help please KMA

SixFive

bonswa
Forum Member
Mar 12, 2001
18,743
245
63
54
BG, KY, USA
after an honest search this evening for information on an antibiotic, my computer is major screwed up.

I DID NOT authorize my computer to download anything, nor did I ever click ok. I simply clicked on a website, and all the crap started. I could even tell when the crap was downloading due to slow computer speed, but I couldn't stop it.

I ran Ad aware and spybot s & D. BOth find all the errors, but when you instruct them to try to fix the errors, they both shut down!!! It's like the crap you don't want is preventing you from removing it!!

I tried both in safe mode as well, and adaware worked but only found about half of the entries. Spybot shut off.

CWShredder found a "googlem" entry and fixed it, but that was it. However on subsequent searches, googlem appears.

Ideas? After I get this stuff fixed, I need another lesson on upping my security settings so stuff doesn't download on it's own.

I even know where all this crap came from. I was searching for the antibiotic Augmentin. The website is http://tabletse.com/augmentin-uti.******html********** (no stars in front of or behind the html. If my settings and security was high enough, things wouldn't automatically start downloading without asking me first, correct?
 

KMA

Registered User
Forum Member
May 25, 2003
745
2
0
Are yah using any sort of firewall ??? And when yah say dadaware 'finds all the errors' what do you mean??? Specificially what do the spyware progs find???
 

bsucards

BSU Cards
Forum Member
Sep 1, 2003
1,810
22
0
49
New Palestine Indiana
if you have another system around, you might take that drive and put it in another machine as a Slave/second drive and try to run your software more there.
 

SixFive

bonswa
Forum Member
Mar 12, 2001
18,743
245
63
54
BG, KY, USA
KMA said:
Are yah using any sort of firewall ??? And when yah say dadaware 'finds all the errors' what do you mean??? Specificially what do the spyware progs find???

no I am not. adaware finds 600 entries or so, but will not delete, it always locks up. Most of the entries are in the registry. I'll run it again and post what the bugs are. Webroot spysweeper also finds some things and deletes, but there are some left.

The entries I still have are:

coolwebsearch
win32trojan
coolwebsearch (bunches)
and a ton of things that say "possible browser hijack attempt"
 

KMA

Registered User
Forum Member
May 25, 2003
745
2
0
Modifying your registry or system files can render your system UNUSABLE if yah screw it up. I really recommend you download a free spyware remoavle program specifically for coolwebsearch.

Okay, to manually remove CoolWebSearch from your system:

Turn off user-style sheet option, go to:
Tools
Internet Options
Accessibility in your Internet Explorer.

You should now be able to delete the user stylesheet from the Windows folder. With DataNotary it is called 'default.css'; with MSInfo it is called 'oslogo.bmp'; with Bootconf it may be either.

To remove coolwebsearch: MSInfo variant

Delete the line:

"run=C:WINDOWS..PROGRA~1COMMON~1MICROS~1MSINFOmsinfo.exe" from win.ini file in your Windows folder. This line may be changed a little on different systems, but will ALWAYS point to msinfo.exe.

Delete the ??c:programFilesCommon FilesMSInfo' folder.


Remove coolwebsearch: BootConf, SvcHost variants:

Open the registry and find the key: HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun
Delete the bootconf.exe or svchost.exe entry
You can then delete the bootconf.exe or svchost32.exe file from the System folder (called 'System32' on Windows NT/2000/XP).


Remove coolwebsearch: BootConf, SvcHost, MSInfo variants:

Find the file "HOSTS" with no extension in the driversetc folders in your System folder.
Either edit it to remove the hijacker entries, or simply delete the file.


Remove coolwebsearch: PnP variant:

Find the registry key HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun
Delete the SysPnP entry
Also delete the oemsysinf.pnp file from the 'inf' folder inside your Windows folder.

Remove coolwebsearch: MSSPI variant:

This is VERY tricky to remove by hand as this can result in loosing your internet connection. I suggest that you do not do this by hand.

Open the registry key:
HKEY_LOCAL_MACHINESystemCurrentControlSetServicesWinSock2 ParametersProtocol_Catalog9Catalog_Entries

Delete the subkeys starting with the path of msspi.dll
Renumber the remaining subkeys, and set the Num_Catalog_Entries value in the Protocol_Catalog9 key to match the highest numbered subkey left.

Open the registry key:
HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun
Delete the a msupdate entry if it is there.

Restart the computer and yah should be to delete msspi.dll in the System folder (called 'System32' on Windows NT/2000/XP), along with msupdate.exe if it is present.


Remove coolwebsearch: DNSRelay variant:

Open a DOS command prompt window and enter the following commands:
cd "%WinDir%System"
regsvr32 /u dnsrelay.dll
Restart
Yah should be able to delete the file 'dnsrelay.dll' in the System folder (called 'System32' on Windows NT/2000/XP).

After yah have removed any variants of CoolWebSearch which you have there is one last thing that yah need to do to complete the removal process:

Go to Internet Options
Programs
Reset Web Settings in your Internet Explorer to remove the hijacked home page and search settings.


GO SLOW!!! Read, and read again if yah THINK you might be confused!!! If yah aren't comfortable with this post that and we'll go around it some other way. Good luck!!!!
 

KMA

Registered User
Forum Member
May 25, 2003
745
2
0
If yah go ahead and try this, scan again and post what is left, altho I suspect what yah have is CoolWeb and it's several variants. Yah know EVERYBODY says they were doing and honest search for things like, antibiotics!!!!
 

SixFive

bonswa
Forum Member
Mar 12, 2001
18,743
245
63
54
BG, KY, USA
KMA said:
If yah go ahead and try this, scan again and post what is left, altho I suspect what yah have is CoolWeb and it's several variants. Yah know EVERYBODY says they were doing and honest search for things like, antibiotics!!!!

Well, thanks for the info, I'll give it a try. I truly was searching for info on Augmentin (I'm a nurse, btw), mainly for its treatment of UTI. My search on google was augmentin UTI, and this bs of a website was the first one.
 

SixFive

bonswa
Forum Member
Mar 12, 2001
18,743
245
63
54
BG, KY, USA
got rid of it all. Had to go in my registry and manually delete a bunch of things.

Now, how do I prevent stuff like this from happening in the future. What really is a firewall? Can I get one for free? Will it slow down my computer performance?
 

KMA

Registered User
Forum Member
May 25, 2003
745
2
0
Think of a Firewall as a security alarm for your house, which sort of surrounds your house like a "bubble-cloak-blanket". It keeps intruders out. Not all intruders are "bad" (most of the attempts on my computer are from my ISP) - Think of your ISP, maybe, as a bothersome neighbor constantly wanting to chat, or always wanting to hang around with yah, or just check in on you. Or just peek inside your windows. Other intruders are bad. Like thieves that want to break into your house, or rapists, or people that just want to vandalize your house.

A Firewall keeps those kinds of things out. Unwanted intrusions.
But just like with a security alarm, if you want, you can allow people, trusted people, to enter your house, even with the alarm in place.

A firewall can do other things too. It can keep things "inside" your house inside. Think of it as the same security "bubble-cloak-blanket", but this time imagine you have kids (kids = programs on your own computer). Imagine this security system keeps your kids "inside", it prevents your kids from running all over the neighborhood or farther.

But, you can also set a firewall to "trust" certain kids (programs) to access the internet (the world outside your "bubble-cloak-blanket") with or without permission.

It logs attempts on your computer, it lets yah know "who" tried to "rob" you or "break in" to your house while you were away (or while you were right at home). It allows you to see which of your "kids" tried to get out of the house and be sneaky and it lets yah see which if your "kids" (which you've given permission to) has left for awhile too.




I hope yah find it's an easy analogy to understand. :) I'll try to post more on firewalls when I have more time.

It prevents others from accessing your comp and bad spyware from affecting your comp. It may slow down youdown a little depending on your system resources but you probably won't even notice it.


ZoneAlarm is a good firewall.
 
Bet on MyBookie
Top