Re: CoolWebSearch

I have exactly the same problem. My younger brother was visiting me and somehow got my computer infested. I ran adaware and found over 800 items. Would you believe it. Anyway over the past several days I've removed every single one except for CWS.. I can't get rid of it.. If that gives you any hint of the difficulty... I'm pretty smart when it comes to this stuff. I really don't see anything fishy when I run HiJack this. When I run Spybot S&D it detects CWS and IGetnet but they both seem to be directing my PC to the same IPaddress, so I don't know if they are connected or what. I think IGetnet is pretty much disabled but it keeps coming up in Spybot. My problem is exactly the same as this other guys. I have the same exact thing in my hosts files. When I monitor them with HiJack This I can actually see them come back faster than I can delete them. When I use CWShredder and Spybot, it seems to remove it from my computer until the next boot. But I could be incorrect.

Anyway I'm attaching my logs from HiJack This. I only have one user on this computer, except when I logon to safe mode it says Administrator or Bryan. Does that mean I have two? It never asks me on a normal startup.

Thanks for your help guys, I think it's great what you do for people. I actually solved most of my other problems from searching past posts on the site.

 

I gave you your own thread.

As you can see, this is Nasty and we haven't figured out the fix yet. This baddie keeps rewriting the Hosts file.

I am kinda looking for a common thread in all of the cases. Please give me a HJT log and a Startuplist log from the Administrator Account in Safe Mode.

I am just playing a hunch here. It may be nothing. I'll check back when I can; got a busy week of real life and real work ahead of me

Best

PP

 

I will post it later tonight when I get home from work. Thanks for giving me my own thread.

 

I went into Safe mode as admin and saved the requested files to my desktop. Only now I'm booted up as normal and I can't see them? Why on earth does it give me the option of Admin or Bryan (my name and main user) in safe mode but not normal? I set up Bryan as administrator so I don't know why it's doing this. And I can't upload the files unless I'm logged in normal mode. Thus I can't see them here, so I can't upload them. Any suggestions?

 

They may be "hidden files" and you need to enable Viewing of Hidden Files. See our cleanup tutorial for instructions on how to do this. Or, before you save them, look at the file properites and change to viewable.

It may be all for naught - I am looking for something I stumbled upon in another case of this baddie. Thought it might be a common link. But I looked at other logs and didn't find it, so it may be nothing.

In your HJT log - Besides the item we don't know how to fix yet - the only problem I saw was minor: O15 - Trusted Zone: *.frame.crazywinnings.com
I always recommend that people keep the Trusted Zone EMPTY.

With the real baddie, I think it will be a game of "wait and see" until somebody figures out how to kill it! Keep trying each new update of CWShredder and keep your fingers crossed.

PP