Annoying, unremovable spyware.

Remove all ads!

For those of you wondering, yes, there is sometimes spyware that is totally unremovable. I'm currently battling, and loosing, against a nasty piece of work called coolweb search. The problem is that the primary file gets loaded onto your drive, somehow, and will not be detected. It then installs secondary files, at a regular rate. When you run ad-aware etc, you only ever kill the secondary files. The primary is never killed off, so you are always infected.

Things like this really p*** me off. And there is nothing that can be doen, AFAIK. I'm trying a possible solution I found on the net, but I didnt find the file that was initially suggested I would find. As such, I cant finish their solution.

Anyone out there managed to deal with this bugger? If so, how did you manage it, short of a full re-format. Also, anyone feel free to share your tales of woe at the hands of these.... *censored*

 

Read the first post by Tea in this thread

Link

I've not come across the particular piece of evilness you've been blighted with, so I can't say for sure if the safe mode method will work, but I have got rid of one or two other mysteriously recurring infections that way.

Good luck.

 

From the link:

Why not run it from the icon?

(Sorry, Takara, I know this doesn't help your immediate problem, but I'm curious.)

 

This sort of thing is why you really need to have a good firewall.

If you know the filename, you should be able to delete it via a command prompt.

 

I believe that removal of this requires deletion of both the offending file AND the corresponding registry entries. I think that so long as the registry entries remain, it will keep coming back. The trick is making sure you delete the right registry entries without stuffing up your operating system.

A complete re-install is not such a bad idea. It may seem like a major hassle but it may be less of a hassle than clearing up ALL the malware that has infected your PC. Plus, you will clear a load of other junk of your harddrive too that you don't need and make a nice fresh start with an ironclad firewall.

 

I think his point is that you shouldn't run IE at all. If you're at all concerned about malware that is.

 

I was spwware free, 'till I booted up IE for a brief check. In the first 5 seconds I got hit. Hate that thing. I'm getting McAfee firewall in the post, and am going to do a re-format when it arrives. I'm aiming to turn my PC into fort knox.

 

I just reformated cuz of some spyware that got on my computer and couldn't get it off. I bought an ethernet adapter and router. I also have Norton firewall and antivirus, so I am pretty nicely protected now

 

That does sound good. I used to be a network with a firewalled router at the start of the line. I never had any problems, unless I istalled something with adware in it. (dodgy codex bundles spring to mind)

Edit: After running Ad-aware about a dozen times in the last 32 hours and killing off every registry entry, and file that was repeatedly thrown up at me, I *repeatedly touch wood* think I've finally killed it. I'm not sure if I was killing the registry entries before it could make enough more... but I've had my PC on all evening, and the last scan came up empty. Now if I can find a way to stop these same 6 tracking cookies from appearing...

[ September 22, 2004, 01:24: Message edited by: Takara ]

 

Try what I did: use your old computer to surf the Net. BTW, If you do this and transfer files using floppys, USB keys, or CD - RW then be careful because I once had a file hijack Nero ( my burning software ) and write itself, thus surviving a HDD format. Or, use Macs.

 

I hate to repeat myself, but use Mozilla or Opera and avoid many future problems.

"Security through obscurity"

 

When my brother bought his first computer and unleashed himself upon the hapless internet, I knew right away that I would hear the distant ringing...of my telephone. "help me with this, help me with that, and what the &%#$ did I do that caused this"

My brother became infested with that coolwebserach crap and it took every bit of evil patience in my spinal cord to take care of that problem..

Remove all temporary internet files in user folder and in windows folders.
Remove all cookies. all, cookies.
All offlne content needs to go, clean clean clean.
Clear all offending items from the registry.
A google search for the afflictions registry key information wouldn't be too hard. I dont remember them right off of hand.
Do not turn off your computer or reboot.
Install Norton (preferably) Internet Security. It detects all of that crap. Make sure it is updated.

We did this and it found all of the coolwebsearch stuff and others that ad-aware hadn't even been detecting.

 

the IT department of my school offers a pretty good antispyware called "spybot search and destroy". Follow the link provided by Equester below.

Previously, i use IE as by default browser and use netscape all the time. Lazy method gave me flawed result, but that's the easiest way i can think of.

[ October 03, 2004, 21:33: Message edited by: teekc ]

 

Spybot search and destroy is free for all.
you can get it here http://www.safer-networking.org/en/download/index.html

 

SpyBot is nice, but it's not as good as SpySweeper.

I'd sooner die than switch to a Mac-In-The-Trash!

 

Spy sweeper sucks. But hey, maybe I'm biased against a company that sends a free trial version, only to find that it is expired as soon as you try to run it.

 

@ kitrax:
I see by that that you have never used one. When was your last system crash? Your last security problem? Your last virus? This thread's owner would not have started it if he used one.

So you dont think I'm biased, I use both, and if games for mac were cheaper and macs themselves were similarly priced I would only use one.

 

There is a utility designed to get rid of cool web search specefically. Google for cool web shredder.

 

Here's what I do: I use the search files command and try to find the primary (and secondary) source files. Usually you can limit the search with the "created between" option to a day or two because you know when you got hijacked. Then go through the list and check each item. If suspicious, make note of it. Strange files with .exe extensions are highly suspicious (good candidate for the primary file that runs itself to make the secondary ones). And they should be in your C or CWINDOWS folder (that's the default) but you may have changed this. The point of this isn't so much that you can delete it directly, but it is to figure out the file's name.

Once you know the name of the file from that, it is much easier. You can try searching the registry (run regedit) for the file and delete all those entries. If that still doesn't work, you could do a net search on the file name and find a solution that way.

 

Format, it is not difficult and it gets rid of absolutely everything. Just up your important files to some webspace.