I have the hijacked Trojin. Norton did not detect it
however MS Spyware did. The only problem is that it does
not get rid of it completely. Each time I log in the MS
spyware deletes it again.

OS XP Prof
2.8 GH

Any suggestions?

Thanks

Try the ' Adware Away ' software. I had the same problem
and that sorted it out.

Good luck

>-----Original Message-----
>I have the hijacked Trojin. Norton did not detect it
>however MS Spyware did. The only problem is that it does
>not get rid of it completely. Each time I log in the MS
>spyware deletes it again.
>
>OS XP Prof
>2.8 GH
>
>Any suggestions?
>
>Thanks
>.
>

Frank wrote:
> Try the ' Adware Away ' software. I had the same problem
> and that sorted it out.
>
> Good luck
>
>
>>-----Original Message-----
>>I have the hijacked Trojin. Norton did not detect it
>>however MS Spyware did. The only problem is that it does
>>not get rid of it completely. Each time I log in the MS
>>spyware deletes it again.
>>
>>OS XP Prof
>>2.8 GH
>>
>>Any suggestions?
>>
>>Thanks
>>.
>>

Try CWShredder at this site:

http://www.intermute.com/spysubtract..._download.html


--
Danny Kile
Certified FCC, ISCET, A+ , Network+

Please reply to the Newsgroup ONLY
Your cooperation is appreciated.

I hit a variant of this on a machine today. There were three parts:

nail.exe was set in the windows shell command in the registry==shell was set
to explorer.exe c:\windows\nail.exe

then there was a randomly named executable which was recreated each time
Microsoft Antispyware killed its process--the process was called TODO:

And then there was a longer randomly named executable--ossffsomething or
other.exe

For me, the key was running TrendMicro's Housecall online antivirus scan--it
was able to spot the OSS...... piece which none of the other tools had been
able to ID--couldn't see it in startup items via sysinfo32, or Microsoft
Antispyware, tryed Sysinternals rootkitdetector--nothing found. Trend
couldn't clean or delete any of the 6 things it found, most of which were
irrelevant.

That executable wasn't deletable even in command-line safe mode.

So I booted to the recovery console and was able to remove nail.exe,
oss....., and the randomly named executable of the moment, and that did the
job.

So--here's an example of a cleanup which Microsoft Antispyware didn't
manage--I'd scanned this fully in both safe mode and normal mode multiple
times, and these popups, which were headed CERES and AURORA, kept on coming.

In this case, an antivirus gave the best clue, but removal required a
maintenance OS--in this case the Recovery Console, which enabled me to
remove the executables involved.

--
FAQ for Microsoft Antispyware:
http://www.geocities.com/marfer_mvp/FAQ_MSantispy.htm

"YngDoc" <(E-Mail Removed)> wrote in message
news:027a01c5410f$7fb43ac0$(E-Mail Removed)...
>I have the hijacked Trojin. Norton did not detect it
> however MS Spyware did. The only problem is that it does
> not get rid of it completely. Each time I log in the MS
> spyware deletes it again.
>
> OS XP Prof
> 2.8 GH
>
> Any suggestions?
>
> Thanks

The best tool I have found for removing the CoolWebSearch is CWSShredder.
It is designed to remove variants of that particularly nasty piece of code.

Good Luck-
Mike


"Bill Sanderson" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
>I hit a variant of this on a machine today. There were three parts:
>
> nail.exe was set in the windows shell command in the registry==shell was
> set to explorer.exe c:\windows\nail.exe
>
> then there was a randomly named executable which was recreated each time
> Microsoft Antispyware killed its process--the process was called TODO:
>
> And then there was a longer randomly named executable--ossffsomething or
> other.exe
>
> For me, the key was running TrendMicro's Housecall online antivirus
> scan--it was able to spot the OSS...... piece which none of the other
> tools had been able to ID--couldn't see it in startup items via sysinfo32,
> or Microsoft Antispyware, tryed Sysinternals rootkitdetector--nothing
> found. Trend couldn't clean or delete any of the 6 things it found, most
> of which were irrelevant.
>
> That executable wasn't deletable even in command-line safe mode.
>
> So I booted to the recovery console and was able to remove nail.exe,
> oss....., and the randomly named executable of the moment, and that did
> the job.
>
> So--here's an example of a cleanup which Microsoft Antispyware didn't
> manage--I'd scanned this fully in both safe mode and normal mode multiple
> times, and these popups, which were headed CERES and AURORA, kept on
> coming.
>
> In this case, an antivirus gave the best clue, but removal required a
> maintenance OS--in this case the Recovery Console, which enabled me to
> remove the executables involved.
>
> --
> FAQ for Microsoft Antispyware:
> http://www.geocities.com/marfer_mvp/FAQ_MSantispy.htm
>
> "YngDoc" <(E-Mail Removed)> wrote in message
> news:027a01c5410f$7fb43ac0$(E-Mail Removed)...
>>I have the hijacked Trojin. Norton did not detect it
>> however MS Spyware did. The only problem is that it does
>> not get rid of it completely. Each time I log in the MS
>> spyware deletes it again.
>>
>> OS XP Prof
>> 2.8 GH
>>
>> Any suggestions?
>>
>> Thanks
>
>

Actually,. it turns out that what I hit wasn't CWS at all, but a VX2
variant. There was a CWS alert from Microsoft Antispyware at the same time
that misled me.
--
FAQ for Microsoft Antispyware:
http://www.geocities.com/marfer_mvp/FAQ_MSantispy.htm

"MS Anti Spyware" <MikeTech> wrote in message
news:%239P3GQ$(E-Mail Removed)...
> The best tool I have found for removing the CoolWebSearch is CWSShredder.
> It is designed to remove variants of that particularly nasty piece of
> code.
>
> Good Luck-
> Mike
>
>
> "Bill Sanderson" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>>I hit a variant of this on a machine today. There were three parts:
>>
>> nail.exe was set in the windows shell command in the registry==shell was
>> set to explorer.exe c:\windows\nail.exe
>>
>> then there was a randomly named executable which was recreated each time
>> Microsoft Antispyware killed its process--the process was called TODO:
>>
>> And then there was a longer randomly named executable--ossffsomething or
>> other.exe
>>
>> For me, the key was running TrendMicro's Housecall online antivirus
>> scan--it was able to spot the OSS...... piece which none of the other
>> tools had been able to ID--couldn't see it in startup items via
>> sysinfo32, or Microsoft Antispyware, tryed Sysinternals
>> rootkitdetector--nothing found. Trend couldn't clean or delete any of
>> the 6 things it found, most of which were irrelevant.
>>
>> That executable wasn't deletable even in command-line safe mode.
>>
>> So I booted to the recovery console and was able to remove nail.exe,
>> oss....., and the randomly named executable of the moment, and that did
>> the job.
>>
>> So--here's an example of a cleanup which Microsoft Antispyware didn't
>> manage--I'd scanned this fully in both safe mode and normal mode multiple
>> times, and these popups, which were headed CERES and AURORA, kept on
>> coming.
>>
>> In this case, an antivirus gave the best clue, but removal required a
>> maintenance OS--in this case the Recovery Console, which enabled me to
>> remove the executables involved.
>>
>> --
>> FAQ for Microsoft Antispyware:
>> http://www.geocities.com/marfer_mvp/FAQ_MSantispy.htm
>>
>> "YngDoc" <(E-Mail Removed)> wrote in message
>> news:027a01c5410f$7fb43ac0$(E-Mail Removed)...
>>>I have the hijacked Trojin. Norton did not detect it
>>> however MS Spyware did. The only problem is that it does
>>> not get rid of it completely. Each time I log in the MS
>>> spyware deletes it again.
>>>
>>> OS XP Prof
>>> 2.8 GH
>>>
>>> Any suggestions?
>>>
>>> Thanks
>>
>>
>
>