CWS_NS3 problem

Discussion in 'Malware Help (A Specialist Will Reply)' started by chriscsugaree, Oct 20, 2004.

  1. chriscsugaree

    chriscsugaree Private E-2

    Hello, I am new here and I am perplexed with a CWS_NS3 problem. I know there a few step by step instructions posted at this board but none of the tools or steps have helped so far. But I am going to attempt the generic solution later tonight. But I am at my wits ends with CWS_NS3. Because of virus problems I long ago partitioned my c: drive down to 4gbs. Whenever I would get a hard to remove infection that my antivirus eTrust EZ and spy sweeper could not clean out I would just reformat c: drive and re-install everything. This has always solved any difficult infection problem until now.

    Now here is the problem. I have reformatted and re-installed about six times already and each time CWS_NS3 is back. The first few times I re-installed in this order:
    1) win98SE
    2) sbc dsl, updating the software during install
    3) eTrust EZ antivirus, then update the definitions
    4) zone alarm pro
    5) windows update
    6) mozilla firefox
    7) webroot spy sweeper, update the definitions and run a scan

    But each time I would run spy sweeper I would find CWS_NS3.

    Not understanding how CWS_NS3 could be sneaking back in so soon after each reformat and re-install I tried something different on my last two reformats. This time I did this:
    1) win98SE
    2) sbc dsl, updating the software during install
    3) webroot spy sweeper, update the definition and run a scan

    But on each spy sweeper scan I again found CWS_NS3

    I am not a software expert by any stretch of the imagination but suspecting that maybe it was the spy sweeper program I tried versions I downloaded from different sites but every version would find CWS_NS3 after each reformat and re-install. If anyone knows how this can be possible please speak up.
     
    chriscsugaree, Oct 20, 2004
    #1
  2. Major Attitude

    Major Attitude Co-Owner MajorGeeks.Com Staff Member

    Hi,
    First and foremost, on re-install, disconnect your internet connection. Download everything you need to CD, including SpySweeper before the format. Then see if it appears, which it should not. Install anti-virus, firewall and everything you can prior to the internet connection. Also download SpywareBlaster; http://majorgeeks.com/download2859.html in that case, install it, then update it and re-apply once on the internet. As I was even unaware until it was pointed out to me by Kodo and Chas since it never happened to me, it is possible to get infected immediately on re-install if connected to the net, so UNPLUG the DSL line from your computer.
     
    Major Attitude, Oct 20, 2004
    #2
  3. chriscsugaree

    chriscsugaree Private E-2

    Thank you for your quick reply. Will it make any difference if I put all the programs I need to re-install on a cd or if I put them on a seperate partition from the c: drive? My burner took a dump recently and I had to replace it temporarily with a cd reader just so I could re-install windows and try to get rid of this problem. I will check back later for a reply. I hope these steps help my problem but even if they do not your help is appreciated.
     
    chriscsugaree, Oct 21, 2004
    #3
  4. lucius

    lucius Private E-2

    Hi,
    I don't know if this 'd interest you, but i've experienced a Spy Sweeper CWS_NS3 false positive with reguard to these registry entries

    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Infodelivery
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions\\NoUpdateCheck
     

    Attached Files:

    lucius, Oct 21, 2004
    #4
  5. chriscsugaree

    chriscsugaree Private E-2

    I do not know how to post what I am finding like you have here but on my scans I am finding 158 traces in the registry but it is all greek to me. This is the log:

