Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

CWS_NS3

Started by bondzai , Aug 20 2004 10:10 AM

  • Please log in to reply

#1
bondzai
Posted 20 August 2004 - 10:10 AM

bondzai

    Member

  • Member
  • PipPip
  • 40 posts
Hello,

I have Spysweeper and Adaware and Hijack This and cwshredder and have been fighting with this for a day and can't get rid of it. I have not done much with the Hijack because the web page that tells how to use it properly is down but I need help. If you can help me, I would really appreciate it.

Thanks,

Paul
  • 0

Advertisements

#2
admin
Posted 20 August 2004 - 10:12 AM

admin

    Founder Geek

  • Community Leader
  • 24,639 posts
Hi Paul, welcome to Geeks to Go! <_<

Let us take a closer look at what is running on your PC. We'll need you to use a free diagnostic tool (HiJackThis) and post a log back here with the results.

Click the HijackThis Guide in my signature, download it and follow the instructions in the guide.

Most of what it lists will be harmless or even essential, DO NOT delete or modify anything yet! Someone will be along to tell you what steps to take after you post the contents of the scan results.
  • 0

#3
bondzai
Posted 20 August 2004 - 10:22 AM

bondzai

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
I tried aboutbuster a few times.... new files were generated which had started with apimd32.exe but they kept changing

here is my file

Logfile of HijackThis v1.98.2
Scan saved at 11:19:52 AM, on 8/20/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\SCardSvr.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\Ati2evxx.exe
C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\wltrysvc.exe
C:\WINNT\System32\bcmwltry.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\WZCBDL Service\WZCBDLS.exe
C:\WINNT\system32\carpserv.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\MK Net Work\ZipMail LN\zmailLN.exe
C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\D-Link\Air Utility\AirCFG.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Microsoft Office\Office\1033\msoffice.exe
C:\WINNT\system32\apikt32.exe
C:\WINNT\system32\netvf.exe
C:\Documents and Settings\pxc03\My Documents\falundafa\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://neword.com?s
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://neword.com?s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\xfwzl.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\xfwzl.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT\xfwzl.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\xfwzl.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\xfwzl.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\xfwzl.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://neword.com?s
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\xfwzl.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Alstom Power NSC
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {824B4D56-5BCF-8393-146E-67DBD7C38C71} - C:\WINNT\syssx.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_5_0.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ZipMail LN System Tray add-on] "C:\Program Files\MK Net Work\ZipMail LN\zmailLN.exe" 001
O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [D-Link Air Utility] C:\Program Files\D-Link\Air Utility\AirCFG.exe
O4 - HKLM\..\Run: [netvf.exe] C:\WINNT\system32\netvf.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.scoobidoo.com
O15 - Trusted Zone: *.searchmiracle.com
O16 - DPF: ConferenceRoom Java Client - http://irc.theamateu...com/java/cr.cab
O16 - DPF: v2cab - http://searchmiracle.com/cab/v2cab.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comne...iveSecurity.cab
O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.webs...38/QDow_AS2.cab
O16 - DPF: {87D1A6EF-8CBC-458A-84B5-0333562418CD} - http://www.sitetracking.info/cttdl.cab
O16 - DPF: {A762E064-A885-40E4-AC10-671BB62DC2B2} (OFMailHTMLCtl Class) - http://www.eomniform...ins/OFMailX.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = win.us.power.alstom.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = win.us.power.alstom.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = win.us.power.alstom.com,us.power.alstom.com,power.alstom.com,alstom.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = win.us.power.alstom.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = win.us.power.alstom.com,us.power.alstom.com,power.alstom.com,alstom.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = win.us.power.alstom.com,us.power.alstom.com,power.alstom.com,alstom.com
  • 0

#4
bondzai
Posted 20 August 2004 - 10:25 AM

bondzai

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
I have not deleted anything yet from the Hijack this
  • 0

#5
bondzai
Posted 20 August 2004 - 10:26 AM

bondzai

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
I did turn off all activex in the explorer to see if it would help, but that also prevents me some access.
  • 0

#6
bondzai
Posted 20 August 2004 - 10:27 AM

bondzai

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
right now the file that keeps returning every couple minutes that spysweeper keeps alarming me on is netvf.exe
  • 0

#7
bondzai
Posted 20 August 2004 - 10:29 AM

bondzai

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
when I tried that free virus scan you had posted for the other guy, it crashed my browser, but I do have Mcaffee on so...

in fact, when the infection hit, Mcafee went nuts and spysweeper crashed
  • 0

#8
bondzai
Posted 20 August 2004 - 10:36 AM

bondzai

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
here it is after I have rebooted before dealing with the spysweeper alerts.

Logfile of HijackThis v1.98.2
Scan saved at 11:34:40 AM, on 8/20/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\SCardSvr.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\Ati2evxx.exe
C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
C:\WINNT\system32\apikt32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\wltrysvc.exe
C:\WINNT\System32\bcmwltry.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\WZCBDL Service\WZCBDLS.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\carpserv.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\MK Net Work\ZipMail LN\zmailLN.exe
C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\D-Link\Air Utility\AirCFG.exe
C:\WINNT\system32\netvf.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Microsoft Office\Office\1033\msoffice.exe
C:\Documents and Settings\pxc03\My Documents\falundafa\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://neword.com?s
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://neword.com?s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\xfwzl.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\xfwzl.dll/sp.html#29126
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT\xfwzl.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\xfwzl.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\xfwzl.dll/sp.html#29126
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\xfwzl.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://neword.com?s
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\xfwzl.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Alstom Power NSC
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {824B4D56-5BCF-8393-146E-67DBD7C38C71} - C:\WINNT\syssx.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_5_0.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ZipMail LN System Tray add-on] "C:\Program Files\MK Net Work\ZipMail LN\zmailLN.exe" 001
O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [D-Link Air Utility] C:\Program Files\D-Link\Air Utility\AirCFG.exe
O4 - HKLM\..\Run: [netvf.exe] C:\WINNT\system32\netvf.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.scoobidoo.com
O15 - Trusted Zone: *.searchmiracle.com
O16 - DPF: ConferenceRoom Java Client - http://irc.theamateu...com/java/cr.cab
O16 - DPF: v2cab - http://searchmiracle.com/cab/v2cab.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comne...iveSecurity.cab
O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.webs...38/QDow_AS2.cab
O16 - DPF: {87D1A6EF-8CBC-458A-84B5-0333562418CD} - http://www.sitetracking.info/cttdl.cab
O16 - DPF: {A762E064-A885-40E4-AC10-671BB62DC2B2} (OFMailHTMLCtl Class) - http://www.eomniform...ins/OFMailX.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = win.us.power.alstom.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = win.us.power.alstom.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = win.us.power.alstom.com,us.power.alstom.com,power.alstom.com,alstom.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = win.us.power.alstom.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = win.us.power.alstom.com,us.power.alstom.com,power.alstom.com,alstom.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = win.us.power.alstom.com,us.power.alstom.com,power.alstom.com,alstom.com
  • 0

#9
bondzai
Posted 20 August 2004 - 10:47 AM

bondzai

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
from Spysweeper tech support:

Solution: Hello,

Unfortunately we still don't have a permanent fix for Cool Web Search. Our software engineers are working around the clock to find a permanent solution, but it is difficult because CWS is probably the worst browser hijacker we have ever come across. In addition to the fact that there are numerous new variants of it released each day, CWS also automatically changes its own file names to hide from anti-spyware programs like ours. It has been extremely difficult for us to find and remove the pest because it is always disguising itself and remaining in memory. Until a permanent fix is devised, I would suggest making use of Spy Sweeper's IE hijacker shield. This shield will allow you to automatically restore your home page every time you start your browser. It is not a perfect fix, but it is all we have at the time being. Also, try running safe-mode sweeps from time to time with our newest definitions and all Windows critical updates installed. Remember to check for Spy Sweeper updates on a regular basis, as the fix will be released before long.

If you have any further questions, please feel free to contact technical support again.

Sincerely,
Tech Support

www.webroot.com
(800) 772-9383
  • 0

#10
bondzai
Posted 20 August 2004 - 11:12 AM

bondzai

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
anyone here?
  • 0

Advertisements

#11
bondzai
Posted 20 August 2004 - 11:15 AM

bondzai

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
hello, anyone here to help me with this?

Thanks
  • 0

#12
coachwife6
Posted 20 August 2004 - 11:24 AM

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
Hi Bondzai. I am new to the board and am still learning the ropes or I would advise you on what to do next. Everyone on the board is a volunteer and they will be by to help you soon. Hold tight. The problem will be solved.
  • 0

#13
coachwife6
Posted 20 August 2004 - 11:31 AM

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
I do know they will ask you to move Hijack This to a permanent folder (i.e. C:\HJT). This ensures backups are saved and accessible.


These are just a few preliminary instructions. Hold tight. I'll be watching for your progress.

Edited by coachwife6, 20 August 2004 - 11:31 AM.

  • 0

#14
bondzai
Posted 20 August 2004 - 11:36 AM

bondzai

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
ok thanks for your help. Yes it seems that spysweeper is not able to deal with this cws_ns3 or cws_ns3 hijacker
  • 0

#15
coachwife6
Posted 20 August 2004 - 11:52 AM

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
I will give you a few more things to work on before someone can help you with the Hijack This Log.

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.


1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.



Have you downloaded Spybot Search and Destroy 1.3?

How do I check for Spyware and eliminate it from my system?
Spyware is designed to be difficult to identify and remove. It usually requires special tools. Thankfully, there are free software products available that are designed to seek out and remove Spyware.
(Note: Simply click the links below, download to your computer, and install:)

Spybot Search & Destroy
http://www.safer-net.../?page=download

Are you running the latest Ad-aware SE?

b]Using Ad-aware:[/b] Open Ad-Aware and use the Check for updates now link. Download and accept the latest reference file. When finished click the Start button. When done scanning, the Abort button will change to Next. Click the Next button. Right-click in the Scanning Results window and click "Select all objects". Then click the "Next" button and confirm that you want to delete the selected entries.

CLICK HERE to download Ad-aware



Have you run a trojan scan?

Download the free trial version from
www.moosoft.com

Try free virus scan

http://housecall.trendmicro.com

You also could clean up your temporary files

Delete your temporary internet files To do this:

1. In Interent Explorer, go to "Tool", then "Internet Options"
2. Right in the middle, under "Temporary interent files", click the "Delete Files..." button
3. Make sure the box next to "Delete all offline content" is checked, and hit "OK"

When finished, Reboot your computer. Finally, reply to this post with a new HiJackThis log so we can look for any nasties that may have been missed. <_<

Edited by coachwife6, 20 August 2004 - 11:54 AM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP