Help I have CoolwwwSearch redirect problem

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by momofthree, Dec 2, 2004.

Page 2 of 2
  1. momofthree

    momofthree Private E-2

    Hi pp The instructions were not clear for me I went to the etc and right clicked and the open with was not an option I only had an OPEN option so today I click that and it opened a list of option for me to use to open the file. I scrolled dwn to and clicked notepad. All this was done in norm mode and on the first host file of the list. I have 8 items that start with a no.(i think it is my isp no.) and the list is as follows
    w ww.igetnet.com
    code ignphase.com
    clear zsearch.com
    RL.clrsch.com
    status clrsch.com
    www. clrschr.com etc etc etc.
    # start of entries inserted by spybot
    #End of entries inserted by spybot
    end report is repeated 6 tx's I then clicked on one of the other host files and it said ***** just what we have be fighting all of the 69.20.16 were there and most of the host files contained the 69.20.16.183 ie autosearch. should I delete these that are in etc folder?
     
    momofthree, Dec 6, 2004
    #51
  2. PhilliePhan

    PhilliePhan Guest

    Hi Mo3,

    Do not delete anything yet.

    I just want to make certain (since this is so out of the ordinary!) and clarify that when you look inside the ETC folder at the end of this path:

    C:\WINDOWS\SYSTEM32\DRIVERS\ETC

    you see 30 Separate Files labeled "Hosts".

    There should only be 1 Hosts file in the ETC Folder.

    Chas and I are keeping our eyes open for a fix. I think that all we can really do right now is wait and see. But, let me know about the above. There may be a few things that we can try.

    PP :)
     
    PhilliePhan, Dec 6, 2004
    #52
  3. momofthree

    momofthree Private E-2

    Everytime I hit reply another web page opens over this one. Just thought you might need to know that. I just went into c,windows,system32,drivers and etc. and now there are 32 items in there the first is hosts and then 28 that look like this hosts. 20041202-212818.backup and then Imhosts Sam, networks, protocol, services. thats what is in there!
     
    momofthree, Dec 6, 2004
    #53
  4. PhilliePhan

    PhilliePhan Guest

    Hi MO3,

    Were you able to download Hoster ? The links Chas and I gave should be OK.

    Don't know if it will work, but perhaps we can delete all of the Hosts files, Fix the bad entries with HJT, use Hoster to restore the Hosts file and make it read only.

    The only problem is that this particular malware may rip right through that and put us back where we started.

    PP :)
     
    PhilliePhan, Dec 6, 2004
    #54
Page 2 of 2

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds