Spyware Removal

[PA Bear]

How do you know it's CWS.Yexe? See this page for starters:
http://www.pestpatrol.com/pestinfo/c/cws.asp

Check your system for "hijackware":

Help with Hijackware
http://aumha.org/a/parasite.htm
http://aumha.org/a/quickfix.htm
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/Darnit.htm

CoolWebSearch Chronicles
http://www.spywareinfo.com/~merijn/cwschronicles.html

Run these tools in the following order with nothing else running in
background:

1. CWShredder (fix all found)

2. Ad-Aware (fix all found)

3. Spybot (RTFM but generally fix everything in red)

Important: You *must* seek updates for Ad-Aware, Spybot, etc., before each
and every use, even "right out of the box". But even they can't catch
everything, 24/7. When all else fails, HijackThis
(http://www.spywareinfo.com/~merijn/files/HijackThis.exe) is the preferred
tool to use. It will help you to both identify and remove any
hijackware/spyware. **Post your files to http://forums.spywareinfo.com/ or
http://forum.aumha.org/viewforum.php?f=30 for expert analysis, not here.**

[Alternate download pages for many of the above tools may be found at
http://aumha.org/a/parasite.htm.]

Also:

1. Download and run Stinger (http://vil.nai.com/vil/stinger/); then...

2. Update your virus definitions, enable Show Hidden Files
(http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2002092715262339)
and then run a full system scan in Safe Mode
(http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406)
with nothing else running in background. Note the files identified and
removed then find the corresponding page for the file at your AV maker's
online support pages (e.g.,
http://securityresponse.symantec.com/avcenter/venc/data/adware.winfavorites.html)
and follow all Removal steps.

WinXP Only (WinME similar): If this scan finds anything, create a new
Restore Point then Disk Cleanup > More options > Delete all but the most
recent Restore Point.

3. Check in at Windows Update.

So How Did I Get Infected Anyway?
http://boards.cexx.org/viewtopic.php?t=957
--
~Robear Dyer (PA Bear)
MS MVP-Windows (IE/OE), AH-VSOP

Are You Ready for WinXP SP2?
http://support.microsoft.com/default.aspx?pr=windowsxpsp2

What You Should Know About Spyware
http://www.microsoft.com/athome/security/spyware/devioussoftware.mspx

AumHa Forums
http://forum.aumha.org

 

[Touch Base]

Fix up your system time.


<snip>

 

[Cris]

Fix up your system time.

I've read this piece of advice many times. Why is this fix so important,
please?

Thanks

 

[Sandi - Microsoft MVP]

Because it is rude to post a message using a date in the future, effectively
'jumping the queue' and forcing your message to the top of the pile.

Many of us automatically delete messages that are post-dated as a matter of
course and never see them.

 

[Cris]

'jumping the queue' and forcing ...

Yes, I understand now Thanks

 

[Sandi - Microsoft MVP]

) You're welcome.

 

[Jon Kennedy]

What Sandi said, plus not having the correct time on you system can lead to
other troubles with other programs as well. For instance:
http://support.microsoft.com/default.aspx?scid=kb;en-us;306153

But, as Sandi mentioned, it can be just that the user's clock setting got
screwed up unintentionally, but sometimes people do it on purpose to get
their posts to the top of a newsgroup to stay there for awhile to get
noticed.

 

[Newsgroup]

I have a virus/Trojan 'type' of software that I can not get rid
off --CWS.Yexe

I have all the software, CWShredder (latest version), Norton's, Ad-ware,
Zone Alarm etc.. but I can not get rid off this virus!!!

This virus starts an iexplorer page by itself, that one can not see,
therefore it works in the back ground without anyone knowing. In the task
manager though you can see it under applications; therefore, now I control
it by not allowing iexplorer to connect through zone alarm. But this is
only a temp solution.

I have booted in safe mode, used CWShredder and removed the virus but it
keeps coming back every-time the machine is rebooted. Why are not the above
programs working to mitigate this threat on my PC and what other method can
I apply?

Thanks in advance for the help.

 

[storm]

I just had the same problem only the adware was affecting
a couple .DLL files in the runtime library .. I have
PestPatrol and Nortons System Works 2004 .. removel with
both products failed so I searched on symantecs website
for this particular adware and it gave me removel
instructions. start your pc in safe mode, run a scan with
your antivirus and/or spyware removel programs. If you
cant remove the adware/spyware with any of your antivirus
or spyware removel tools, you will have to manually
delete the files from your C drive and also the registry
by locating the file(s), highlighting it,then hitting
delete.If Nortons Antivirus removes it .. then go into
reports, click on the quarintine folder and delete the
backups .. go to the recycle bin .. empty it out and also
empty out the protected files, after doing this do a
search of your pc and registry for the file name and
manually delete the files associated with it. also check
your nortons settings .. nortons antivirus now searches
for adware, spyware, and other little pc nastys .. that
is how I found the file that was messing with my
system .. my spyware program couldnt detect it.