MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
HOME FORUMS RESOURCES & TOOLS ARTICLES ONLINE STORE ABOUT US
Computer Support Forums arrow Internet & Network Support arrow Security & Viruses arrow Topic: HELP!got hijacked by CoolWebSearch
December 16, 2019, 11:18:51 AM
 

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
December 16, 2019, 11:18:51 AM

Login with username, password and session length
 Featured Sites:
News
Help us help you! Help us help you by helping out! The more people know about us, the more help will be available. Click here to find out how...
  0 Members and 1 Guest are viewing this topic.
Pages: [1] 2  All Go Down Print
Author Topic: HELP!got hijacked by CoolWebSearch  (Read 2971 times)
T
Newbie
*

Karma: +0/-0
Offline Offline

Posts: 8


Bookmark and Share

View Profile
« on: August 24, 2004, 03:22:37 AM »

CoolWebSearch:
Operating System Version: win 2000
Problem Application Name & Version: CoolWebSearch about:blank
Problem Hardware Make & Model: IE 6

Im crying for help, every time i run ie, my home page alway set to about: blank, which always took me to a search site with popouts.
its so freaking annoying. ive tried most of the comments about this kind of subject, but nothing work for me. everytime i scan with my
ad-aware (with upgrade), it just found out i got that CoolWebSearch im my comp (which is really uncool). nomatter how i clean it, ill just come back the next time i run ie! i tried using spybot,
ad-aware, CWShredder on safe mode, i even clean all my temp files then run CWShredder but its no use. ive seen ppl using FINDnFIX, but im not really understand what to do. please help.
i use FINDnFIX !LOG!.BAT, and got the resalt:
 
Invalid keyboard code specified
Mon 23 Aug 04  19:46:22
 
 
« Last Edit: August 24, 2004, 03:24:09 AM by T » Logged

 
benditup
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 2105


Bookmark and Share

View Profile
« Reply #1 on: August 24, 2004, 03:36:41 AM »

Please delete the FINDnFIX files and folder, it will do you no good in your case. You may have a different variant

Would you please download Hijackthis---Important---Create a permanent folder hijackthis
EG---- Open MyDocuments----Right click an empty spot and select NEW---Folder----Name the new folder HJT
OR create a folder as C:\HJT---this is where you will want to save Hijackthis too, also, backups will be stored there.
download from
HERE or HERE


Do a SCAN----Scan will change to SAVE LOG----copy and paste the WHOLE contents of the log
here... Don't try and fix anything yet----It is all important
Logged

 
T
Newbie
*

Karma: +0/-0
Offline Offline

Posts: 8


Bookmark and Share

View Profile
« Reply #2 on: August 24, 2004, 09:59:35 PM »

Ok, i did what u said.
heres it~


Logfile of HijackThis v1.98.2
Scan saved at
Logged

 
benditup
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 2105


Bookmark and Share

View Profile
« Reply #3 on: August 25, 2004, 12:17:04 AM »

I have a suspicious feeling you've been trying to fix some entries in your log, I'm talking about the R0 and R1 entries are not there
Can you not try and fix anything, let me see the whole log, as indicated
by my first post

I want to see if this utility will be any help
Make a folder on your desktop, name it Aboutbuster
Download About:buster
by Rubber Ducky
Unzip it to that folder
Start it and hit ok. Then hit update. A new screen should popup. On that screen hit Check for Updates. If it says it found an update hit Download Updates. If it doesnt it will automatically tell you and exit. Now for the scanning part. Hit start and then Ok. The program should start scanning. Then hit exit and reboot
Run about:buster one more time when you have restarted

Post back with a fresh hijackthis log and About:buster logs
Logged

 
T
Newbie
*

Karma: +0/-0
Offline Offline

Posts: 8


Bookmark and Share

View Profile
« Reply #4 on: August 26, 2004, 12:42:33 AM »

i never try to fix anything i swear.
when i run scan it show a message :

An unexpected error has occurred at procedure: modMain_CheckOther14Item()
Error #55 - File already open

Please email me at merijn@spywareinfo.com, reporting the following:
* What you were doing when the error occurred
* How you can reproduce the error
* A complete HijackThis scan log, if possible

