How do I remove CWShredder in Win98?

[Guest]

Please help. I have a windows 98 system that is infected with CWShredder.
I've used spybot, adaware, and mcafee to no avail. The program reinstalls
with the next boot. I also have zonealarm, if I disconnect the network I get
pop up errors stating that the network is down and do I want to work offline.
I've also used CWShredder, which doesn't find anything. After rebooting and
locking up on the network, adaware finds more problems. The only manual
instructions I can find on line are for NT, XP, 2000 etc which have a
registry entry for App_init_DLLs.

If I enable Zonealarm to allow DLLs to access the internet, then I get a
screen of IE windows to numerous locations until I run out of memory and must
reboot.

PS; I'm posting in the XP session as MS no longer has a win98 section. And
I'm tired of working on this machine over the Holiday. If Linux were easy to
install on it, I would.

 

[Rock]

Please help. I have a windows 98 system that is infected with CWShredder.
I've used spybot, adaware, and mcafee to no avail. The program reinstalls
with the next boot. I also have zonealarm, if I disconnect the network I get
pop up errors stating that the network is down and do I want to work offline.
I've also used CWShredder, which doesn't find anything. After rebooting and
locking up on the network, adaware finds more problems. The only manual
instructions I can find on line are for NT, XP, 2000 etc which have a
registry entry for App_init_DLLs.

If I enable Zonealarm to allow DLLs to access the internet, then I get a
screen of IE windows to numerous locations until I run out of memory and must
reboot.

PS; I'm posting in the XP session as MS no longer has a win98 section. And
I'm tired of working on this machine over the Holiday. If Linux were easy to
install on it, I would.

There's still a win98 group: microsoft.public.win98.gen_discussion

Here is a list of all MS public newsgroups:
http://aumha.org/nntp.htm

CWShredder is an anti-malware program to remove Cool Web Search
variants. It's not an infector.

 

[Brian A.]

Make sure all apps are fully updated and run them in Safe Mode.

First run a full system virus scan.

**It is very important to run the update for each program before running
the app/s to be sure you have the latest definitions.**
Run the programs in Safe Mode after assuring you have shut down all running
tasks except explorer or systray and all apps are fully up to date.
Remove your Temp Internet files: Right click IE. Under the General tab
click Delete Files, put a check in Delete all Offline..., click OK and
close when finished.
Delete all files in c:\windows\temp.

Download/run Cool Web Shredder from:
http://www.intermute.com/products/cwshredder.html

For Info on Cool Web Search variants:
http://www.richardthelionhearted.com/~merijn/cwschronicles.html

Download/install/run Ad-Aware SE to detect/rid of any other
parasites/spyware that may be installed. It can be obtained free from:
http://www.lavasoftusa.com/
After installing Ad-Aware, open it and click on the ref update to get the
latest up-to-date ref file, then run Ad-Aware and delete everything it
finds.

Download/install/run Spybot - Search & Destroy:
http://security.kolla.de/index.php?lang=en&page=download
Run it at it's default settings until you learn an know more about it.
Spybot S&D is more of an advanced users tool and changing from the default
settings can be dangerous to the novice user. Items found in the default
settings that are RED can usually be safely removed. If you are unsure of a
found item, do not remove it and ask for help.

If you still have problems, download/run HijackThis from:
http://www.richardthelionhearted.com/~merijn/downloads.html
http://majorgeeks.com/downloads31.html

Copy HJT to it's own folder, this is where the log files will be saved.
Run HJT in Normal Mode.
Do not remove anything with it until you get advice on what to remove,
HJThis will list many apps that are needed along with the bad ones.
Removing items listed hap-hazardly without knowing what they are can/will
create a royal mess. Read the quick start here on how to create a log file
that can be copied/pasted into a forum that can provide assistance on
removal of unwanted pests.
http://mjc1.com/mirror/hjt/#quick

Then post the logs to an appropriate forum where they specialize in
spyware/hijacker removal. Please read any sticky notes for proper posting
which are most commonly posted first at the top in each specific forum.
Read any information under each forum category name for information on what
that particular one is used for, look for the proper one that you post logs
to.
http://forums.spywareinfo.com/
http://aumha.net/
http://forum.aumha.org/

After running the above and assuring you have a clean machine:
It's also a good idea to have a HOSTS file to block bad sites, scroll to
HOSTS File Manager here:
http://www.mvps.org/PracticallyNerded/Software.htm

Download/install/run SpywareBlaster which stops the badboys before they
even get a chance to install:
http://www.javacoolsoftware.com/spywareblaster.html



HJThis recommendation only:

To make sure your system is clean of spyware/adware/hijacker parasites
get the help from those that specialize in it.

Download/run HijackThis from:
http://www.richardthelionhearted.com/~merijn/downloads.html
http://majorgeeks.com/downloads31.html

Do not remove anything with it until you get advice on what to remove,
HJThis will list many apps that are needed along with the bad ones.
Removing items listed hap-hazardly without knowing what they are can/will
create a royal mess. Read the quick start here on how to create a log file
that can be copied/pasted into a forum that can provide assistance on
removal of unwanted pests.
http://mjc1.com/mirror/hjt/#quick

Then post the logs to an appropriate NG here where they specialize in
spyware/hijacker removal. Please read any sticky notes for proper posting
which are most commonly posted firs at the top in each specific forum.
Read any information under each forum category name for information on what
that particular one is used for, look for the proper one that you post logs
to.
http://forums.spywareinfo.com/

http://forum.aumha.org/
http://castlecops.com/forum67.html

--

Brian A. Sesko { MS MVP_Shell/User }
Conflicts start where information lacks.
http://basconotw.mvps.org/

Suggested posting do's/don'ts: http://www.dts-l.org/goodpost.htm
How to ask a question: http://support.microsoft.com/kb/555375

 

[Guest]

I've updated, zonealarm, spybot, and adaware. My virus checker was up to
date. I've looked up everything reported by hijackthis, however I haven't
posted my log file yet. In safe mode after cleaning the system, nothing
shows up. But I'm not catching something as after connecting back to the web
I get infected again. I'm currently running Ad-aware, with Internet disabled
through Zone Alarm, and I had been getting pop-ups until I disconnected the
network, both physically and through Zone Alarm. Now I get the Work Offline
error message, about one per every 5 minutes. This will happen until the
memory fills up and the system crashes.

The pop-ups are weird, First an IE window occurs, then the address bar has
ad-a-w-a-r-e plus more in the url, then the url changes to a final
destination. Some even continue after I try to close them. Many are gross
and none are wanted.

 

[Brian A.]

You may want to have a look in ZA for whatever apps are not/allowed
internet access. Also while in Safe Mode you should set hidden files/exts
and the such to Show. Also have a peek in msconfig > startup tab to see if
anything there is out of place.

--

Brian A. Sesko { MS MVP_Shell/User }
Conflicts start where information lacks.
http://basconotw.mvps.org/

Suggested posting do's/don'ts: http://www.dts-l.org/goodpost.htm
How to ask a question: http://support.microsoft.com/kb/555375

 

[PA Bear]

CoolWebSearch (CWS) is the hijacker. CWShredder is a tool that can remove
some CWS infections.

Checking for/Help with Hijackware
http://aumha.org/a/parasite.htm
http://aumha.org/a/quickfix.htm
http://aumha.net/viewtopic.php?t=5878
http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/data/prevention.htm
http://inetexplorer.mvps.org/archive/tshoot.html
http://www.mvps.org/sramesh2k/Malware_Defence.htm
http://defendingyourmachine.blogspot.com/

When all else fails, HijackThis v1.99.1
(http://aumha.net/downloads/hijackthis.zip) is the preferred tool to use.
It will help you to both identify and remove any hijackware/spyware. **Post
your log to http://forums.spybot.info/forumdisplay.php?f=22,
http://castlecops.com/forum67.html,
http://forums.subratam.org/index.php?showforum=7,
http://aumha.net/viewforum.php?f=30, or other appropriate forums for expert
analysis, not here.**

 

[Guest]

Rock;

I can not find the win98 general discusion group on the windows site. When
I go to the link http://aumha.org/nntp.htm and select the group, I'm asked to
sellect an outlook user name and login? If I highlight the group
microsoft.public.win98.gen_discussion the link at the bottom of the page
points to msnews.microsoft.com/microsoft.public.win98.gen_discussion however
entering that URL into my browser comes back with site not found.

Yes CWShredder is not a trojan, I realize it's to clean Cool Web Search and
its variants, but it didn't work for me as it finds nothing, even when
adaware does.

 

[PA Bear]

1. IE Tools > Internet Options > Programs > News > Select Outlook Express.

(If OL is your default Mail Client, if and when you get a prompt asking if
you want to make OE the default for News, choose "No".) (Long story...)

2. Copy/Paste this link into an IE Addressbar:

news://msnews.microsoft.com/microsoft.public.win98.gen_discussion