Re: cOOL
From: David H. Lipman (DLipman~nospam~_at_Verizon.Net)
Date: 12/05/04
- Next message: Malke: "Re: cOOL"
- Previous message: David H. Lipman: "Re: ope5b.exe"
- In reply to: paintpearl: "Re: cOOL"
- Next in thread: paintpearl: "Re: cOOL"
- Reply: paintpearl: "Re: cOOL"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 5 Dec 2004 15:52:32 -0500
Please try the following to remove "Trojan IRC", and "SDBot" anmd "Spybot" worms.
The DSO Exploit that SpyBot S&D detected is a False Positive declaration.
1) Download the following four items...
McAfee Stinger
http://vil.nai.com/vil/stinger/
Trend Sysclean Package
http://www.trendmicro.com/download/dcs.asp
Latest Trend Pattern File.
http://www.trendmicro.com/download/pattern.asp
Adaware SE (free personal version v1.05)
http://www.lavasoftusa.com/
Create a directory.
On drive "C:\"
(e.g., "c:\New Folder")
or the desktop
(e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")
Download Sysclean.com and place it in that directory.
Download the Trend Pattern File by obtaining the ZIP file.
For example; lpt281.zip
Extract the contents of the ZIP file and place the contents in the same directory as
sysclean.com.
2) Update Adaware with the latest definitions.
3) If you are using WinME or WinXP, disable System Restore
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
4) Reboot your PC into Safe Mode
5) Using Trend Sysclean, Stinger and Adaware, perform a Full Scan of your
platform and clean/delete any infectors/parasites found.
(a few cycles may be needed)
6) Restart your PC and perform a "final" Full Scan of your platform using the three
utilities; Trend Sysclean, Stinger and Adaware
7) If you are using WinME or WinXP, Re-enable System Restore and re-apply any
System Restore preferences, (e.g. HD space to use suggested 400 ~ 600MB),
8) Reboot your PC.
9) If you are using WinME or WinXP, create a new Restore point
* * * Please report your results ! * * *
Dave
"paintpearl" <paintpearl@discussions.microsoft.com> wrote in message
news:05C3CBC7-82F2-4A56-B2C3-712FF31323F7@microsoft.com...
| Ok guys.I have done the safe mode thing.I ran my Spybot Search and Destroy.It
| found 3 entries which were DSO Exploit.I did the repair thing on these and it
| said it repaired the 3 items.Then I ran my CWShredder.It said that the
| CoolWeb was not found on my system,yet it is there in my programs list in the
| control panel under add/remove programs.The only thing I did not understand
| was how to make sure I am showing "all hidden files and extensions" in the
| folder options.What folder options,and how do I get there.Any more help from
| you guys?I am really aggravated with this.How do I get rid of the Trojan IRC
| virus?You guys have been so friendly.Thanks for your patience and help.
|
| "Malke" wrote:
|
| > paintpearl wrote:
| >
| > > Does anyone know how to get rid of this program?It will pop up and my
| > > Norton 2005 anti-virus will tell me about some viruses.Any help?
| >
| > You haven't given us a lot of information to work with, so do these
| > malware troubleshooting steps. All scans should be done in Safe Mode.
| > Links follow the steps.
| >
| > 1) Scan in Safe Mode with current version (not earlier than 2003)
| > antivirus using updated definitions.
| >
| > 2) Remove spyware with Spybot Search & Destroy and Ad-aware. These
| > programs are free, so use them both since they complement each other.
| > There is a new version of CWShredder from Intermute. I would not
| > install the other Intermute programs, however. Alternately, there are
| > CoolWebSearch malware removal steps at SilentRunners.
| >
| > Be sure to update these programs before running, and it is a good idea
| > to do virus/spyware scans in Safe Mode. Make sure you are able to see
| > all hidden files and extensions (View tab in Folder Options).
| >
| > HijackThis is an excellent tool to discover and disable hijackers, but
| > it requires expert skill. See below for HijackThis links. A combination
| > of HijackThis and About:Buster works well in removing the About:Blank
| > homepage hijacker. Again, this is an expert tool and novices should get
| > help with it.
| >
| > 3) If you are running Windows ME or XP, you should disable/enable System
| > Restore because malware will be in the Restore Points. With ME, you
| > must disable System Restore completely. With XP, you can delete all but
| > the most recent (presumably clean) System Restore point from the More
| > Options section of Disk Cleanup (Run>cleanmgr).
| >
| > 4) Make sure you've visited Windows Update and applied all security
| > patches. Do not install driver updates from Windows Update.
| >
| > 5) Run a firewall.
| >
| > Links to help with malware:
| >
| > Software/Methods:
| > http://www.safer-networking.org - Spybot Search & Destroy
| > http://www.lavasoftusa.com - Ad-aware
| > http://www.majorgeeks.com - good download site
| > http://www.intermute.com/spysubtract/cwshredder_download.html
| > http://www.silentrunners.org/sr_cwsremoval.html. - SilentRunners
| >
| > HijackThis:
| > http://www.aumha.org/a/hjttutor.htm - HijackThis tutorial by Jim
| > Eshelman
| > http://spywarewarrior.com/viewforum.php?f=5 - Spyware Warrior HijackThis
| > forum
| > http://www.wilderssecurity.com/
| > http://forums.tomcoyote.org/
| > http://www.spywareinfo.com/forums/
| >
| > General:
| > http://forum.aumha.org/ - look under "Security" for various forums
| > http://rgharper.mvps.org/cleanit.htm
| > http://mvps.org/winhelp2002/unwanted.htm
| > http://www.aumha.org/a/parasite.htm - The Parasite Fight
| > http://www.spywarewarrior.com/rogue_anti-spyware.htm
| >
| > Malke
| > --
| > MS MVP - Windows Shell/User
| > Elephant Boy Computers
| > www.elephantboycomputers.com
| > "Don't Panic!"
| >
- Next message: Malke: "Re: cOOL"
- Previous message: David H. Lipman: "Re: ope5b.exe"
- In reply to: paintpearl: "Re: cOOL"
- Next in thread: paintpearl: "Re: cOOL"
- Reply: paintpearl: "Re: cOOL"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
