I click on my spyware exe and Windows begins to install Windows Office XP

[Snapper]

I had an incredibly bad 8 days of absolutely no
production due to CoolWebSearch malicious adware and
parasites that were installed on my system in about 20
seconds when I visited a Filmography site for Kirsten
Dunst. I spend the next 8 days removing over a thousand
instances of malware that kept auto downloading and auto
installing. I lost $2,500 in business due to
CoolWebSearch malicious activities.

I finally was able to get rid of all artifacts...I
hope...except this last item. CoolWebSearch managed to
replace several of Windows OS files, such as iexplore.exe
and most lingering of all, it changed an unknown
association for at least three (3) of my adware removal
or blocker programs.

Whenever I click on SpywareBlaster.exe, sgmain.exe (for
Spyware Guard) and RegMech.exe (Registry Mechanic)to
start those program....Windows Office XP begins to
install.

To be more blatant as offense to me, there is no normal
way to stop the installation. CoolWebSearch has somehow
configured this time wasting association to not be able
to be stopped normally. Every instance of clicking "No"
or "Cancel" only brings up another attempt at
installation and demands that I insert the Windows Office
XP product CD.

I do happen to already have Windows Office XP installed,
by the way.

I now know I can close that install process by using
Windows Task Manager and using "End Task".

I read in a professional adware discussion and help group
that CoolWebSearch is working to corrupt, permanently
disable or defeat all known major ad removal or preventer
programs.

Please can someone advise me how to prevent the auto
installation of Office XP whenever I click on my adware
removal/preventer programs?

Thank you.

 

[Michael D. Alligood]

You might have a better chance restoring your system using "System Restore."
Try restoring to a point before the kirsten dunst visit.

 

[CWatters]

I had an incredibly bad 8 days of absolutely no
production due to CoolWebSearch malicious adware and
parasites that were installed on my system in about 20
seconds when I visited a Filmography site for Kirsten
Dunst. I spend the next 8 days removing over a thousand
instances of malware that kept auto downloading and auto
installing. I lost $2,500 in business due to
CoolWebSearch malicious activities.

I had a similar problem recently with another bunch of spyware on my wifes
PC. It was a nightmare to remove because it kept repairing itself and the
removal programs couldn't get it all - a bit like some garden weeds!

I finally was able to get rid of all artifacts...I
hope...except this last item. CoolWebSearch managed to
replace several of Windows OS files, such as iexplore.exe
and most lingering of all, it changed an unknown
association for at least three (3) of my adware removal
or blocker programs.

I believe URLs can be redirected using a "hosts" file. Most people don't
need to set up a hosts file so I believe it's safe to delete it if you find
one with that name. It should certainly be safe to rename it temporarily or
open it with Notepad and correct any unwanted mappings.

Whenever I click on SpywareBlaster.exe, sgmain.exe (for
Spyware Guard) and RegMech.exe (Registry Mechanic)to
start those program....Windows Office XP begins to
install.

Try installing the free version of Ad-aware from
http://www.lavasoftusa.com/software/adaware/

If that doesn't work you could consider using "Hijackthis" but you need to
get expert help from a forum before deleting anything it finds - that
program is good but sometimes flags up false positives.

 

[CWatters]

see also ...

http://www.softpedia.com/public/cat/10/17/10-17-150.shtml

 

[Guest]

Thank you Cwatters for your reply,

I do have AdAware and HiJack This. Unfortunately they
only do some good. There is no single program of course
which thoroughly protects against malicious destructive
advertising coding.

I have to not enlarge my list of exe programs which when
started all also start Windows msiexec.exe systems
command which is the Windows XP program that handles
installations. It can not be closed easily.

SpywareBlaster.exe
sgmain.exe (for Spyware Guard)
RegMech.exe (Registry Mechanic)
PopUpKiller.exe


When I click to start any of those programs Windows
begins to try to install Windows Office XP.