    07:36 PM: Sweep initiated using definitions version 405
    07:36 PM: Sweeping memory for active spyware.
    07:36 PM: Memory sweep has completed. Elapsed time 00:00:00
    07:36 PM: Registry sweep initiated.
    07:36 PM: Found: 158 CWS_NS3 registry traces.
    07:36 PM: Registry sweep completed. Elapsed time 00:00:11
    07:36 PM: Full sweep on all local drives initiated.
    07:36 PM: Now sweeping drive C:
    07:37 PM: Found: 0 file traces.
    07:37 PM: Full Sweep has completed. Elapsed time 00:00:28
    4,140 files swept
    158 spyware traces located
    07:40 PM: Removal process initiated
    07:40 PM: Quarantining: CWS_NS3
    07:40 PM: Registry: HKEY_CLASSES_ROOT\interface\{07b526e5-460b-4ba7-ae34-e6cbf37c5b96}
    07:40 PM: Registry: HKEY_CLASSES_ROOT\interface\{4e29979f-d70c-4055-b946-74b063aa6944}
    07:40 PM: Registry: HKEY_CLASSES_ROOT\interface\{a4208e16-90de-4b5d-af16-018c6c4ef54b}
    07:40 PM: Registry: HKEY_CLASSES_ROOT\interface\{a888a8b2-9cc2-40a3-a046-13ab9f391a02}
    07:40 PM: Registry: HKEY_CLASSES_ROOT\interface\{c904c3d4-2f82-4b00-924a-ae78720235d2}
    07:40 PM: Registry: HKEY_CLASSES_ROOT\interface\{ca8af479-390f-4eaa-91c4-eb551b6af6d7}
    07:40 PM: Registry: HKEY_CLASSES_ROOT\interface\{d40485b7-0f8d-47a7-981b-62a95f506746}
    07:40 PM: Registry: HKEY_CLASSES_ROOT\interface\{e213cad6-f916-4400-a207-ae64ea512bd0}
    07:40 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{abdf3701-f340-4135-ac07-153d52cdb4a7}
    07:40 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\interface\{07b526e5-460b-4ba7-ae34-e6cbf37c5b96}
    07:40 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\interface\{4e29979f-d70c-4055-b946-74b063aa6944}
    07:40 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\interface\{a4208e16-90de-4b5d-af16-018c6c4ef54b}
    07:40 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\interface\{a888a8b2-9cc2-40a3-a046-13ab9f391a02}
    07:40 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\interface\{c904c3d4-2f82-4b00-924a-ae78720235d2}
    07:40 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\interface\{ca8af479-390f-4eaa-91c4-eb551b6af6d7}
    07:40 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\interface\{d40485b7-0f8d-47a7-981b-62a95f506746}
    07:40 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\interface\{e213cad6-f916-4400-a207-ae64ea512bd0}
    07:40 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\interface\{e213cad6-f916-4400-a207-ae64ea512bd0}\proxystubclsid
    07:40 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\interface\{e213cad6-f916-4400-a207-ae64ea512bd0}\proxystubclsid32
    07:40 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\interface\{e213cad6-f916-4400-a207-ae64ea512bd0}\typelib
    07:40 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\interface\{e213cad6-f916-4400-a207-ae64ea512bd0}||(-default-)
    07:40 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\interface\{e213cad6-f916-4400-a207-ae64ea512bd0}\proxystubclsid||(-default-)
    07:40 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\interface\{e213cad6-f916-4400-a207-ae64ea512bd0}\proxystubclsid32||(-default-)
    07:40 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\interface\{e213cad6-f916-4400-a207-ae64ea512bd0}\typelib||(-default-)
    07:40 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\interface\{e213cad6-f916-4400-a207-ae64ea512bd0}\typelib||version
    07:40 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\interface\{d40485b7-0f8d-47a7-981b-62a95f506746}\proxystubclsid
    07:40 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\interface\{d40485b7-0f8d-47a7-981b-62a95f506746}\proxystubclsid32
    07:40 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\interface\{d40485b7-0f8d-47a7-981b-62a95f506746}\typelib
    07:40 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\interface\{d40485b7-0f8d-47a7-981b-62a95f506746}||(-default-)
    07:40 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\interface\{d40485b7-0f8d-47a7-981b-62a95f506746}\proxystubclsid||(-default-)
    07:40 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\interface\{d40485b7-0f8d-47a7-981b-62a95f506746}\proxystubclsid32||(-default-)
    07:40 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\interface\{d40485b7-0f8d-47a7-981b-62a95f506746}\typelib||(-default-)
    07:40 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\interface\{d40485b7-0f8d-47a7-981b-62a95f506746}\typelib||version
    07:40 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\interface\{ca8af479-390f-4eaa-91c4-eb551b6af6d7}\proxystubclsid
    07:40 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\interface\{ca8af479-390f-4eaa-91c4-eb551b6af6d7}\proxystubclsid32
    07:40 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\interface\{ca8af479-390f-4eaa-91c4-eb551b6af6d7}\typelib
    07:40 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\interface\{ca8af479-390f-4eaa-91c4-eb551b6af6d7}||(-default-)
    07:40 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\interface\{ca8af479-390f-4eaa-91c4-eb551b6af6d7}\proxystubclsid||(-default-)
