|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
RE: IE default Page
From: Micro Kluge (microkluge
hotmail.com)
Date: Fri Jul 16 2004 - 14:28:44 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Early versions of CoolwebSearch were trivial to defeat (ie adaware). The
later versions are becoming increasingly annoying. The latest versions of
CoolWeb laugh at most of the spy-ware removal tools. Use About Buster
(google) and HiJackThis. About Buster will do most of your heavy lifting,
then use HJT to scrap the rest of the leftover debris. The usual "safe
mode" and "restore point" steps apply.
>From: "Hagen, Eric" <ehagenDenverNewspaperAgency.com>
>To: wnorth <wnorthverizon.net>, incidentssecurityfocus.com
>Subject: RE: IE default Page
>Date: Fri, 16 Jul 2004 09:21:54 -0600
>
>I use "HijackThis" and have had success beating it. For most of my
>intensive Adware removal, I copy HiJackThis and CWShredder to the hard disk
>and then reboot the machine in safe mode. Then I manually kill all of the
>processes that it will allow me to kill... then run Hijackthis and
>cwshredder and take note of where the files are. I then go in and manually
>delete those files. CoolWebSearch hasn't been nearly as much problem for
>us as "TVMedia" and "WinTools" or a few of the other ones that have
>multiple
>threads and/or system services that watch the system processes and restart
>each other when one of them is killed. WinTools is an amazingly resilient
>program that uses this method with 2 processes PLUS a system service all
>watching each other.
>
>Interestingly enough, aren't they one of the companies who sued Symantec
>when they tried to add CWS as a "virus" to their definitions. After all,
>it's an "advertising engine" not a "virus" and they (like GMT and Gator)
>have been aggressive in pressing legal action against anyone who tries to
>"automatically" remove their "program".
>
>Eric
>
>-----Original Message-----
>From: wnorth [mailto:wnorthverizon.net]
>Sent: Thursday, July 15, 2004 6:46 PM
>To: incidentssecurityfocus.com
>Subject: IE default Page
>
>Interesting bug going around, coolwebsearch, has anyone been successful in
>removing this virus from a system? It looks like it recreates the DLL under
>c:\windows\system32 and renames it after a few reboots. It's pretty
>annoying
>and I haven't been able to fully contain it.
>
>Thoughts? Suggestions? I've used highjackthis, cwshredder and a few spyware
>detectors, but nothing is really fixing the problem.
>
>Thanks,
>
>-Wes
_________________________________________________________________
MSN Toolbar provides one-click access to Hotmail from any Web page – FREE
download! http://toolbar.msn.click-url.com/go/onm00200413ave/direct/01/
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]