How do I get rid of CoolWebSearch trojan?

Please follow the steps below:

- Run ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal

Make sure you check version numbers and get all updates.

- Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.


After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps below:

- Download HijackThis 1.99.1

- Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

- Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file.

- Before running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

- Run HijackThis and save your log file.

- Post your log as an ATTACHMENT to your next message. (Do NOT copy/paste the log into your post).

 

It may or may not fix the problem. You need to restore to a time frame when the PC was clean (not always easy to know). Don't forget restoring to an older date restores the registry to that point in time which means anything you installed or tweaked that is saved in the registry after that date is lost too. I'm not trying to talk you out of it, I'm just informing you of possible other consequences. Choosing a restore point could also bring back old problems that may have been cleaned in the past. The choice is yours.

 

We are a long way from having to worry about formatting.

You have a SE.DLL type hijacker (another form of about:blank).

Please download this file: SpSeHjfix109

Unzip it to your desktop or to a folder.

Boot into Safe Mode

Start SpSeHjfix, click on " Desinfecton starten" (the other button means close) then it will reboot and finish the cleaning.

Run SpSeHjfix one more time.

Reboot in Normal mode.

Run HijackThis again and post a new log. Also post the log from SpSeHjfix, the log should be on your desktop or the same folder as SpSeHjfix. And finally tell me how things are working.

 

The log will be wherever you installed the program. Did you install it to your Desktop?

Did you extract the executable file from the SpSeHjfix109 zip file and then run it? Did you actually see it run okay?

Have HJT fix the below lines (but close ALL browsers before clicking Fix):


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\se.dll/space.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\se.dll/space.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
F3 - REG:win.ini: load=????

No reboot and post a new HJT log.

 

If the se.dll lines come back after doing what I said in my previous message then follow the steps below.

Download: "StartDreck", from here: http://www.niksoft.at/download/startdreck.htm
Look to the bottom of that page and click the Download link. It should give your StartDreck217.zip

Unzip to its own folder and start the program,
Press 'Config'
Press 'Unmark All'
Check the following boxes only:
Registry -> Run Keys
System/drivers> Running processes
Press 'Ok'
Press 'Save' and select the location to save the log file
(default is the same folder as the application)

Please attach the log in this thread.

 

You're welcome Monica. Let me know if it comes back or not. If it remains clean, you should continue on to the below:

How to Protect yourself from malware!