This is very frustrating. I only wish I could break the
wrists and fingers of all the men involved in this
criminal tresspassing into my computer and for the
egregious downtime for me and my business. : (

-----Original Message-----



I had a similar problem recently with another bunch of spyware on my wifes
PC. It was a nightmare to remove because it kept repairing itself and the
removal programs couldn't get it all - a bit like some garden weeds!


I believe URLs can be redirected using a "hosts" file. Most people don't
need to set up a hosts file so I believe it's safe to delete it if you find
one with that name. It should certainly be safe to rename it temporarily or
open it with Notepad and correct any unwanted mappings.


Try installing the free version of Ad-aware from
http://www.lavasoftusa.com/software/adaware/

If that doesn't work you could consider

using "Hijackthis" but you need to

 

[Guest]

CWatters,

Just a warning. I downloaded CWShredder and much to my
exploding horror, I got a copy that CoolWebSearch
bastards had REPROGRAMMED!!! This is a fraud...the only
thing it did was to remove CoolWebSearch's competitors
adware and it INSTALLED all the hundreds of instances of
itself in my registry once again...also Program Files,
Windows OS, Desktop, Bookmarks, BHO's, search bar etc
etc...and much of it was filthy XXX material or equally
abhorrent Casino crap. I wish to God I could crush there
GD hands such they'd be handicapped for life and never
able to harm any one else as I've been harmed by them.

So...just be sure to know your source when dl
CWShredder. Because what CoolWebSearch does is criminal
behavior in my book and they need to be stopped.

At this point I dont dare use CWShredder out of abject
fear that CoolWebSearch will more deeply infest and
destroy even more of my company's time and resources.
If all things were fair, CoolWebSearch would have to pay
me at least $5,000 for their purposeful destruction of my
valuable time, income and payroll.

 

[David Candy]

Report them to the police.

 

[Guest]

I reported CoolWebSearch to the State Attorney General's
office, but the police dont seem to have an computer
savvy whatsoever...nor does the local prosecutor. Our
laws are very archaic regarding ruinous criminal internet
activity.

 

[David Candy]

Here it is 5 years for altering a computer's configuration without permission. We don't have local law enforcement (except for littering or parking), only state or federal police forces, both with computer crime units - hacking is state law and spam is federal. While our governments co-operate, many things illegal here are legal in the US.

 

[Guest]

5 Years...sweet. These vicious programmers/managers and
stockholders are unconscienable and have absolutely no
feelings for the MILLIONS of people whose quality of
lives, personal incomes and untold personal anguish they
inflict their malicious, vile activities upon. They
remind me of Dr. Mengela, Hitler's doctor who performed
barbaric and cruel surgical tests on Jews during WWII.

If I were judge and jury...I'd mete out substantial
penalties and time in prison to dissuade these cretins
from continuing to harm the world's productivity and her
people.

-----Original Message-----
Here it is 5 years for altering a computer's

configuration without permission. We don't have local law
enforcement (except for littering or parking), only state
or federal police forces, both with computer crime units -
hacking is state law and spam is federal. While our
governments co-operate, many things illegal here are
legal in the US.

 

[CWatters]

The attack that kept me busy for a few days was caused by Webhancer and
Roings. I was getting so many popups the computer was almost impossible to
use. I tried Ad-Aware, Hijackthis, Pest Patrol and Spybot - but they kept
coming back after rebooting. After three days I had 60 suspect processes
running! The cure was to run Ad-aware then before rebooting use this web
site..
http://www.sysinfo.org/startuplist.php

...to check which processes were unknown or known suspect and kill them off
in the startup file using MSConfig. That approach isn't without risk as you
might accidentally kill a wanted process - but it worked for rme.

In addition to the normal programs (see above) I'm now running SpywareGuard
and Spywareblaster as a preventative measure from here...

www.javacoolsoftware.com/spywareblaster.html

...but that site is currently down because it's exceeded it bandwidth limit.