    07:40 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\interface\{ca8af479-390f-4eaa-91c4-eb551b6af6d7}\proxystubclsid32||(-default-)
    07:40 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\interface\{ca8af479-390f-4eaa-91c4-eb551b6af6d7}\typelib||(-default-)
    07:40 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\interface\{ca8af479-390f-4eaa-91c4-eb551b6af6d7}\typelib||version
    07:40 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\interface\{c904c3d4-2f82-4b00-924a-ae78720235d2}\proxystubclsid
    07:40 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\interface\{c904c3d4-2f82-4b00-924a-ae78720235d2}\proxystubclsid32
    07:40 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\interface\{c904c3d4-2f82-4b00-924a-ae78720235d2}\typelib
    07:40 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\interface\{c904c3d4-2f82-4b00-924a-ae78720235d2}||(-default-)
    07:40 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\interface\{c904c3d4-2f82-4b00-924a-ae78720235d2}\proxystubclsid||(-default-)
    07:40 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\interface\{c904c3d4-2f82-4b00-924a-ae78720235d2}\proxystubclsid32||(-default-)
    07:40 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\interface\{c904c3d4-2f82-4b00-924a-ae78720235d2}\typelib||(-default-)
    07:40 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\interface\{c904c3d4-2f82-4b00-924a-ae78720235d2}\typelib||version
    07:40 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\interface\{a888a8b2-9cc2-40a3-a046-13ab9f391a02}\proxystubclsid
    07:40 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\interface\{a888a8b2-9cc2-40a3-a046-13ab9f391a02}\proxystubclsid32
    07:40 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\interface\{a888a8b2-9cc2-40a3-a046-13ab9f391a02}\typelib
    07:40 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\interface\{a888a8b2-9cc2-40a3-a046-13ab9f391a02}||(-default-)
    07:40 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\interface\{a888a8b2-9cc2-40a3-a046-13ab9f391a02}\proxystubclsid||(-default-)
    07:40 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\interface\{a888a8b2-9cc2-40a3-a046-13ab9f391a02}\proxystubclsid32||(-default-)
    07:40 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\interface\{a888a8b2-9cc2-40a3-a046-13ab9f391a02}\typelib||(-default-)
    07:40 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\interface\{a888a8b2-9cc2-40a3-a046-13ab9f391a02}\typelib||version
    07:40 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\interface\{a4208e16-90de-4b5d-af16-018c6c4ef54b}\proxystubclsid
    07:40 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\interface\{a4208e16-90de-4b5d-af16-018c6c4ef54b}\proxystubclsid32
    07:40 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\interface\{a4208e16-90de-4b5d-af16-018c6c4ef54b}\typelib
    07:40 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\interface\{a4208e16-90de-4b5d-af16-018c6c4ef54b}||(-default-)
    07:40 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\interface\{a4208e16-90de-4b5d-af16-018c6c4ef54b}\proxystubclsid||(-default-)
    07:40 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\interface\{a4208e16-90de-4b5d-af16-018c6c4ef54b}\proxystubclsid32||(-default-)
    07:40 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\interface\{a4208e16-90de-4b5d-af16-018c6c4ef54b}\typelib||(-default-)
    07:40 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\interface\{a4208e16-90de-4b5d-af16-018c6c4ef54b}\typelib||version
    07:40 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\interface\{4e29979f-d70c-4055-b946-74b063aa6944}\proxystubclsid
    07:40 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\interface\{4e29979f-d70c-4055-b946-74b063aa6944}\proxystubclsid32
    07:40 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\interface\{4e29979f-d70c-4055-b946-74b063aa6944}\typelib
    07:40 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\interface\{4e29979f-d70c-4055-b946-74b063aa6944}||(-default-)
    07:40 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\interface\{4e29979f-d70c-4055-b946-74b063aa6944}\proxystubclsid||(-default-)
    07:40 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\interface\{4e29979f-d70c-4055-b946-74b063aa6944}\proxystubclsid32||(-default-)
    07:40 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\interface\{4e29979f-d70c-4055-b946-74b063aa6944}\typelib||(-default-)
    07:40 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\interface\{4e29979f-d70c-4055-b946-74b063aa6944}\typelib||version
    07:40 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\interface\{07b526e5-460b-4ba7-ae34-e6cbf37c5b96}\proxystubclsid
    07:40 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\interface\{07b526e5-460b-4ba7-ae34-e6cbf37c5b96}\proxystubclsid32
    07:40 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\interface\{07b526e5-460b-4ba7-ae34-e6cbf37c5b96}\typelib
    07:40 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\interface\{07b526e5-460b-4ba7-ae34-e6cbf37c5b96}||(-default-)
