CoolWebSearch (sic) is a pain in the [...]

[Robert Bunn]

Hi, folks. I'm an infrequent lurker making a public appearance for once.
I'm usually pretty good with straightening out problems on my machine,
fearlessly hacking the registry at need and suchlike, but CWS has done
some things that surpass my limited skills. I can't find where it's
hiding, I don't know how it morphs, and I can't root it all out manually
without finding out those things.

Please forgive me if this is an old issue here; my news server only
keeps posts around for about three days. I *have* tried googling for an
answer, but none of the tools I came across worked. Has anyone got a
lead to a program that can actually get this thing out of my hair?
Thanks for any help you can give me.

 

[me]

Hi, folks. I'm an infrequent lurker making a public
appearance for once. I'm usually pretty good with
straightening out problems on my machine, fearlessly
hacking the registry at need and suchlike, but CWS has done
some things that surpass my limited skills. I can't find
where it's hiding, I don't know how it morphs, and I can't
root it all out manually without finding out those things.

Please forgive me if this is an old issue here; my news
server only keeps posts around for about three days. I
*have* tried googling for an answer, but none of the tools
I came across worked. Has anyone got a lead to a program
that can actually get this thing out of my hair? Thanks for
any help you can give me.

http://www.spywareinfo.com/~merijn/cwschronicles.html
CWShredder: http://www.spywareinfo.com/~merijn/downloads.html
backup link: http://www.lurkhere.com/~nicefiles/
backup link:
http://www.intermute.com/spysubtract/cwshredder_download.html
backup link:
http://209.133.47.12/~merijn/files/HijackThis.exe

J

 

[Gavrila Martau]

From my experience with CWS.
The CWShredder is not enough to remove it. The worm will keep coming back
after some hours.
There is a logm.dll (if I remember well) hidden in your system32. The
search, explorer will not find it but is there and is always in use and you
cannot delete it. If you use ProcessExplorer you will find that logm.dll
exists and is in use by your system (by winlogon.exe?).
After a half year of cleaning with CWShredder, Ad-Aware and other tools I
finally found that the root cause was that dll. After installing the AVG7
found the logm.dll in cause as infected and queued to be deleted on restart.
After that no more headache with CWS.
Maybe this info is useful for others also.

 

[Kerry Liles]

That's a valuable clue... I too have had NO success with the recent version
of CWShredder. I may have come across a 'new' variant of CWS though. I
bought Pest Patrol (from Computer Associates) and it identified that the
target machine (a friend's) had CWS.feads but it was NOT able to clean it
despite it's indications that it could/would. Unfortunately, my friend had
to have his machine working asap, so we whacked it and reinstalled XP and I
was unable to do some digging that the PestPatrol people asked me to try.

There is an info page here: http://pestpatrol.com/pestinfo/c/cws_feads.asp

that contains extensive info about what might be worth removing. I find
those instructions not quite precise because in my experience you have to
also be careful to remove the Hidden and/or Readonly atttributes for some
files (I would boot XP into command line without networking support). I also
think that you have to be certain to kill the running processes properly and
watch for them reappearing.

Good luck.

 

[Robert Bunn]

[top-posting fixed]

[snip "CWS sucks"]

http://www.spywareinfo.com/~merijn/cwschronicles.html
CWShredder: http://www.spywareinfo.com/~merijn/downloads.html
backup link: http://www.lurkhere.com/~nicefiles/
backup link:
http://www.intermute.com/spysubtract/cwshredder_download.html
backup link:
http://209.133.47.12/~merijn/files/HijackThis.exe

I tried these, with no success.
The
[snip]

AVG7 found no "logm.dll" but did fix the problem. Thanks for the
pointer.
BTW, for anyone else interested, here's the link:

http://www.grisoft.com/us/us_index.php

That's a valuable clue... I too have had NO success with the recent version
of CWShredder.

Yeah, I tried that too and it failed miserably, as noted above.

Now my only wish-list item is a freeware solution, as AVG7 is a solution
but not freeware. Although, with the problem gone, it will be difficult
to tell if any other recommendation works; I am *not* reinfecting my
system for the sake of academic curiosity.

 

[Mark Warner]

AVG7 found no "logm.dll" but did fix the problem. Thanks for the
pointer.
BTW, for anyone else interested, here's the link:

http://www.grisoft.com/us/us_index.php
[...]

Yeah, I tried that too and it failed miserably, as noted above.

Now my only wish-list item is a freeware solution, as AVG7 is a
solution but not freeware. Although, with the problem gone, it will
be difficult to tell if any other recommendation works; I am *not*
reinfecting my system for the sake of academic curiosity.

AVG Free *should* have the same detection and cleaning capabilities as
the payware version.

http://free.grisoft.com/freeweb.php/doc/1/lng/us/tpl/v5

 

[Robert Bunn]

AVG Free *should* have the same detection and cleaning capabilities as
the payware version.

http://free.grisoft.com/freeweb.php/doc/1/lng/us/tpl/v5

I stand corrected. I didn't realize there was a freeware version.