T
The Stull Demon
Hi.
Trying to remove BRAND *NEW* VARIANT of CoolWebSearch Malware from my
75-year old Dad's PC. NOTHING WORKS. Do not suggest *ANYTHING* old. I
REPEAT: DO NOT SUGGEST ANY OLD IDEAS!!! I've tried *EVERYTHING* that
is *OLD*. OK? Don't tell me to use the shredder - it DOES NOT WORK.
Don't tell me to use Ad-Aware or *ANY* of the current spyware removers
-- THEY DO NOT WORK!!! DON'T SUGGEST ANYTHING THAT'S NOT BRAND NEW!!!
So... with that in mind... this is a variant that DOES NOT have a
current fix. Understand??? Could someone please develop one? SOON? And
can we find the bastards that created this BRAND NEW CWS variant and
try and convict and sentence them --- ASAP???!!! Cuz they suck.
Here's the scan that hijackthis created:
Logfile of HijackThis v1.97.7
Scan saved at 2:03:17 PM, on 6/28/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\winbu.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Works
Shared\WkUFind.exe
C:\WINDOWS\System32\hkcmd.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\Winampa.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\crkz32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Microsoft Shared\Works
Shared\wkcalrem.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\PROGRA~1\Netscape\NETSCA~1\Netscp.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Documents and Settings\[name]\Local Settings\Temp\Temporary
Directory 6 for hijackthis.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
res://C:\WINDOWS\whwwf.dll/sp.html#96676
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
res://whwwf.dll/index.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
res://whwwf.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
res://C:\WINDOWS\whwwf.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
res://whwwf.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL
= res://C:\WINDOWS\whwwf.dll/sp.html#96676
N3 - Netscape 7: user_pref("browser.startup.homepage",
"http://home.netscape.com/"); (C:\Documents and
Settings\[name]\Application
Data\Mozilla\Profiles\default\w0kzwsxi.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine",
"http://www.google.com/"); (C:\Documents and
Settings\[name]\Application
Data\Mozilla\Profiles\default\w0kzwsxi.slt\prefs.js)
O2 - BHO: (no name) -
OK, NOW WHAT???!!!
Trying to remove BRAND *NEW* VARIANT of CoolWebSearch Malware from my
75-year old Dad's PC. NOTHING WORKS. Do not suggest *ANYTHING* old. I
REPEAT: DO NOT SUGGEST ANY OLD IDEAS!!! I've tried *EVERYTHING* that
is *OLD*. OK? Don't tell me to use the shredder - it DOES NOT WORK.
Don't tell me to use Ad-Aware or *ANY* of the current spyware removers
-- THEY DO NOT WORK!!! DON'T SUGGEST ANYTHING THAT'S NOT BRAND NEW!!!
So... with that in mind... this is a variant that DOES NOT have a
current fix. Understand??? Could someone please develop one? SOON? And
can we find the bastards that created this BRAND NEW CWS variant and
try and convict and sentence them --- ASAP???!!! Cuz they suck.
Here's the scan that hijackthis created:
Logfile of HijackThis v1.97.7
Scan saved at 2:03:17 PM, on 6/28/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\winbu.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Works
Shared\WkUFind.exe
C:\WINDOWS\System32\hkcmd.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\Winampa.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\crkz32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Microsoft Shared\Works
Shared\wkcalrem.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\PROGRA~1\Netscape\NETSCA~1\Netscp.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Documents and Settings\[name]\Local Settings\Temp\Temporary
Directory 6 for hijackthis.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
res://C:\WINDOWS\whwwf.dll/sp.html#96676
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
res://whwwf.dll/index.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
res://whwwf.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
res://C:\WINDOWS\whwwf.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
res://whwwf.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL
= res://C:\WINDOWS\whwwf.dll/sp.html#96676
N3 - Netscape 7: user_pref("browser.startup.homepage",
"http://home.netscape.com/"); (C:\Documents and
Settings\[name]\Application
Data\Mozilla\Profiles\default\w0kzwsxi.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine",
"http://www.google.com/"); (C:\Documents and
Settings\[name]\Application
Data\Mozilla\Profiles\default\w0kzwsxi.slt\prefs.js)
O2 - BHO: (no name) -
OK, NOW WHAT???!!!