    07:40 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\interface\{07b526e5-460b-4ba7-ae34-e6cbf37c5b96}\proxystubclsid||(-default-)
    07:40 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\interface\{07b526e5-460b-4ba7-ae34-e6cbf37c5b96}\proxystubclsid32||(-default-)
    07:40 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\interface\{07b526e5-460b-4ba7-ae34-e6cbf37c5b96}\typelib||(-default-)
    07:40 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\interface\{07b526e5-460b-4ba7-ae34-e6cbf37c5b96}\typelib||version
    07:40 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{abdf3701-f340-4135-ac07-153d52cdb4a7}\progid
    07:40 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{abdf3701-f340-4135-ac07-153d52cdb4a7}\versionindependentprogid
    07:40 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{abdf3701-f340-4135-ac07-153d52cdb4a7}\localserver32
    07:40 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{abdf3701-f340-4135-ac07-153d52cdb4a7}\typelib
    07:40 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{abdf3701-f340-4135-ac07-153d52cdb4a7}\implemented categories
    07:40 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{abdf3701-f340-4135-ac07-153d52cdb4a7}\implemented categories\{7dd95801-9882-11cf-9fa9-00aa006c42c4}
    07:40 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{abdf3701-f340-4135-ac07-153d52cdb4a7}\implemented categories\{7dd95802-9882-11cf-9fa9-00aa006c42c4}
    07:40 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{abdf3701-f340-4135-ac07-153d52cdb4a7}||(-default-)
    07:40 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{abdf3701-f340-4135-ac07-153d52cdb4a7}||appid
    07:40 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{abdf3701-f340-4135-ac07-153d52cdb4a7}\progid||(-default-)
    07:40 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{abdf3701-f340-4135-ac07-153d52cdb4a7}\versionindependentprogid||(-default-)
    07:40 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{abdf3701-f340-4135-ac07-153d52cdb4a7}\localserver32||(-default-)
    07:40 PM: Registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{abdf3701-f340-4135-ac07-153d52cdb4a7}\typelib||(-default-)
    07:40 PM: Registry: HKEY_CLASSES_ROOT\interface\{e213cad6-f916-4400-a207-ae64ea512bd0}\proxystubclsid
    07:40 PM: Registry: HKEY_CLASSES_ROOT\interface\{e213cad6-f916-4400-a207-ae64ea512bd0}\proxystubclsid32
    07:40 PM: Registry: HKEY_CLASSES_ROOT\interface\{e213cad6-f916-4400-a207-ae64ea512bd0}\typelib
    07:40 PM: Registry: HKEY_CLASSES_ROOT\interface\{e213cad6-f916-4400-a207-ae64ea512bd0}||(-default-)
    07:40 PM: Registry: HKEY_CLASSES_ROOT\interface\{e213cad6-f916-4400-a207-ae64ea512bd0}\proxystubclsid||(-default-)
    07:40 PM: Registry: HKEY_CLASSES_ROOT\interface\{e213cad6-f916-4400-a207-ae64ea512bd0}\proxystubclsid32||(-default-)
    07:40 PM: Registry: HKEY_CLASSES_ROOT\interface\{e213cad6-f916-4400-a207-ae64ea512bd0}\typelib||(-default-)
    07:40 PM: Registry: HKEY_CLASSES_ROOT\interface\{e213cad6-f916-4400-a207-ae64ea512bd0}\typelib||version
    07:40 PM: Registry: HKEY_CLASSES_ROOT\interface\{d40485b7-0f8d-47a7-981b-62a95f506746}\proxystubclsid
    07:40 PM: Registry: HKEY_CLASSES_ROOT\interface\{d40485b7-0f8d-47a7-981b-62a95f506746}\proxystubclsid32
    07:40 PM: Registry: HKEY_CLASSES_ROOT\interface\{d40485b7-0f8d-47a7-981b-62a95f506746}\typelib
    07:40 PM: Registry: HKEY_CLASSES_ROOT\interface\{d40485b7-0f8d-47a7-981b-62a95f506746}||(-default-)
    07:40 PM: Registry: HKEY_CLASSES_ROOT\interface\{d40485b7-0f8d-47a7-981b-62a95f506746}\proxystubclsid||(-default-)
    07:40 PM: Registry: HKEY_CLASSES_ROOT\interface\{d40485b7-0f8d-47a7-981b-62a95f506746}\proxystubclsid32||(-default-)
    07:40 PM: Registry: HKEY_CLASSES_ROOT\interface\{d40485b7-0f8d-47a7-981b-62a95f506746}\typelib||(-default-)
    07:40 PM: Registry: HKEY_CLASSES_ROOT\interface\{d40485b7-0f8d-47a7-981b-62a95f506746}\typelib||version
    07:40 PM: Registry: HKEY_CLASSES_ROOT\interface\{ca8af479-390f-4eaa-91c4-eb551b6af6d7}\proxystubclsid
    07:40 PM: Registry: HKEY_CLASSES_ROOT\interface\{ca8af479-390f-4eaa-91c4-eb551b6af6d7}\proxystubclsid32
    07:40 PM: Registry: HKEY_CLASSES_ROOT\interface\{ca8af479-390f-4eaa-91c4-eb551b6af6d7}\typelib
    07:40 PM: Registry: HKEY_CLASSES_ROOT\interface\{ca8af479-390f-4eaa-91c4-eb551b6af6d7}||(-default-)
    07:40 PM: Registry: HKEY_CLASSES_ROOT\interface\{ca8af479-390f-4eaa-91c4-eb551b6af6d7}\proxystubclsid||(-default-)
    07:40 PM: Registry: HKEY_CLASSES_ROOT\interface\{ca8af479-390f-4eaa-91c4-eb551b6af6d7}\proxystubclsid32||(-default-)
    07:40 PM: Registry: HKEY_CLASSES_ROOT\interface\{ca8af479-390f-4eaa-91c4-eb551b6af6d7}\typelib||(-default-)
    07:40 PM: Registry: HKEY_CLASSES_ROOT\interface\{ca8af479-390f-4eaa-91c4-eb551b6af6d7}\typelib||version
    07:40 PM: Registry: HKEY_CLASSES_ROOT\interface\{c904c3d4-2f82-4b00-924a-ae78720235d2}\proxystubclsid
    07:40 PM: Registry: HKEY_CLASSES_ROOT\interface\{c904c3d4-2f82-4b00-924a-ae78720235d2}\proxystubclsid32
