[andy19]

My computer was a mess a few days ago. It froze up and after using adaware, hijackthis, and several antispyware programs, I thought I had it fixed. There were several files/registry entries identified as coolwebsearch. From looking at past posts in here, I figured out which ones to delete and I'm pretty sure i got rid of the cws garbage using CWShredder and a few others. However, when i scanned with an updated version of adaware, it keeps pointing out "[email protected]" and "[email protected]" as tracking cookies. I can delete them, but as soon as I go back online they reappear. Now, when I scanned my comp with AVG (free version) and it ONLY identified those two cookies i previously mentioned as "downloader.small.42.AR" and once again, if i deleted them they just reappeared next time. However, when I did a full system scan with adaware, while adaware was doing a deep scan, AVG told me it found two files trying to be accessed - A0075991.exe and A0076019.exe - both identified as "backdoor.agent.8.L" in the folder C:\system volume info\_restore {bunch of #s} which it supposedly deleted but I haven't ran another adaware scan yet to see if they came back. Now I have no idea what to do. I tried just about everything in and out of safe mode. The one thing that seems a bit fishy is there's an index.dat file in the same folder as those cookies that can't be deleted (says being used by system). In safe mode i was able to delete it but again, it just reappeared with 2o7.net. Below is my hijackthis log. Any help is greatly appreciated!

Andy

Logfile of HijackThis v1.99.1
Scan saved at 9:00:39 PM, on 5/31/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\aim\aim.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\Netscape\Netscape 6\Netscp.exe
C:\Documents and Settings\smee\Desktop\HijackThis.exe

N3 - Netscape 7: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\Documents and Settings\username\Application Data\Mozilla\Profiles\default\gj3c12xy.slt\prefs.js)
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\aim\aim.exe -cnetwait.odl
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: AOL Instant Messenger (SM) - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1108183454078
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.web...otoUploader.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{97C74EBB-677E-4AD8-BA15-A6E9E7A0FDCC}: NameServer = 205.188.146.145
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

[Advertisements]

Hi andy19, welcome to the Geeks to Go Forums.

My name is Trevuren and I will be helping you with your log.

Your log looks pretty clean. That doesn't mean that you are malware free.

Please:


1.Please click HERE to download System Security Suite. Do not run it yet

2. Please follow the instructions provided, you may want to print out these instructions and use them as a reference.


Please download ewido security suite it is a trial version of the program.

• Install ewido security suite
• Launch ewido, there should be an icon on your desktop double-click it.
• The program will prompt you to update click the OK button
• The program will now go to the main screen

You will need to update ewido to the latest definition files.

• On the left hand side of the main screen click update
• Click on Start

The update will start and a progress bar will show the updates being installed.
Once the updates are installed do the following:

• Click on scanner
• Make sure the following boxes are checked before scanning:
  • Binder
  • Crypter
  • Archives
• Click on Start Scan
• Let the program scan the machine

While the scan is in progress you will be prompted to clean files, click OK

Once the scan has completed, there will be a button located on the bottom of the screen named Save report

• Click Save report
• Save the report to your desktop

Reboot your machine.

3. Run System Security Suite by extracting it from the zip file into a folder and doubleclicking on sss.exe. Check the boxes under the 'Items to Clear' tab and click 'Clear Selected Items'. Reboot when prompted.

4. Post your EWIDO log and Run HJT and post a fresh log

Regards,

Trevuren

[Trevuren]

Hi andy19, welcome to the Geeks to Go Forums.

My name is Trevuren and I will be helping you with your log.

Your log looks pretty clean. That doesn't mean that you are malware free.

Please:


1.Please click HERE to download System Security Suite. Do not run it yet

2. Please follow the instructions provided, you may want to print out these instructions and use them as a reference.


Please download ewido security suite it is a trial version of the program.

• Install ewido security suite
• Launch ewido, there should be an icon on your desktop double-click it.
• The program will prompt you to update click the OK button
• The program will now go to the main screen

You will need to update ewido to the latest definition files.

• On the left hand side of the main screen click update
• Click on Start

The update will start and a progress bar will show the updates being installed.
Once the updates are installed do the following:

• Click on scanner
• Make sure the following boxes are checked before scanning:
  • Binder
  • Crypter
  • Archives
• Click on Start Scan
• Let the program scan the machine

While the scan is in progress you will be prompted to clean files, click OK

Once the scan has completed, there will be a button located on the bottom of the screen named Save report

• Click Save report
• Save the report to your desktop

Reboot your machine.

3. Run System Security Suite by extracting it from the zip file into a folder and doubleclicking on sss.exe. Check the boxes under the 'Items to Clear' tab and click 'Clear Selected Items'. Reboot when prompted.

4. Post your EWIDO log and Run HJT and post a fresh log

Regards,

Trevuren

[andy19]

Trevuren,

First of all, thank you for your time and willingness to help. Ok, I did as you said. Ewido found 14 infected .exe files and 1 infected .dll file. The ewido log is a .txt file but it is a bunch of gibberish when i try to read it so I can't post it. Below is a fresh HJT log. Basically what is happening now is anytime i sign online (connect to the internet) with an empty cookies folder and temp folder, as soon as I connect, username@2o7[1].net and [email protected] get placed in each of those 2 folders respectively. I can delete them, and they'll stay deleted until the next time i sign on. Incidentally, I do have netscape on my computer although I rarely use it. When I checked all of netscape's history and cookies, they were all still there...a bunch from the website 2o7.net. This was AFTER I ran system security suite. I deleted everything and cleared the history manually. However, the problem still exists. I was wondering if maybe one or both of the two N3 lines in the HJT log have anything to do with this problem? When I try to delete them they come right back during the next scan. Anyway, sorry for the long post - here is the HJT log...thanks again.


Logfile of HijackThis v1.99.1
Scan saved at 3:21:10 AM, on 6/1/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\aim\aim.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\Netscape\Netscape 6\Netscp.exe
C:\Documents and Settings\smee\Desktop\HijackThis.exe

N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.../7_1/home.html"); (C:\Documents and Settings\username\Application Data\Mozilla\Profiles\default\gj3c12xy.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\Documents and Settings\username\Application Data\Mozilla\Profiles\default\gj3c12xy.slt\prefs.js)
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\aim\aim.exe -cnetwait.odl
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: AOL Instant Messenger (SM) - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1108183454078
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.web...otoUploader.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{97C74EBB-677E-4AD8-BA15-A6E9E7A0FDCC}: NameServer = 205.188.146.145
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

[Trevuren]

First, If GetRight is not the paid version, get rid of it immediately. There are many bugs that come with an unpaid for version. Also, food for thought, Many, many people are having huge problems with AIM. Most of those problems either lessen or disappear when it is removed. Keep it for now but it will have to be something to look at down thr road if we can't get this under controle. Thrirdly, a lot of the AOL problems are resolved after a reinstall. (You would bewise, if we have to go this rout to backup your favorites, not the whole profile).

Right now, please uninstall Netscape with all its profiles and everytjing else. We must isolate the problem and don't need unnecessary baggage clouding our view,


Trevuren

[andy19]

I used the "uninstall software" option to uninstall netscape and getright. I don't see any traces of netscape but there is still a getright icon on my desk top that when i click on it it asks me if I want to download getright. I ran security suite again after removing those two programs ( i tried running it from safe mode but i got an error message, so I had to run it in normal mode). Still the same problem, and in addition to 2o7.net, I got a doubleclick.net cookie too when i sign on (both of which can be deleted). The dates on these files are 5/21/2010. I'm about 4 hours away from formatting my hd, I have no idea what else to do. Below is a copy of my most recent HJT log. Thanks.

Logfile of HijackThis v1.99.1
Scan saved at 5:57:58 PM, on 6/1/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\aim\aim.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Documents and Settings\smee\Desktop\HijackThis.exe

O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\aim\aim.exe -cnetwait.odl
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: AOL Instant Messenger (SM) - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1108183454078
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.web...otoUploader.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{97C74EBB-677E-4AD8-BA15-A6E9E7A0FDCC}: NameServer = 205.188.146.145
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

[Trevuren]

1. Please click HERE to download System Security Suite. Extract it from the zip file into a folder and doubleclick on sss.exe. Check the boxes under the 'Items to Clear' tab and click 'Clear Selected Items'. Reboot when prompted.

2.
Disable then Enable System Restore in Windows XP

To Disable System Restore

. Right click on "My Computer"
. Left click on "Properties"
. Left click on "System Restore Tab"
. Check box beside "Turn Off System Restore"
. Left click on "Apply"
. Confirmation box appears: answer "YES"


To Enable System Restore

. Remove check mark from "Turn Off System Restore"
. Click on "Apply"

3. Rerun your scans and tell me if they come up with the same result.


Regards,

Trevuren

[andy19]

Trevuren,

One of the first things I did was to disable system restore and I tried system security suite previously as per your instructions.

[Trevuren]

1. You should not have your system restore disabled until your system is clean. If anything happens, it is always better to have a bad restore point than none at all.

2. Read the following:

207.net is actually a company, like posted above, called OMNITURE..check out their site at www.omniture.com they have aol, ebay, walmart, microsoft, HP and even Time Warner as clients. Unless you like clickin the decline box, then you just have to stop visiting these companies sites. SO basically, some of the most popular sites we use on the net, now, track our information through this company

3. Here is a solution that I found while googling. This individual said it workrd for him.

He added 207.net to his hosts file so that it just rebounds back to his computer which is 127.0.0.1

If you do not know how to edit your HOSTS file, please inform me and I'll do my best to talk you through it.


Regards,

Trevuren

[andy19]

Trevuren,

I don't visit any of those company sites and I always decline whenever one of those boxes pops up. I'm pretty sure there's something on my computer buried somewhere that is placing that cookie and the doubleclick.net cookie in my temp folder everytime I sign on. Plus, like I said, the date that the cookie says it was created is false (the year 2010), so I know it's not from me visiting those sites. At this point I'm just going to backup my important files and format the drive, because if something like this isn't being detected by any of the antispyware/antivirus programs, then there's always a chance there is a malicious virus/piece of spyware present as well that isn't being detected. I was told I should repartition my drive before formatting. Do you feel this is necessary? And if so, how would I go about it? Thank you so much for all your help.

[Trevuren]

If you read the article, you will notice that it can come bundled with AOL which YOU DO USE.

Before reformatting anything, aren't you even willing to try the "Add to Hosts fix Described in my last post?

If you want to reformat, go ahead, I can't stop you. But I have been proposing solutions that You are not even considering. Reformatting was the first thing on tour lips when you started the thread.

It's always the victim's choice to accept solutions or to refuse and reformat.

It's your choice.


Regards,


Trevuren

[andy19]

I apoligize if I was coming off as ungrateful or as a know-it-all. That was not my intention at all and once again, I do greatly appreciate all your advice. I know 2o7.net didn't come bundled with AOL because it never appeared in my cookies folder before this whole CWS incident. Also, like I said, I'm getting doubleclick.net and admt.net or something like that in addition to the 2o7.net cookie, and I'm not visiting any of those sites. It's just that I have the feeling that if this stuff is slipping by all the antivirus/antispyware detectors then other stuff might be too and I'd really only feel safe starting from scratch and reformatting. Thanks again for your help.

[Trevuren]

Well Andy,

Inasmuch as you have decided to reformat, I will close the thread


Trevuren

[Trevuren]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.