Re: Dodgy Desktop!

From: Marko (Marko_at_mmct.net)
Date: 12/31/04


Date: Fri, 31 Dec 2004 13:23:17 -0500

you seem to know them all, my nephew is stuck with the "coolbar
toolbar". I found references that made me think it was a variant of
CoolWebSearch but CWShredder didn't work (nor adaware or spybot). Any ideas?

Malke wrote:

> ineptitude wrote:
>
>
>>AAARGH! Me too!
>>Right-clicking does nothing for me, and double-clicking them opens
>>links to either online casinos or "lop.com" which is a rather dodgy
>>search engine, apparently.
>>I suspect some foul play from a naive fellow user, but one can never
>>be too sure.
>>Connected with this "lop.com/search" -thing is also a toolbar i can't
>>seem to shake.
>>Indeed, if ANYONE has answers i'd be much obliged.
>
>
> For both you and David - yes, you have malware on your computers. Spybot
> is great, but you need more. Here are malware removal steps. Do all
> scans with updated tools in Safe Mode.
>
> 1) Scan in Safe Mode with current version (not earlier than 2003)
> antivirus using updated definitions.
>
> 2) Remove spyware with Spybot Search & Destroy and Ad-aware. These
> programs are free, so use them both since they complement each other.
> There is a new version of CWShredder from Intermute. I would not
> install the other Intermute programs, however. Alternately, there are
> CoolWebSearch malware removal steps at SilentRunners.
>
> Be sure to update these programs before running, and it is a good idea
> to do virus/spyware scans in Safe Mode. Make sure you are able to see
> all hidden files and extensions (View tab in Folder Options).
>
> HijackThis is an excellent tool to discover and disable hijackers, but
> it requires expert skill. See below for HijackThis links. A combination
> of HijackThis and About:Buster works well in removing the About:Blank
> homepage hijacker. Again, this is an expert tool and novices should get
> help with it.
>
> 3) If you are running Windows ME or XP, you should disable/enable System
> Restore because malware will be in the Restore Points. With ME, you
> must disable System Restore completely. With XP, you can delete all but
> the most recent (presumably clean) System Restore point from the More
> Options section of Disk Cleanup (Run>cleanmgr).
>
> 4) Make sure you've visited Windows Update and applied all security
> patches. Do not install driver updates from Windows Update.
>
> 5) Run a firewall.
>
> Links to help with malware:
>
> Software/Methods:
> http://www.safer-networking.org - Spybot Search & Destroy
> http://www.lavasoftusa.com - Ad-aware
> http://www.majorgeeks.com - good download site
> http://www.intermute.com/spysubtract/cwshredder_download.html
> http://www.silentrunners.org/sr_cwsremoval.html. - SilentRunners
>
> HijackThis:
> http://www.aumha.org/a/hjttutor.htm - HijackThis tutorial by Jim
> Eshelman
> http://spywarewarrior.com/viewforum.php?f=5 - Spyware Warrior HijackThis
> forum
> http://www.wilderssecurity.com/
> http://forums.tomcoyote.org/
> http://www.spywareinfo.com/forums/
>
> General:
> http://forum.aumha.org/ - look under "Security" for various forums
> http://rgharper.mvps.org/cleanit.htm
> http://mvps.org/winhelp2002/unwanted.htm
> http://www.aumha.org/a/parasite.htm - The Parasite Fight
> http://www.spywarewarrior.com/rogue_anti-spyware.htm
>
> Malke

-- 
Marko Jotic
"Common sense is anything but common".
 From the notebooks of Lazarus Long. Robert A. Heinlein.
Handmade knives, antique designs, exotic materials at 
http://www.knifeforging.com/


Relevant Pages

  • Re: Taskbar disappearing and reappearing
    ... >> After reading the HP web pages, I set my System Restore memory usage ... See below for HijackThis links. ... > Restore because malware will be in the Restore Points. ... Do not install driver updates from Windows Update. ...
    (microsoft.public.windowsxp.general)
  • Re: XP Locks on Shutdown & Cant Run WIndows Update
    ... > often than not, those programs are malware. ... See below for HijackThis links. ... > the most recent System Restore point from the More ... Do not install driver updates from Windows Update. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: windowsXPpro explorer crash
    ... > CoolWebSearch malware removal steps at SilentRunners. ... See below for HijackThis links. ... > the most recent System Restore point from the More ... Do not install driver updates from Windows Update. ...
    (microsoft.public.windowsxp.general)
  • Re: removing infected files
    ... > Restore point and delete all but that System Restore point from the ... > Here are general malware removal steps. ... > scan with HijackThis. ... Do not install driver updates from Windows Update. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: 0we1rpr.exe
    ... > CoolWebSearch malware removal steps at SilentRunners. ... See below for HijackThis links. ... > the most recent System Restore point from the More ... Do not install driver updates from Windows Update. ...
    (microsoft.public.windowsxp.general)