    07:40 PM: Registry: HKEY_CLASSES_ROOT\interface\{c904c3d4-2f82-4b00-924a-ae78720235d2}\typelib
    07:40 PM: Registry: HKEY_CLASSES_ROOT\interface\{c904c3d4-2f82-4b00-924a-ae78720235d2}||(-default-)
    07:40 PM: Registry: HKEY_CLASSES_ROOT\interface\{c904c3d4-2f82-4b00-924a-ae78720235d2}\proxystubclsid||(-default-)
    07:40 PM: Registry: HKEY_CLASSES_ROOT\interface\{c904c3d4-2f82-4b00-924a-ae78720235d2}\proxystubclsid32||(-default-)
    07:40 PM: Registry: HKEY_CLASSES_ROOT\interface\{c904c3d4-2f82-4b00-924a-ae78720235d2}\typelib||(-default-)
    07:40 PM: Registry: HKEY_CLASSES_ROOT\interface\{c904c3d4-2f82-4b00-924a-ae78720235d2}\typelib||version
    07:40 PM: Registry: HKEY_CLASSES_ROOT\interface\{a888a8b2-9cc2-40a3-a046-13ab9f391a02}\proxystubclsid
    07:40 PM: Registry: HKEY_CLASSES_ROOT\interface\{a888a8b2-9cc2-40a3-a046-13ab9f391a02}\proxystubclsid32
    07:40 PM: Registry: HKEY_CLASSES_ROOT\interface\{a888a8b2-9cc2-40a3-a046-13ab9f391a02}\typelib
    07:40 PM: Registry: HKEY_CLASSES_ROOT\interface\{a888a8b2-9cc2-40a3-a046-13ab9f391a02}||(-default-)
    07:40 PM: Registry: HKEY_CLASSES_ROOT\interface\{a888a8b2-9cc2-40a3-a046-13ab9f391a02}\proxystubclsid||(-default-)
    07:40 PM: Registry: HKEY_CLASSES_ROOT\interface\{a888a8b2-9cc2-40a3-a046-13ab9f391a02}\proxystubclsid32||(-default-)
    07:40 PM: Registry: HKEY_CLASSES_ROOT\interface\{a888a8b2-9cc2-40a3-a046-13ab9f391a02}\typelib||(-default-)
    07:40 PM: Registry: HKEY_CLASSES_ROOT\interface\{a888a8b2-9cc2-40a3-a046-13ab9f391a02}\typelib||version
    07:40 PM: Registry: HKEY_CLASSES_ROOT\interface\{a4208e16-90de-4b5d-af16-018c6c4ef54b}\proxystubclsid
    07:40 PM: Registry: HKEY_CLASSES_ROOT\interface\{a4208e16-90de-4b5d-af16-018c6c4ef54b}\proxystubclsid32
    07:40 PM: Registry: HKEY_CLASSES_ROOT\interface\{a4208e16-90de-4b5d-af16-018c6c4ef54b}\typelib
    07:40 PM: Registry: HKEY_CLASSES_ROOT\interface\{a4208e16-90de-4b5d-af16-018c6c4ef54b}||(-default-)
    07:40 PM: Registry: HKEY_CLASSES_ROOT\interface\{a4208e16-90de-4b5d-af16-018c6c4ef54b}\proxystubclsid||(-default-)
    07:40 PM: Registry: HKEY_CLASSES_ROOT\interface\{a4208e16-90de-4b5d-af16-018c6c4ef54b}\proxystubclsid32||(-default-)
    07:40 PM: Registry: HKEY_CLASSES_ROOT\interface\{a4208e16-90de-4b5d-af16-018c6c4ef54b}\typelib||(-default-)
    07:40 PM: Registry: HKEY_CLASSES_ROOT\interface\{a4208e16-90de-4b5d-af16-018c6c4ef54b}\typelib||version
    07:40 PM: Registry: HKEY_CLASSES_ROOT\interface\{4e29979f-d70c-4055-b946-74b063aa6944}\proxystubclsid
    07:40 PM: Registry: HKEY_CLASSES_ROOT\interface\{4e29979f-d70c-4055-b946-74b063aa6944}\proxystubclsid32
    07:40 PM: Registry: HKEY_CLASSES_ROOT\interface\{4e29979f-d70c-4055-b946-74b063aa6944}\typelib
    07:40 PM: Registry: HKEY_CLASSES_ROOT\interface\{4e29979f-d70c-4055-b946-74b063aa6944}||(-default-)
    07:40 PM: Registry: HKEY_CLASSES_ROOT\interface\{4e29979f-d70c-4055-b946-74b063aa6944}\proxystubclsid||(-default-)
    07:40 PM: Registry: HKEY_CLASSES_ROOT\interface\{4e29979f-d70c-4055-b946-74b063aa6944}\proxystubclsid32||(-default-)
    07:40 PM: Registry: HKEY_CLASSES_ROOT\interface\{4e29979f-d70c-4055-b946-74b063aa6944}\typelib||(-default-)
    07:40 PM: Registry: HKEY_CLASSES_ROOT\interface\{4e29979f-d70c-4055-b946-74b063aa6944}\typelib||version
    07:40 PM: Registry: HKEY_CLASSES_ROOT\interface\{07b526e5-460b-4ba7-ae34-e6cbf37c5b96}\proxystubclsid
    07:40 PM: Registry: HKEY_CLASSES_ROOT\interface\{07b526e5-460b-4ba7-ae34-e6cbf37c5b96}\proxystubclsid32
    07:40 PM: Registry: HKEY_CLASSES_ROOT\interface\{07b526e5-460b-4ba7-ae34-e6cbf37c5b96}\typelib
    07:40 PM: Registry: HKEY_CLASSES_ROOT\interface\{07b526e5-460b-4ba7-ae34-e6cbf37c5b96}||(-default-)
    07:40 PM: Registry: HKEY_CLASSES_ROOT\interface\{07b526e5-460b-4ba7-ae34-e6cbf37c5b96}\proxystubclsid||(-default-)
    07:40 PM: Registry: HKEY_CLASSES_ROOT\interface\{07b526e5-460b-4ba7-ae34-e6cbf37c5b96}\proxystubclsid32||(-default-)
    07:40 PM: Registry: HKEY_CLASSES_ROOT\interface\{07b526e5-460b-4ba7-ae34-e6cbf37c5b96}\typelib||(-default-)
    07:40 PM: Registry: HKEY_CLASSES_ROOT\interface\{07b526e5-460b-4ba7-ae34-e6cbf37c5b96}\typelib||version
    07:40 PM: Cleaning Traces
    07:40 PM: Removing registry: HKEY_CLASSES_ROOT\interface\{e213cad6-f916-4400-a207-ae64ea512bd0}\typelib|| (version)
    07:40 PM: Removing registry: HKEY_CLASSES_ROOT\interface\{e213cad6-f916-4400-a207-ae64ea512bd0}\typelib
    07:40 PM: Removing registry: HKEY_CLASSES_ROOT\interface\{e213cad6-f916-4400-a207-ae64ea512bd0}\proxystubclsid32
    07:40 PM: Removing registry: HKEY_CLASSES_ROOT\interface\{e213cad6-f916-4400-a207-ae64ea512bd0}\proxystubclsid
    07:40 PM: Removing registry: HKEY_CLASSES_ROOT\interface\{e213cad6-f916-4400-a207-ae64ea512bd0}
    07:40 PM: Removing registry: HKEY_CLASSES_ROOT\interface\{d40485b7-0f8d-47a7-981b-62a95f506746}\typelib|| (version)
    07:40 PM: Removing registry: HKEY_CLASSES_ROOT\interface\{d40485b7-0f8d-47a7-981b-62a95f506746}\typelib
    07:40 PM: Removing registry: HKEY_CLASSES_ROOT\interface\{d40485b7-0f8d-47a7-981b-62a95f506746}\proxystubclsid32
    07:40 PM: Removing registry: HKEY_CLASSES_ROOT\interface\{d40485b7-0f8d-47a7-981b-62a95f506746}\proxystubclsid
    07:40 PM: Removing registry: HKEY_CLASSES_ROOT\interface\{d40485b7-0f8d-47a7-981b-62a95f506746}
    07:40 PM: Removing registry: HKEY_CLASSES_ROOT\interface\{ca8af479-390f-4eaa-91c4-eb551b6af6d7}\typelib|| (version)
    07:40 PM: Removing registry: HKEY_CLASSES_ROOT\interface\{ca8af479-390f-4eaa-91c4-eb551b6af6d7}\typelib
    07:40 PM: Removing registry: HKEY_CLASSES_ROOT\interface\{ca8af479-390f-4eaa-91c4-eb551b6af6d7}\proxystubclsid32
    07:40 PM: Removing registry: HKEY_CLASSES_ROOT\interface\{ca8af479-390f-4eaa-91c4-eb551b6af6d7}\proxystubclsid
    07:40 PM: Removing registry: HKEY_CLASSES_ROOT\interface\{ca8af479-390f-4eaa-91c4-eb551b6af6d7}
    07:40 PM: Removing registry: HKEY_CLASSES_ROOT\interface\{c904c3d4-2f82-4b00-924a-ae78720235d2}\typelib|| (version)
    07:40 PM: Removing registry: HKEY_CLASSES_ROOT\interface\{c904c3d4-2f82-4b00-924a-ae78720235d2}\typelib
    07:40 PM: Removing registry: HKEY_CLASSES_ROOT\interface\{c904c3d4-2f82-4b00-924a-ae78720235d2}\proxystubclsid32
    07:40 PM: Removing registry: HKEY_CLASSES_ROOT\interface\{c904c3d4-2f82-4b00-924a-ae78720235d2}\proxystubclsid
    07:40 PM: Removing registry: HKEY_CLASSES_ROOT\interface\{c904c3d4-2f82-4b00-924a-ae78720235d2}
    07:40 PM: Removing registry: HKEY_CLASSES_ROOT\interface\{a888a8b2-9cc2-40a3-a046-13ab9f391a02}\typelib|| (version)
    07:40 PM: Removing registry: HKEY_CLASSES_ROOT\interface\{a888a8b2-9cc2-40a3-a046-13ab9f391a02}\typelib
    07:40 PM: Removing registry: HKEY_CLASSES_ROOT\interface\{a888a8b2-9cc2-40a3-a046-13ab9f391a02}\proxystubclsid32
    07:40 PM: Removing registry: HKEY_CLASSES_ROOT\interface\{a888a8b2-9cc2-40a3-a046-13ab9f391a02}\proxystubclsid
    07:40 PM: Removing registry: HKEY_CLASSES_ROOT\interface\{a888a8b2-9cc2-40a3-a046-13ab9f391a02}
    07:40 PM: Removing registry: HKEY_CLASSES_ROOT\interface\{a4208e16-90de-4b5d-af16-018c6c4ef54b}\typelib|| (version)
    07:40 PM: Removing registry: HKEY_CLASSES_ROOT\interface\{a4208e16-90de-4b5d-af16-018c6c4ef54b}\typelib
    07:40 PM: Removing registry: HKEY_CLASSES_ROOT\interface\{a4208e16-90de-4b5d-af16-018c6c4ef54b}\proxystubclsid32
    07:40 PM: Removing registry: HKEY_CLASSES_ROOT\interface\{a4208e16-90de-4b5d-af16-018c6c4ef54b}\proxystubclsid
    07:40 PM: Removing registry: HKEY_CLASSES_ROOT\interface\{a4208e16-90de-4b5d-af16-018c6c4ef54b}
    07:40 PM: Removing registry: HKEY_CLASSES_ROOT\interface\{4e29979f-d70c-4055-b946-74b063aa6944}\typelib|| (version)
    07:40 PM: Removing registry: HKEY_CLASSES_ROOT\interface\{4e29979f-d70c-4055-b946-74b063aa6944}\typelib
    07:40 PM: Removing registry: HKEY_CLASSES_ROOT\interface\{4e29979f-d70c-4055-b946-74b063aa6944}\proxystubclsid32
    07:40 PM: Removing registry: HKEY_CLASSES_ROOT\interface\{4e29979f-d70c-4055-b946-74b063aa6944}\proxystubclsid
    07:40 PM: Removing registry: HKEY_CLASSES_ROOT\interface\{4e29979f-d70c-4055-b946-74b063aa6944}
    07:40 PM: Removing registry: HKEY_CLASSES_ROOT\interface\{07b526e5-460b-4ba7-ae34-e6cbf37c5b96}\typelib|| (version)
    07:40 PM: Removing registry: HKEY_CLASSES_ROOT\interface\{07b526e5-460b-4ba7-ae34-e6cbf37c5b96}\typelib
    07:40 PM: Removing registry: HKEY_CLASSES_ROOT\interface\{07b526e5-460b-4ba7-ae34-e6cbf37c5b96}\proxystubclsid32
    07:40 PM: Removing registry: HKEY_CLASSES_ROOT\interface\{07b526e5-460b-4ba7-ae34-e6cbf37c5b96}\proxystubclsid
    07:40 PM: Removing registry: HKEY_CLASSES_ROOT\interface\{07b526e5-460b-4ba7-ae34-e6cbf37c5b96}
    07:40 PM: Removing registry: HKEY_LOCAL_MACHINE\software\classes\interface\{e213cad6-f916-4400-a207-ae64ea512bd0}\typelib|| (version)
    07:40 PM: Removing registry: HKEY_LOCAL_MACHINE\software\classes\interface\{e213cad6-f916-4400-a207-ae64ea512bd0}\typelib
    07:40 PM: Removing registry: HKEY_LOCAL_MACHINE\software\classes\interface\{e213cad6-f916-4400-a207-ae64ea512bd0}\proxystubclsid32
    07:40 PM: Removing registry: HKEY_LOCAL_MACHINE\software\classes\interface\{e213cad6-f916-4400-a207-ae64ea512bd0}\proxystubclsid
    07:40 PM: Removing registry: HKEY_LOCAL_MACHINE\software\classes\interface\{e213cad6-f916-4400-a207-ae64ea512bd0}
    07:40 PM: Removing registry: HKEY_LOCAL_MACHINE\software\classes\interface\{d40485b7-0f8d-47a7-981b-62a95f506746}\typelib|| (version)
    07:40 PM: Removing registry: HKEY_LOCAL_MACHINE\software\classes\interface\{d40485b7-0f8d-47a7-981b-62a95f506746}\typelib
    07:40 PM: Removing registry: HKEY_LOCAL_MACHINE\software\classes\interface\{d40485b7-0f8d-47a7-981b-62a95f506746}\proxystubclsid32
    07:40 PM: Removing registry: HKEY_LOCAL_MACHINE\software\classes\interface\{d40485b7-0f8d-47a7-981b-62a95f506746}\proxystubclsid
    07:40 PM: Removing registry: HKEY_LOCAL_MACHINE\software\classes\interface\{d40485b7-0f8d-47a7-981b-62a95f506746}
    07:40 PM: Removing registry: HKEY_LOCAL_MACHINE\software\classes\interface\{ca8af479-390f-4eaa-91c4-eb551b6af6d7}\typelib|| (version)
    07:40 PM: Removing registry: HKEY_LOCAL_MACHINE\software\classes\interface\{ca8af479-390f-4eaa-91c4-eb551b6af6d7}\typelib
    07:40 PM: Removing registry: HKEY_LOCAL_MACHINE\software\classes\interface\{ca8af479-390f-4eaa-91c4-eb551b6af6d7}\proxystubclsid32
    07:40 PM: Removing registry: HKEY_LOCAL_MACHINE\software\classes\interface\{ca8af479-390f-4eaa-91c4-eb551b6af6d7}\proxystubclsid
    07:40 PM: Removing registry: HKEY_LOCAL_MACHINE\software\classes\interface\{ca8af479-390f-4eaa-91c4-eb551b6af6d7}
    07:40 PM: Removing registry: HKEY_LOCAL_MACHINE\software\classes\interface\{c904c3d4-2f82-4b00-924a-ae78720235d2}\typelib|| (version)
    07:40 PM: Removing registry: HKEY_LOCAL_MACHINE\software\classes\interface\{c904c3d4-2f82-4b00-924a-ae78720235d2}\typelib
    07:40 PM: Removing registry: HKEY_LOCAL_MACHINE\software\classes\interface\{c904c3d4-2f82-4b00-924a-ae78720235d2}\proxystubclsid32
    07:40 PM: Removing registry: HKEY_LOCAL_MACHINE\software\classes\interface\{c904c3d4-2f82-4b00-924a-ae78720235d2}\proxystubclsid
    07:40 PM: Removing registry: HKEY_LOCAL_MACHINE\software\classes\interface\{c904c3d4-2f82-4b00-924a-ae78720235d2}
    07:40 PM: Removing registry: HKEY_LOCAL_MACHINE\software\classes\interface\{a888a8b2-9cc2-40a3-a046-13ab9f391a02}\typelib|| (version)
    07:40 PM: Removing registry: HKEY_LOCAL_MACHINE\software\classes\interface\{a888a8b2-9cc2-40a3-a046-13ab9f391a02}\typelib
    07:40 PM: Removing registry: HKEY_LOCAL_MACHINE\software\classes\interface\{a888a8b2-9cc2-40a3-a046-13ab9f391a02}\proxystubclsid32
    07:40 PM: Removing registry: HKEY_LOCAL_MACHINE\software\classes\interface\{a888a8b2-9cc2-40a3-a046-13ab9f391a02}\proxystubclsid
    07:40 PM: Removing registry: HKEY_LOCAL_MACHINE\software\classes\interface\{a888a8b2-9cc2-40a3-a046-13ab9f391a02}
    07:40 PM: Removing registry: HKEY_LOCAL_MACHINE\software\classes\interface\{a4208e16-90de-4b5d-af16-018c6c4ef54b}\typelib|| (version)
    07:40 PM: Removing registry: HKEY_LOCAL_MACHINE\software\classes\interface\{a4208e16-90de-4b5d-af16-018c6c4ef54b}\typelib
    07:40 PM: Removing registry: HKEY_LOCAL_MACHINE\software\classes\interface\{a4208e16-90de-4b5d-af16-018c6c4ef54b}\proxystubclsid32
    07:40 PM: Removing registry: HKEY_LOCAL_MACHINE\software\classes\interface\{a4208e16-90de-4b5d-af16-018c6c4ef54b}\proxystubclsid
    07:40 PM: Removing registry: HKEY_LOCAL_MACHINE\software\classes\interface\{a4208e16-90de-4b5d-af16-018c6c4ef54b}
    07:40 PM: Removing registry: HKEY_LOCAL_MACHINE\software\classes\interface\{4e29979f-d70c-4055-b946-74b063aa6944}\typelib|| (version)
    07:40 PM: Removing registry: HKEY_LOCAL_MACHINE\software\classes\interface\{4e29979f-d70c-4055-b946-74b063aa6944}\typelib
    07:40 PM: Removing registry: HKEY_LOCAL_MACHINE\software\classes\interface\{4e29979f-d70c-4055-b946-74b063aa6944}\proxystubclsid32
    07:40 PM: Removing registry: HKEY_LOCAL_MACHINE\software\classes\interface\{4e29979f-d70c-4055-b946-74b063aa6944}\proxystubclsid
    07:40 PM: Removing registry: HKEY_LOCAL_MACHINE\software\classes\interface\{4e29979f-d70c-4055-b946-74b063aa6944}
    07:40 PM: Removing registry: HKEY_LOCAL_MACHINE\software\classes\interface\{07b526e5-460b-4ba7-ae34-e6cbf37c5b96}\typelib|| (version)
    07:40 PM: Removing registry: HKEY_LOCAL_MACHINE\software\classes\interface\{07b526e5-460b-4ba7-ae34-e6cbf37c5b96}\typelib
    07:40 PM: Removing registry: HKEY_LOCAL_MACHINE\software\classes\interface\{07b526e5-460b-4ba7-ae34-e6cbf37c5b96}\proxystubclsid32
    07:40 PM: Removing registry: HKEY_LOCAL_MACHINE\software\classes\interface\{07b526e5-460b-4ba7-ae34-e6cbf37c5b96}\proxystubclsid
    07:40 PM: Removing registry: HKEY_LOCAL_MACHINE\software\classes\interface\{07b526e5-460b-4ba7-ae34-e6cbf37c5b96}
    07:40 PM: Removing registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{abdf3701-f340-4135-ac07-153d52cdb4a7}\versionindependentprogid
    07:40 PM: Removing registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{abdf3701-f340-4135-ac07-153d52cdb4a7}\typelib
    07:40 PM: Removing registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{abdf3701-f340-4135-ac07-153d52cdb4a7}\progid
    07:40 PM: Removing registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{abdf3701-f340-4135-ac07-153d52cdb4a7}\localserver32
    07:40 PM: Removing registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{abdf3701-f340-4135-ac07-153d52cdb4a7}\implemented categories\{7dd95802-9882-11cf-9fa9-00aa006c42c4}
    07:40 PM: Removing registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{abdf3701-f340-4135-ac07-153d52cdb4a7}\implemented categories\{7dd95801-9882-11cf-9fa9-00aa006c42c4}
    07:40 PM: Removing registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{abdf3701-f340-4135-ac07-153d52cdb4a7}\implemented categories
    07:40 PM: Removing registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{abdf3701-f340-4135-ac07-153d52cdb4a7}|| (appid)
    07:40 PM: Removing registry: HKEY_LOCAL_MACHINE\software\classes\clsid\{abdf3701-f340-4135-ac07-153d52cdb4a7}
    07:40 PM: Removal process completed. Elapsed time 00:00:04
    1 items (158 traces) quarantined.
     
    chriscsugaree, Oct 21, 2004
    #5
  6. superwelder

    superwelder Private E-2

    having same problem win98se,cws_ns3 and exactly 158 traces started after i upgraded ss.tried everything,spybot adaware cw shredderall negative only sweeper finds it .I did notice it only removes 89 traces of the 158.best of luck
     
    superwelder, Oct 22, 2004
    #6
  7. chriscsugaree

    chriscsugaree Private E-2

    For me, spy sweeper removes all 158 traces but all 158 are back upon reboot.
     
    chriscsugaree, Oct 22, 2004
    #7
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    chaslang, Oct 23, 2004
    #8
  9. chriscsugaree

    chriscsugaree Private E-2

    I do not know if this will help anybody but here goes.

    I ran spy sweeper in safe mode but found nothing. I downloaded all the tools from the "DO NOT POST UNTIL YOU HAVE READ THIS: How to: Spyware, Trojan And Virus Removal" post and ran all of them except hsremove because it will not run on win98. I did the online scans at Trend Micro and Symantec and found nothing. I checked out the "When all else fails - Generic Solution to HSA (Only the Best) & About:Blank hijack" post but nothing. I ran HijachThis! and used TonyK's BHO & Toolbar List to remove a few things but the 158 traces were still there. I ran HJTHotkey but nothing. Earlier today I even disconnected my internet connection and did another reformat and re-install but that did not work either.

    Then I tried the "a website located here" link in message "NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting" and I analyzed the HijackThis! log. The I opened my "startups_all" file that I download regularly from pacmans. From my analyzed HijackThis log and the "startups_all" file I noticed that the program CFD.exe was listed as harmless but unneccessary. With nothing to lose I used the system configuration utility to uncheck and stop CFD.exe from loading at startup and then rebooted.

    After rebooting I ran spy sweeper and got a clean scan. To make sure I re-added CFD.exe to the startups, rebooted and ran spy sweeper and all 158 traces were back. I again stopped it from loading at startup and again got a clean spy sweeper scan. This is strange because CFD.exe is a program from my dsl cd. It makes no sense to me but it appears that I am no longer infected by CWS_NS3.

    I wanted to mention this in case this could also be superwelder's or lucius' problem, and if so then so they could solve it as I have. And although these steps did not help in this case I still wanted to say thank you to Major Attitude, lucius and superwelder for all your efforts and your willingness to lend me a helping hand. Especially to Major Attitude, you probably help a lot of members here and do not hear this enough: Your help is appreciated. Thank you.

    chriscsugare
     
    chriscsugaree, Oct 23, 2004
    #9
  10. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    This CFD.EXE program has appear in several hundred logs. I have questioned why Southern Bell (in most cases it is SB) keeps using this crap. See this http://www.answersthatwork.com/Tasklist_pages/tasklist_b.htm and scroll down to BJCFD.exe.

    I have in some case had people remove these lines (there are other related lines too). Some people do not want to remove them for fear of breaking there connections. However, I have never seen anything related to CWS_NS3 related to this before. It could be that something on your system is configure differently. I don't think it is a real CWS_NS3 infection, it just appears that way to SpySweeper for some reason. That being said this crap from Broadjump is probably not necessary and many people treat it as spyware (see the link above)
     
    chaslang, Oct 23, 2004
    #10
  11. chriscsugaree

    chriscsugaree Private E-2

    I am still trace free and I am having no problem with my connection without CFD.EXE. I am only waiting till Monday to completely uninstall it, just after I call SBC and complain.
     
    chriscsugaree, Oct 23, 2004
    #11
  12. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Make sure you read the link I gave you for some additional ammo!
     
    chaslang, Oct 23, 2004
    #12
  13. superwelder

    superwelder Private E-2

    thanks for the advice i removed the program and so far so good no cws and no connection problems.Thank you all again.
     
    superwelder, Oct 24, 2004
    #13
  14. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome. If you do call them up, I would like to hear there explanation for using this crap and why it needs to run by default. If it is for diagnosis, it should only be run when having a problem. And what about the fact that it appears to collect information about you.
     
    chaslang, Oct 24, 2004
    #14
  15. chriscsugaree

    chriscsugaree Private E-2

    My slip. Reading my replies on this thread I realized I had not said thank you to you chaslang. I do not want you to think I do not appreciate your efforts to help. So let me say it now. Thank you chaslang for your efforts to help me and the other members who had cws_ns3 probs relating to this thread. Just so you know, they are appreciated.

    If I hear anything useful from sbc when I call and complain I will add it here but from my experience with them I will probably only get excuses. Their connection is good but their tech service sucks.
     
    chriscsugaree, Oct 25, 2004
    #15
  16. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome to Chris. If you do hear anything, let us know. Even if it is BS.
     
    chaslang, Oct 25, 2004
    #16
  17. asada

    asada Private E-2

    To remove cws_ns3 permanetly first turn off system restore (thats one of the reasons it always comes back) then go to run and type Regedit. Then click these in the following order my computer, Hkey_local_machine, software, microsoft, windows, current version, and finally uninstall. Once there delete all the files that have a name with only two or three letters (this will delete traces even spyware removal programs cannot find). Once they are all deleted restart your computer and cws_ns3 should not come back.
     
    asada, Feb 2, 2005
    #17
  18. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member


    This is a very old thread that has already been resolved. You also need to read our sticky threads. All of the above is already covered in many places.

    And just doing that alone will not fix HSA hijacks.
     
    chaslang, Feb 2, 2005
    #18

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds