Re: Dodgy Desktop!
From: Marko (Marko_at_mmct.net)
Date: Fri, 31 Dec 2004 13:23:17 -0500
you seem to know them all, my nephew is stuck with the "coolbar
toolbar". I found references that made me think it was a variant of
CoolWebSearch but CWShredder didn't work (nor adaware or spybot). Any ideas?
> ineptitude wrote:
>>AAARGH! Me too!
>>Right-clicking does nothing for me, and double-clicking them opens
>>links to either online casinos or "lop.com" which is a rather dodgy
>>search engine, apparently.
>>I suspect some foul play from a naive fellow user, but one can never
>>be too sure.
>>Connected with this "lop.com/search" -thing is also a toolbar i can't
>>seem to shake.
>>Indeed, if ANYONE has answers i'd be much obliged.
> For both you and David - yes, you have malware on your computers. Spybot
> is great, but you need more. Here are malware removal steps. Do all
> scans with updated tools in Safe Mode.
> 1) Scan in Safe Mode with current version (not earlier than 2003)
> antivirus using updated definitions.
> 2) Remove spyware with Spybot Search & Destroy and Ad-aware. These
> programs are free, so use them both since they complement each other.
> There is a new version of CWShredder from Intermute. I would not
> install the other Intermute programs, however. Alternately, there are
> CoolWebSearch malware removal steps at SilentRunners.
> Be sure to update these programs before running, and it is a good idea
> to do virus/spyware scans in Safe Mode. Make sure you are able to see
> all hidden files and extensions (View tab in Folder Options).
> HijackThis is an excellent tool to discover and disable hijackers, but
> it requires expert skill. See below for HijackThis links. A combination
> of HijackThis and About:Buster works well in removing the About:Blank
> homepage hijacker. Again, this is an expert tool and novices should get
> help with it.
> 3) If you are running Windows ME or XP, you should disable/enable System
> Restore because malware will be in the Restore Points. With ME, you
> must disable System Restore completely. With XP, you can delete all but
> the most recent (presumably clean) System Restore point from the More
> Options section of Disk Cleanup (Run>cleanmgr).
> 4) Make sure you've visited Windows Update and applied all security
> patches. Do not install driver updates from Windows Update.
> 5) Run a firewall.
> Links to help with malware:
> http://www.safer-networking.org - Spybot Search & Destroy
> http://www.lavasoftusa.com - Ad-aware
> http://www.majorgeeks.com - good download site
> http://www.silentrunners.org/sr_cwsremoval.html. - SilentRunners
> http://www.aumha.org/a/hjttutor.htm - HijackThis tutorial by Jim
> http://spywarewarrior.com/viewforum.php?f=5 - Spyware Warrior HijackThis
> http://forum.aumha.org/ - look under "Security" for various forums
> http://www.aumha.org/a/parasite.htm - The Parasite Fight
-- Marko Jotic "Common sense is anything but common". From the notebooks of Lazarus Long. Robert A. Heinlein. Handmade knives, antique designs, exotic materials at http://www.knifeforging.com/