Re: My home page has changed to "CoolWWWSearch" variant

From: PA Bear (PABear_at_mvps.org)
Date: 04/29/04

  • Next message: PA Bear: "Re: Security for windows 95" 
    Date: Wed, 28 Apr 2004 18:12:22 -0400

    Adding to Bill's post, the current version of CWShredder is 1.57.0. 

    -- 
~PA Bear
Bill Sanderson wrote:
> When you say that you've tried CWShredder--are you, in fact, downloading
> the latest version from an appropriate site, and not using an old one you
> had already available?
>
> I'd recommend pulling in the current version of CWShredder, restarting in
> safe mode, and running it.
>
> If that doesn't do the job, you need HijackThis and the spyware forums.
>
> Both downloads can be found here:
>
> www.aumha.org/freeware.htm
>
>
> "thejd" <thejd@uk2.net> wrote in message
> news:O8nzJsGLEHA.644@tk2msftngp13.phx.gbl...
>> Im getting really anoyed now, its returned! Theres going to be a flood on
>> this one, im buggered if I can tell where its comming from or running
>> from. It must be in a windows file.
>>
>> "thejd" <thejd@uk2.net> wrote in message
>> news:OQTgm1DLEHA.3300@TK2MSFTNGP10.phx.gbl...
>>> Good points. Im learning how to use "Process Explorer" by SysInternals,
>>> looks good.
>>>
>>> Last night after much examination I discovered alg.exe running, but only
>>> while the WARNING pop-ups appeared from winpatrol telling me that the IE
>>> settings were being changed. alg.exe = Application Layer Gateway
>>> Service.
>>>
>>> alg.exe turned out to be related to ICS, Internet connection sharing.
>>> Thats strange I thought, seeing as I dont use ICS, nor is it enabled.
>>>
>>> So I "disabled" Application Layer Gateway Service from "manual" startup
>>> in "Services" and it seems to have worked!!! WinPatrol is no longer
>>> reporting IE changes and my home page is no longer being changed nor is
>>> the CWS addon helper appearing in the IE Settings.
>>>
>>> So what is alg.exe? Accoring to MS it: "Provides support for 3rd party
>>> protocol plug-ins for Internet Connection Sharing and the Internet
>>> Connection Firewall"
>>>
>>> Im not aware of any problems disabling this Service as yet, any other
>>> idea or comments appreciated....
>>>
>>> Was the reason I could not clear the CWS source file because it was not
>>> resident on my PC? Did CWS hijack my internet connection (via alg.exe)
>>> to download itself again and again??
>>>
>>> Yes I have a firewall, yes Im using a NAPT fireall router, No Im not
>>> using any file sharing, Guest acc is disabled etc etc.
>>>
>>> Pretty scary stuff! Perhaps someone from MS would like to comment on the
>>> security alg.exe?
>>>
>>>
>>>
>>>
>>> "N. Miller" <nsm@blackhole.aosake.net> wrote in message
>>> news:MPG.1af718c17ef0fb89989eff@msnews.microsoft.com...
>>>> In article <ug7Gv14KEHA.3852@TK2MSFTNGP10.phx.gbl>, thejd@uk2.net
>>>> says...
>>>>
>>>>> WinXP SP1 fully patched with IE security settings all at default.
>>>>
>>>>> I was running as administrator (silly) whilst surfing the internet.
>>>>
>>>>>>>>>> My home page has changed to "CoolWWWSearch" variant.:::::::
>>>>
>>>>> Ive tried absolutly everything in the way of adware, trojen and virus
>>>>> remove
>>>>> tools including CWShredder.
>>>>
>>>>> I have even tried installing XP SP2-beta, but to no avail.
>>>>
>>>>> Where is the resident CWS file? Every few minutes WinPatrol reports
>>>>> the changes to my IE settings, but is unable to stop them.
>>>>
>>>>> I try disabling (new XP SP2 feature) the "IE Helper" but it simply
>>>>> returns
>>>>> in to the enabled list after a few minutes.
>>>>>
>>>>> After spending 3 days on this now, I am wondering whether their is a
>>>>> cure, I
>>>>> am also curious that there seems to be little open debate on the
>>>>> MS-Home
>>>>> site regarding the FACT that this trojan can infect a FULLY patched XP
>>>>> OS!!!!! Without me ever agreeing to a download or similar numpty
>>>>> activity
>>>>> (other than being logged in as admin)
>>>>
>>>> Welcome to the commercial Internet, where many commercial interests
>>>> believe
>>>> that they own your computer. A fully patched system won't stop them. If
>>>> they
>>>> pop up sneaky windows, telling you that you should download a "small
>>>> plugin" so your browser will work on their site, and if you click "Ok",
>>>> no
>>>> patches will help you. Some popups are even sneakier; they ignore your
>>>> choice of "No", and install anyway, treating the "No" button click as
>>>> an affirmation.
>>>>
>>>> The authors of the Cool Web Search browser hijacker are in an arms race
>>>> with
>>>> the spyware killers. They are trying to stay three steps ahead of the
>>>> spyware removers, to make it harder for you to regain control of your
>>>> computer. Remember what I said; they want to possess your computer for
>>>> their
>>>> ends. Maybe, if you contact the CWS people, they have recent updates,
>>>> or may
>>>> even be interested in finding out if yours is a new variant that they
>>>> haven't seen, yet.
>>>>
>>>> I live in California. I wish that Sen. Liz Figueroa (D-Fremont) would
>>>> drop
>>>> her proposed legislation against Google, for their "Gmail", and pursue
>>>> legislation against Cool Web Search type browser hijackers instead.
>>>> Google
>>>> is up front about what they intend to do; more so than Hotmail, or
>>>> Yahoo!,
>>>> which are just as significant in their privacy issues.
>>>>
>>>> Cool Web Search is downright sneaky and malicious.
>>>>
>>>> --
>>>> Norman
>>>> ~Win dain a lotica, En vai tu ri, Si lo ta
>>>> ~Fin dein a loluca, En dragu a sei lain
>>>> ~Vi fa-ru les shutai am, En riga-lint
  • Next message: PA Bear: "Re: Security for windows 95"