
> programs are free, so use them both since they complement each other.
> There is a new version of CWShredder from Intermute. I would not
> install the other Intermute programs, however. Alternately, there are
> CoolWebSearch malware removal steps at SilentRunners.
>
> Be sure to update these programs before running, and it is a good idea
> to do virus/spyware scans in Safe Mode. Make sure you are able to see
> all hidden files and extensions (View tab in Folder Options).
>
> HijackThis is an excellent tool to discover and disable hijackers, but
> it requires expert skill. See below for HijackThis links. A combination
> of HijackThis and About:Buster works well in removing the About:Blank
> homepage hijacker. Again, this is an expert tool and novices should get
> help with it.
>
> 3) If you are running Windows ME or XP, you should disable/enable System
> Restore because malware will be in the Restore Points. With ME, you
> must disable System Restore completely. With XP, you can delete all but
> the most recent (presumably clean) System Restore point from the More
> Options section of Disk Cleanup (Run>cleanmgr).
>
> 4) Make sure you've visited Windows Update and applied all security
> patches. Do not install driver updates from Windows Update.
>
> 5) Run a firewall.
>
> Links to help with malware:
>
> Software/Methods:
> http://www.safer-networking.org - Spybot Search & Destroy
> http://www.lavasoftusa.com - Ad-aware
> http://www.majorgeeks.com - good download site
> http://www.intermute.com/spysubtract/cwshredder_download.html
> http://www.silentrunners.org/sr_cwsremoval.html. - SilentRunners
>
> HijackThis:
> http://www.aumha.org/a/hjttutor.htm - HijackThis tutorial by Jim
> Eshelman
> http://spywarewarrior.com/viewforum.php?f=5 - Spyware Warrior HijackThis
> forum
> http://www.wilderssecurity.com/
> http://forums.tomcoyote.org/
> http://www.spywareinfo.com/forums/
>
> General:
> http://forum.aumha.org/ - look under "Security" for various forums
> http://rgharper.mvps.org/cleanit.htm
> http://mvps.org/winhelp2002/unwanted.htm
> http://www.aumha.org/a/parasite.htm - The Parasite Fight
> http://www.spywarewarrior.com/rogue_anti-spyware.htm
>
> Malke
> --
> MS MVP - Windows Shell/User
> Elephant Boy Computers
> www.elephantboycomputers.com
> "Don't Panic!"
>

• Next message: David H. Lipman: "Re: ope5b.exe"
• Previous message: cquirke (MVP Win9x): "Re: cOOL"
• In reply to: Malke: "Re: cOOL"
• Next in thread: David H. Lipman: "Re: cOOL"
• Reply: David H. Lipman: "Re: cOOL"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Computer freezes ... scan with HijackThis. ... If you are running Windows ME or XP, you should disable/enable System ... System Restore point from the More Options section of Disk Cleanup ... Do not install driver updates from Windows Update. ... (microsoft.public.windowsxp.general) Re: error messages ... scan with HijackThis. ... If you are running Windows ME or XP, you should disable/enable System ... System Restore point from the More Options section of Disk Cleanup ... Do not install driver updates from Windows Update. ... (microsoft.public.windowsxp.general) Re: frequent crashiing ... > If you can get into Safe Mode, then it likely is not a hardware issue. ... >>> install the other Intermute programs, ... >>> scan with HijackThis. ... you must disable System Restore completely. ... (microsoft.public.windowsxp.general) Re: Trojan horse ... Johnny wrote: ... You will be able to delete those files in Safe Mode. ... Windows Update. ... you do it from the System Restore tab in the Control Panel System ... (microsoft.public.security.virus) Re: Taskbar disappearing and reappearing ... >> After reading the HP web pages, I set my System Restore memory usage ... See below for HijackThis links. ... > Restore because malware will be in the Restore Points. ... Do not install driver updates from Windows Update. ... (microsoft.public.windowsxp.general)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint