CoolWWW, redirected host problems. Followed the FAQ, still infected.

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by richinkc, Dec 14, 2004.

  1. richinkc

    richinkc Private E-2

    I followed all the steps in the READ ME FIRST FAQ. It helped but didn't completely solve my problem. Any help or suggestions would be appreciated.

    I'm running Windows 2000 SP4 and IE 6.0.2800.1106. I've been trying to fix this for more than a week with no luck. My system opens random browser pop-ups which set-off my virus software whether I'm surfing online or not. I've run both McAfee and AVG plus SpybotSD, AdAware, HijackThis, CWScrubber, Stinger, and followed your FAQ. The problem is less severe but I'm still infected. The thing that bugs me is that Spybot and AdAware seem to find the problem and clean it, but it comes right back as soon as a few seconds later. My recurring problem (as stated in Spybot) are listed below...

    DSO Exploit - HKEY_USERS\DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3
    Common Hijacker - Redirected hosts, search.netscape.com=69.20.16.183 and auto.search.msn.com=69.20.16.183
    CoolWWWSearch.Bootconf - auto.search.msn.com=69.20.16.183
    CoolWWWSearch.Loadbat - auto.search.msn.com=69.20.16.183
    CoolWWWSearch.MSConfd - auto.search.msn.com=69.20.16.183
    CoolWWWSearch.OSlogo - auto.search.msn.com=69.20.16.183
    CoolWWWSearch.Tapicfg - auto.search.msn.com=69.20.16.183
    CoolWWWSearch.XMLmimefilter - auto.search.msn.com=69.20.16.183
    IGetNet - ieautosearch=69.20.16.183

    I'd be grateful for any suggestions. Thanks in advance.
    Rich
     
    richinkc, Dec 14, 2004
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    It's CWshredder not CWScrubber.

    Download and run this: Spybot - Search and Destroy DSO Exploit Fix

    We have not found a permanent fix yet for the 69.20.16.183 Hosts file hijacks. But give the below a try:

    1. Click Start, and then click Run. (The Run dialog box appears.)
    2. Type regedit

      Then click OK. (The Registry Editor opens.)
    3. Navigate to the key:

      HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main
    4. In the right pane, delete the value"Start Page," or change this setting to point to your preferred start page.
    5. Navigate to the key:

      HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Styles
    6. In the right pane, delete the following values:
      • "User Stylesheet" = "%Windir%\default.css"
      • "Use My Stylesheet" = 1
    %windir% should be replace by the folder you install windows to. For Win2K that is typcially c:\winnt. So you are looking for c:\winnt\default.css



    Exit the Registry Editor.

    Now run HijackThis and fix any of the O1 - Hosts line you find.

    Now reboot and post a HJT log. Tell us how things are working.
     
    chaslang, Dec 14, 2004
    #2
  3. richinkc

    richinkc Private E-2

    OK, I followed your instructions. The only glitch was that I did not find any reference to css files anywhere in my registry. The DSO Entry no longer appears on a Spybot but the others still exist. Running Hijack still finds the Host redirects and they stay even when cleaned. I've uploaded my Hijack log as your requested. Thank you for your help.

    I don't know if this helps, but I have two items in my Recycle Bin that are invisible and refuse to be emptied. CCleaner didn't touch them. Could they be part of the problem? Also, for some reason my Quicklaunch panel next to the Start button is mirrored right next to it. Both issues only started with the bugs hit my PC. Thought they may be symptoms that would help you figure out what's going on.

    Thanks again,
    Rich

     

    Attached Files:

    richinkc, Dec 14, 2004
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    chaslang, Dec 15, 2004
    #4

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds