matmata1975 0 Posted September 11, 2004 Hi can anyone help, please. I am having real problems with the cws hijack trojan. I have read the earlier threads, and tried to follow them, however I can't download the hijackthis spyware. I am currently using Webroot Spy Sweeper which is telling me that this trojan is trying to constantly change my web page. I have downloaded bhodemon 2 and noadware and these haven't managed to delete the trojan. I use Norton Anti virus and the definitons are up to date. The problem I have as I say is that when my pc boots up, this trojan tries to change my explorer settings to about:blank. Spy Sweeper picks this up and I can change it back without any problems. When I try to access hotmail or yahoo mail, the page loads, but within seconds the page changes to some white pages search and find, etc. If anyone can tell me an easy step by step, program to download, etc, I would be very much indebted to you. Share this post Link to post
adamvjackson 0 Posted September 11, 2004 Hm, I feel for you. CoolWebSearch (CWS) is definately one of the worst trojan/spywares out there. There are so many different variants in the wild, I would be hard-pressed to say "here is the way to fix it..." However, you can try CWShredder. Note that the author who wrote this tool was unable to keep up with all the variants, but it's worth a shot. Try that, and post back with your results. Of course, I would also run HiJackThis, Ad-Aware, and Spybot S&D as well. For best results, download all of these programs and run them with your internet connection disabled, incase the spyware tries to call home to reinstall itself. Good luck Share this post Link to post
matmata1975 0 Posted September 18, 2004 Adam, many thanks for the help, I downloaded the cwshredder and ran the program. This cleared the problem (I hope) and my browser has been working correctly now for a while. The only problem I encountered was that once I had ran the cwshredder was when I came here to login or when logging into internet email, I was asked to connect to the page, but only the once. Again, many thanks for your help and advice. Share this post Link to post
adamvjackson 0 Posted September 20, 2004 No problem, glad your problem is solved. Now, some additional advice: Consider securing your system so that future reinstallation of the spyware doesn't happen. The best security/defense is multi-layered. Here's what I do: * Hardware router/NAT firewall (Linksys BEFSR41 v2) * Software firewall (Sygate Personal Firewall 5.5, freeware) * Mozilla Firefox browser (Mozilla, Firefox, or Opera are all significanly less prone to attack than Internet Explorer. Most are free, Opera has a small banner ad) * Installation of the Sun Java virtual machine (this may seem odd, but CWS is/was initally installed via a flaw/vulnerability in the Microsoft Java virtual machine) * Automatic updates to Windows, or frequently (weekly?) visits to windowsupdate.microsoft.com * Good anti-virus software, that updates automatically. There is some that is freeware, such as AVG, which reportedly works well. Hopefully that's a good start to keeping your system clean in the future. Again, glad I could help, and thanks for posting the feedback Share this post Link to post
felix 0 Posted September 20, 2004 I've found that the new reference files for AdAware have allowed it to correctly target CWS. I have used it on a couple of work machines and it is successful in clearing it. I'd download AdAware, install it, update it and do a custom deep scan with all options on in safe mode. It should kill it. Share this post Link to post
matmata1975 0 Posted September 27, 2004 Thanks for all the info. I have a friend that is having serious problems with his pc now. I have tried the usula tools and none of these have worked. When he tries to access his emails (hotmail) the page begins to open then closes straight away. I have ran spy sweeper and he has two different adware programs adlogix and websearch toolbar, amongst others. Is there anyone who recognises these and knows of a fix? I have installed: spybot search and destroy spy sweeper noadware bhodemon 2 ad-aware se When I ran ad-aware se there were a lot of problem programmes, all deleted. When I went to look on this page and create a user name for my friend I had to disconnect from the web as it threw up over 60 pop ups and wouldn't stop. Share this post Link to post