Does BoClean take care of the CWS_NS3 Hijacker?

Hi,

The folks at Broadband seem to claim that their product, BoClean, can successfully detect and remove the CWS_NS3 Hijacker.

Any truth to this?

thanks ahead of time for any replies,

Larium

 

Lol

I am way to dumb to be anyone's beta tester. Im not throwing in the towel yet and I dont want to shell out 40 duckets. Those peeps over there that claim it works, at least in the thread that i was reading, helped make it so of course Im going to be a little skeptical. If they are as crooked as McAffee (which tried to charge me to remove their botched software from my comp!) I cant take anything they say too seriously.

My comp has other issues as well, such as the 16 bit and svchost32 windows that keep popping up every 4 mins and 40 secs so Im wondering if it may be just easier to format and recover...reinstall. I did read the post here (or maybe it was at dslreports/ broadband) about when you should and shouldnt re-install.

thanks for the reply,
Larium

 

Im multitasking.

Seriously though, I get your point and I appreciate the time and effort (and patience) you guys put into this site to help peeps for free.

I am trying to resolve 2 issues at once....my hijacker/ homepage issues and my recurring 16 bit/ 32 svchost windows issue. I will stay focused in each thread.

Thanks again,
Larium

 

I have completed all of those steps (all day today) leading up to the Hijackthis process as its rather intimidating to a newb like me, especially in those instructions when you say step 7-9 (?) thing start to get tricky. Lol most of those steps are tricky as I cant tell the difference between hijacker lines and regular lines. However, I will print out those instructions, spend some time on them and post in the future as it looks like that maybe the last resort.

The only step I didnt take was to use AboutBuster as I read in another of my threads from you or another expert here that that particular program would "probably" only fix it temporarily.

Thanks,
Larium

 

Yes I am talking about your Generic Solution thread. I will study the Hijackthis tutorial and download the program (per their instructions) and completley go through the entire removal process again and post my log if need be.

thanks,
Larium

 

HSA.......Gone! but CWS_NS3 remains.....they are 2 separate parasites arent they?

At least it looks that way after 4 reboots.

Here's what I did:

I followed the directions in your basic spyware removal thread up until the running of the Hijackthis part as I wasnt thrilled about running a program that was complex.

However, your directions and the tutorial are fairly clear (as is the actual program) and I ended up having Hijackthis fix/ delete the blatantly obvious 5-6 lines in my log (R1, R0 lines with "about blank" in them and some others). I also was NOT doing this Hijackthis log in safe mode but I did close as many programs as I could.

After I ran this I checked out my add/remove window and "Home Search Assistent" and "Shopping Wizzard" were gone.

Nor am I getting a redirected homepage.

Ad Aware and Spysweeper are still detecting CWS_NS3 however.

BOClean doesnt work by the way for CWS_NS3

Do the same removal steps that apply to HSA also apply to CWS?

Thanks again for your extremely helpful site!

 

Ok.

Again I went thru the basic spyware, virus removal steps and cant get the Coolwebsearch remmnants off my comp.

My homepage isnt getting redirected or anything and I cant notice any symptoms but Ad Aware does pick up Coolwebsearch when I scan for ADS.

I have read the Hijackthis tutorial and have visited all the sites you mention for helping analyse Hijackthislogs and I did remove the about blank parasite but I have a few questions regarding a couple lines (02 and 04) in my hijackthis log.....

02 line didnt come up in the search at Tony's Bho list. The line also has "(no name)" and "(file missing)".

One particular 04 line I know is tainted because Norton Anti-virus alerts me about "suspect script" on startup and identifies this file as the culprit (but unfortunately Norton doesnt give me the option of removing it)

Im not giving up on solving this problem as Im gaining progress and learning.

What should I do next please?

Thanks ahead of time for any replies

 

Well it seems I have finally rid my system of any Coolwebsearch crap that Ive been attacking for the past 4 days.....although Im crossing my fingers and will give it another 24 hours and a few more reboots and scans.

Here's what I have done in the past few hours to seemingly make it disappear:

Followed all the steps in the Basic removal of tojans, spyware, etc. thread posted by Mr Attitude.

Followed all the steps in the HSA guide up until the part where you run Notepad.

I basically just ran Hijackthis in safemode and normal mode (logs never changed), used the link to the website Major Attitude included in the Hijackthis tutorial called "website located here" (ULTRA HELPFULL), had the site identify everything for me, then ran Hijackthis again and fixed 6 out of 7 lines......R0,R1,02,04 lines were deleted but one 04 line couldnt be deleted (and by deleted I mean checking the box in Hijackthis and having the program fix it) That particular line that I cant delete says this in the log:

04- Startup: system[1].exe.js

That is also the same file name that Norton auto protect identifies when I boot but only allows me to "stop" the script but doesnt give me the option of removing it. Good news though is that it doesnt appear to be part of CWS as CWS hasnt shown up yet after a reboot and scans by Ad Aware and Spysweeper.

Ill post again to update....any feedback on how I can remove the 04 line would be great.

Thanks for getting me this far.

Larium