Re: SearchWWW is Back!
- From: "tosime" <tosime@xxxxxxxxxxxxxxxxxx>
- Date: Tue, 10 Jan 2006 10:11:47 +0100
Hi Panda_man.
I did the full Panda scan overnight and after booting normally this morning,
I did a Microsoft Antispyware scan and got the Searchwww threat detection -
even though it did not detect an attempt to load at boot up. It pointed to
this location and value in the registry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution
Units\{D03A1C33-1913-4533-A8C1-F2C8D13045DE}
After I did the clean, I got this result:
The entry was removed.
As you asked I went to HKEY_LOCAL_MACHINES\Software....\Run
And saw the following:
OptionalComponents
-IMAIL
-MAPI
-MSFS
This was in normal mode - not safe mode and it was after the clean above.
I will do it in safe mode and give you the results:
"Panda_man" <Pandaman@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:2E6F9842-B4A7-4FC0-A058-7D7E77B165AE@xxxxxxxxxxxxxxxx
> Hi .As I can see your previous post about CoolWebSearch in on 24 December
> ,I
> am right .Did you clean the malware then or you didn't.
>
> The things are the same.
>
> What is funny...Well ,CoolWebSearch is the most difficult malware to
> remove.Any IT specialist you ask will agree.It ^gets into^ the legal
> process
> explorer.exe and that's the diffucult.
> You probably know that Ad-Aware SE and SpyBot S&D are the most famous and
> the most wide-spread antispyware softwares and that's why many
> CoolWebSearch
> versions pass by them ,I mean they lye them and they can't find the
> malware.
>
> This time ,goto my web-page and use Panda Titanium 2006( remove your
> current
> antivirus just for the cleaning actions) .Scan in Safe Mode and the VERY
> IMPORTANT is to scan in Safe Mode with command prompt.
>
> The site is:
> http://free.hit.bg/fightmalware/homepage_en.htm
>
>
> Also ,goto Start-Run - type regedit.exe
> Carefully navigate to
> HKEY_LOCAL_MACHINE\ Software\ Microsoft\ Windows\ CurrentVersion\ Run
> and see what is up.
> Do it in Safe Mode.
>
>
>
> Panda_man
> --
> Prevention is always better than cure !
> Panda TruPrevent - the most intelligent technology to combat unknown
> malware
> http://www.pandasoftware.com
> http://free.hit.bg/fightmalware/homepage_en.htm
>
>
>
>
> "tosime" wrote:
>
>> In my previous post David and Panda_man gave me instructions to remove
>> the
>> Searchwww spyware that Microsoft AntiSpyware had found. I followed the
>> instructions and thought I had removed the infection. However, Microsoft
>> AntiSpyware is again reporting that Searchwww is trying to load during my
>> boot up.
>>
>> What is funny is that no other program is detecting this (Spybot,
>> Adaware,
>> Norton, CWShredder and others). Why is this? Could it be a problem with
>> Microsoft AntiSpyware?
>>
>> Is there a definitive way to remove SearchWWW?
>>
>> Thanks in advance...Tony
>>
>>
>>
>>
.
- References:
- SearchWWW is Back!
- From: tosime
- RE: SearchWWW is Back!
- From: Panda_man
- SearchWWW is Back!
- Prev by Date: Re: Trend Micro helpless: TROJ_HIJACK.J
- Next by Date: Re: SearchWWW is Back!
- Previous by thread: Re: SearchWWW is Back!
- Next by thread: Re: SearchWWW is Back!
- Index(es):
Relevant Pages
|
