How do I get rid of Coolwebsearch!!!

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by Fosdyke, Nov 2, 2004.

  1. Fosdyke

    Fosdyke Private E-2

    I am struggling to get rid of Coolwebsearch - can anyone give me any advice please.

    I have labouriously gone through the 'read first before asking....' section, downloaded all the software, done all the on-line scans, run all the software exactly according to instructions - detected and removed various bits of adware (including coolwebsearch), emptied the bin, restarted, left the room turned round 3 times and not come back in until invited. And still I can't get rid of the wretched thing!!!!!! I will spend no more than 5 minutes on the web and hey presto it's back again.

    I have run 'Hijackthis' and studied the log, but can't find anything out of the ordinary, I have searched and removed any registry entries relating to 'coolwebsearch', installed and run virtually every bit of ad-removal software I can find, but like the proverbial bad penny up it pops again.

    So before I take the computer outside pour petrol over it and light the match, then leaving to take up life as a trappist monk, I thought I would ask you guys if you can help - please!!!

    :confused:
     
    Fosdyke, Nov 2, 2004
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    If you have run ALL the steps in the READ ME FIRST then you should read the tutorial in this Sticky thread NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

    Now post a HijackThis as a .txt file attachment to your message. All running programs should be closed, including your web browser, e-mail. Close before running Hijack This!

    Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file. Place it in its own folder, for example C:\Program Files\HJT

    Make sure you have HJT Version 1.98.2 and follow the guideline on where to install it and how to post a log as an attachment.
     
    chaslang, Nov 2, 2004
    #2
  3. Fosdyke

    Fosdyke Private E-2

    Thanks for the quick response.

    Attached is my Hijackthis log.
     

    Attached Files:

    Fosdyke, Nov 2, 2004
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Is Freeserve your ISP? Are the lines below valid?
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Freeserve
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://www-cache.freeserve.com:8080;ftp=http://www-cache.freeserve.com:8080



    Make sure you have system restore disabled and viewing of hidden files enabled.


    Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    O2 - BHO: (no name) - {55DEE593-7909-3450-F015-41F3C20541E8} - (no file)
    O2 - BHO: BHO Class - {CBEFB350-ED5B-4115-B846-C1041676B377} - C:\WINDOWS\System32\CustomIE32.dll
    O21 - SSODL: eplrr - {2605413A-9C13-454C-B36F-27EF8D88BF6F} - C:\WINDOWS\System32\eplrr3.dll


    Boot into safe mode and use Windows Explorer to delete:
    C:\WINDOWS\System32\CustomIE32.dll
    C:\WINDOWS\System32\eplrr3.dll


    No reboot in normal mode and post a new HJT log. And tell us how things are working.
     
    chaslang, Nov 2, 2004
    #4
  5. Fosdyke

    Fosdyke Private E-2

    Thanks for looking at the log. I was a bit suspicious about the last entry myself.

    I have fixed the items listed although I couldn't find CustomIE32.dll which was odd. I attach the new log, although interestingly I had picked up another bum entry in the Log (which I have removed prior to saving this log). In the meantime I will see if Coolwebsearch has gone!

    Cheers
     

    Attached Files:

    Fosdyke, Nov 3, 2004
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Your log looks clean! Any other problems?
     
    chaslang, Nov 3, 2004
    #6

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds