CW Shredder Question

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by Maggie, Apr 29, 2004.

  1. Maggie

    Maggie Corporal

    Hi Everyone:

    Quick question for you. I've just run CW Shredder
    and the log is shown below. Is it OK to go
    ahead and fix these items?

    Thank you!

    Maggie

    CWShredder v1.57.0 scan only report
    Please understand that a CWShredder 'Scan only' report
    might not be sufficient to troubleshoot an infected system.
    You can use HijackThis for that:
    http://www.merijn.org/files/hijackthis.zip
    http://www.spywareinfo.com/~merijn/files/hijackthis.zip

    Windows XP (5.01.2600 SP1)
    Windows dir: C:\WINDOWS
    Windows system dir: C:\WINDOWS\system32
    AppData folder: C:\Documents and Settings\Owner\Application Data
    Username: Owner

    Found Hosts file: C:\WINDOWS\system32\drivers\etc\hosts (734 bytes, -)
    Shell Registry value: HKLM\..\WinLogon [Shell] Explorer.exe
    UserInit Registry value: HKLM\..\WinLogon [UserInit] C:\WINDOWS\system32\userinit.exe,
    CWS.Oslogo (if value is 2) Registry value: Domains: *.coolwebsearch.com [*] dword:4
    CWS.Oslogo (if value is 2) Registry value: Domains: *.coolwwwsearch.com [*] dword:4
    CWS.Googlems.2 (if value is 2) Registry value: Domains: *.xxxtoolbar.com [*] dword:4
    CWS.Googlems.4 (if value is 2) Registry value: Domains: *.teensguru.com [*] dword:4
    Registry value: DefaultPrefix (should be http://) [] http://
    Registry value: WWW Prefix (should be http://) [www] http://
    Registry value: Mosaic Prefix (should be http://) [mosaic] http://
    Registry value: Home Prefix (should be http://) [home] http://
    Found Win.ini file: C:\WINDOWS\win.ini (1107 bytes, A)
    Found System.ini file: C:\WINDOWS\system.ini (227 bytes, A)

    - END OF REPORT -
     
    Maggie, Apr 29, 2004
    #1
  2. billH

    billH Master Sergeant

    For sure fix:
    CWS.Oslogo (if value is 2) Registry value: Domains: *.coolwebsearch.com[*] dword:4
    CWS.Oslogo (if value is 2) Registry value: Domains: *.coolwwwsearch.com[*] dword:4
    CWS.Googlems.2 (if value is 2) Registry value: Domains: *.xxxtoolbar.com[*] dword:4
    CWS.Googlems.4 (if value is 2) Registry value: Domains: *.teensguru.com[*] dword:4
    Don't see much wrong with the other entries. (I'm sure another geek will correct me if I'm wrong. :) )
    Bill
     
    billH, Apr 29, 2004
    #2
  3. Maggie

    Maggie Corporal

    Thanks Bill

    Thanks for your message, Bill.

    So, now I am confused. I went to fix the items you mentioned.
    CWShredder went through its fix procedure. At the end it said
    nothing was infected. So, what about the items it found on its
    initial scan that I showed you in my first message? What do I do?

    Thanks so much,
    Maggie
     
    Maggie, Apr 29, 2004
    #3
  4. alanc

    alanc MajorGeek

    It's safe to fix everything that CWShredder finds, if you don't the hijacker won't be completely cleaned.
     
    alanc, Apr 29, 2004
    #4
  5. Major Attitude

    Major Attitude Co-Owner MajorGeeks.Com Staff Member

    Im comfortable with that as well, its never burned me yet, if another vote of confidence helps you feel better about it.
     
    Major Attitude, Apr 29, 2004
    #5
  6. billH

    billH Master Sergeant

    I'll ditto alan and major. I've never had a problem with HiJack This. But, I thought I'd wait before advising you to delete everything in your first post until some real geeks had a look. The major and alan certainly are that. :) Thanks for the expert input guys.
     
    billH, Apr 29, 2004
    #6

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds