Re: SearchWWW is Back!
- From: "tosime" <tosime@xxxxxxxxxxxxxxxxxx>
- Date: Tue, 10 Jan 2006 10:11:47 +0100
I did the full Panda scan overnight and after booting normally this morning,
I did a Microsoft Antispyware scan and got the Searchwww threat detection -
even though it did not detect an attempt to load at boot up. It pointed to
this location and value in the registry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution
After I did the clean, I got this result:
The entry was removed.
As you asked I went to HKEY_LOCAL_MACHINES\Software....\Run
And saw the following:
This was in normal mode - not safe mode and it was after the clean above.
I will do it in safe mode and give you the results:
"Panda_man" <Pandaman@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> Hi .As I can see your previous post about CoolWebSearch in on 24 December
> am right .Did you clean the malware then or you didn't.
> The things are the same.
> What is funny...Well ,CoolWebSearch is the most difficult malware to
> remove.Any IT specialist you ask will agree.It ^gets into^ the legal
> explorer.exe and that's the diffucult.
> You probably know that Ad-Aware SE and SpyBot S&D are the most famous and
> the most wide-spread antispyware softwares and that's why many
> versions pass by them ,I mean they lye them and they can't find the
> This time ,goto my web-page and use Panda Titanium 2006( remove your
> antivirus just for the cleaning actions) .Scan in Safe Mode and the VERY
> IMPORTANT is to scan in Safe Mode with command prompt.
> The site is:
> Also ,goto Start-Run - type regedit.exe
> Carefully navigate to
> HKEY_LOCAL_MACHINE\ Software\ Microsoft\ Windows\ CurrentVersion\ Run
> and see what is up.
> Do it in Safe Mode.
> Prevention is always better than cure !
> Panda TruPrevent - the most intelligent technology to combat unknown
> "tosime" wrote:
>> In my previous post David and Panda_man gave me instructions to remove
>> Searchwww spyware that Microsoft AntiSpyware had found. I followed the
>> instructions and thought I had removed the infection. However, Microsoft
>> AntiSpyware is again reporting that Searchwww is trying to load during my
>> boot up.
>> What is funny is that no other program is detecting this (Spybot,
>> Norton, CWShredder and others). Why is this? Could it be a problem with
>> Microsoft AntiSpyware?
>> Is there a definitive way to remove SearchWWW?
>> Thanks in advance...Tony
- Prev by Date: Re: Trend Micro helpless: TROJ_HIJACK.J
- Next by Date: Re: SearchWWW is Back!
- Previous by thread: Re: SearchWWW is Back!
- Next by thread: Re: SearchWWW is Back!