Windows version: Windows NT 5.00.2195
MSIE version: 6.0.2800.1106
HijackThis version: 1.98.2

This message has been copied to your clipboard.



and when i start about:buster and i click ok, it shows :

"database is corrupt or missing"

what does that means?
Logged

 
benditup
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 2105


Bookmark and Share

View Profile
« Reply #5 on: August 26, 2004, 05:25:08 AM »

Try this download link for About:buster
http://malwarebytes.biz/AboutBuster.zip

make sure you Unzip it before running it
If it still won't work, try restarting your computer
into Safe Mode

Try running about:buster in safe mode and hijackthis
We may have to revert back to an older version of hijackthis.....Let's see what happens

I'm uploading a file called GetServices.zip
Could you please save it to your desktop>>>then Unzip it to your desktop

Double click to run it,
If you have script blocking installed, you will get a warning when you try to run the script. Please allow it to run. It is only collecting information

Could you post the Active.txt it produces in a seperate reply, thanks




Download Attachment: GetServices.zip 1.13 KB
Right click and select Save Target As... then rename the file as shown here and save.
Logged

 
T
Newbie
*

Karma: +0/-0
Offline Offline

Posts: 8


Bookmark and Share

View Profile
« Reply #6 on: August 26, 2004, 10:09:36 PM »

this is the active.txt


These are the Current Active Services:

 APPLICATION MANAGEMENT: AppMgmt
C:\WIN2K\system32\services.exe

 COMPUTER BROWSER: Browser
C:\WIN2K\System32\services.exe

 DHCP CLIENT: Dhcp
C:\WIN2K\System32\services.exe

 LOGICAL DISK MANAGER: dmserver
C:\WIN2K\System32\services.exe

 DNS CLIENT: Dnscache
C:\WIN2K\System32\services.exe

 EVENT LOG: Eventlog
C:\WIN2K\system32\services.exe

 SERVER: lanmanserver
C:\WIN2K\System32\services.exe

 WORKSTATION: lanmanworkstation
C:\WIN2K\System32\services.exe

 TCP/IP NETBIOS HELPER SERVICE: LmHosts
C:\WIN2K\System32\services.exe

 PLUG AND PLAY: PlugPlay
C:\WIN2K\system32\services.exe

 PROTECTED STORAGE: ProtectedStorage
C:\WIN2K\system32\services.exe

 RUNAS SERVICE: seclogon
C:\WIN2K\system32\services.exe

 DISTRIBUTED LINK TRACKING CLIENT: TrkWks
C:\WIN2K\system32\services.exe

 WINDOWS MANAGEMENT INSTRUMENTATION DRIVER EXTENSIONS: Wmi
C:\WIN2K\system32\Services.exe

 COM+ EVENT SYSTEM: EventSystem
C:\WIN2K\System32\svchost.exe -k netsvcs

 NETWORK CONNECTIONS: Netman
C:\WIN2K\System32\svchost.exe -k netsvcs

 REMOVABLE STORAGE: NtmsSvc
C:\WIN2K\System32\svchost.exe -k netsvcs

 REMOTE ACCESS CONNECTION MANAGER: RasMan
C:\WIN2K\System32\svchost.exe -k netsvcs

 SYSTEM EVENT NOTIFICATION: SENS
C:\WIN2K\system32\svchost.exe -k netsvcs

 TELEPHONY: TapiSrv
C:\WIN2K\System32\svchost.exe -k netsvcs

 LEXBCE SERVER: LexBceS
C:\WIN2K\system32\LEXBCES.EXE

 NVIDIA DRIVER HELPER SERVICE: NVSvc
C:\WIN2K\System32\nvsvc32.exe

 IPSEC POLICY AGENT: PolicyAgent
C:\WIN2K\System32\lsass.exe

 SECURITY ACCOUNTS MANAGER: SamSs
C:\WIN2K\system32\lsass.exe

 REMOTE REGISTRY SERVICE: RemoteRegistry
C:\WIN2K\system32\regsvc.exe

 REMOTE PROCEDURE CALL (RPC): RpcSs
C:\WIN2K\system32\svchost -k rpcss

 QOS RSVP: RSVP
C:\WIN2K\System32\rsvp.exe -s

 TASK SCHEDULER: Schedule
C:\WIN2K\system32\MSTask.exe

 PRINT SPOOLER: Spooler
C:\WIN2K\system32\spoolsv.exe

 TREND NT REALTIME SERVICE: Tmntsrv
"C:\Program Files\Trend Micro\PC-cillin 2003\Tmntsrv.exe"

 TREND MICRO PROXY SERVICE: tmproxy
C:\Program Files\Trend Micro\PC-cillin 2003\tmproxy.exe

 WINDOWS MANAGEMENT INSTRUMENTATION: WinMgmt
C:\WIN2K\System32\WBEM\WinMgmt.exe

 WMDM PMSP SERVICE: WMDM PMSP Service
C:\WIN2K\System32\mspmspsv.exe

 AUTOMATIC UPDATES: wuauserv
C:\WIN2K\system32\svchost.exe -k wugroup
Logged

 
T
Newbie
*

Karma: +0/-0
Offline Offline

Posts: 8


Bookmark and Share

View Profile
« Reply #7 on: August 26, 2004, 10:17:29 PM »

sorry but i still cant run aboutbuster, even in save mode.
i use hijackthis scan in safe mode and got the log below



Logfile of HijackThis v1.98.2
Scan saved at
Logged

 
benditup
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 2105


Bookmark and Share

View Profile
« Reply #8 on: August 26, 2004, 10:19:27 PM »

Not showing there either, were you able to run about:buster in safe mode?
Did you try downloading again from that link I supplied you?

Can you post another hijackthis log?
If not try making another folder and try this older version
http://www.soft32.com/download_19015.html

I need to see a fresh hijackthis log and possibly about:buster logs if you can
Logged

 
benditup
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 2105


Bookmark and Share

View Profile
« Reply #9 on: August 26, 2004, 10:37:24 PM »

If you didn't purchase SpywareBegone uninstall it
Read this link why
http://www.spywarewarrior.com/rogue_anti-spyware.htm

In safe mode run CWShredder one more time allowing it to FIX all problems
Ensure you have version 1.59.1

Stay in safe mode
Navigate to this file, do you know what it's related too, I can find no info on it, let's rename it for now
C:\WIN2K\system32\winsi.exe<--this file>>>RENAME too winsi.bak

Delete this folder
c:\freescan <--this folder

Do a disk Cleanup>>Start---Run--type in "cleanmgr" without quotes
Ensure to clean Temporary files, Temporary Internet files , recycle bin

Do another Scan with Hijackthis and put a check next to these entries
and then FIX CHECKED when ALL other windows are closed

R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {F11EF3F2-3BB2-1A6E-E803-652B1F99B2AD} - C:\WIN2K\cryc32.dll
O4 - HKLM\..\Run: [winsi.exe] C:\WIN2K\system32\winsi.exe
O4 - HKCU\..\Run: [Spyware Begone] c:\freescan\freescan.exe -FastScan
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?

RESTART back in Normal Mode
Don't open a browser yet, instead access Internet Options via Control
Panel
Under the Programs tab "Reset Web Settings"
Under the General tab---Reset home page

Download and Install Spybot S&D 1.3
After Installation---SEARCH FOR UPDATES
Check for Problems--Fix Everything in RED
RESTART your computer

Try posting back a fresh hijackthis log in Normal mode
from preferrably hijackthis 1.98.2 or 1.97.7
Logged

 
T
Newbie
*

Karma: +0/-0
Offline Offline

Posts: 8


Bookmark and Share

View Profile
« Reply #10 on: August 27, 2004, 10:33:23 PM »

there u go, i did everything u said. but i think the problem is still there...


Logfile of HijackThis v1.98.2
Scan saved at
Logged

 
benditup
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 2105


Bookmark and Share

View Profile
« Reply #11 on: August 28, 2004, 04:02:36 AM »

Restart your computer into Safe Mode

Find and delete these files
C:\WIN2K\system32\winsi.exe <--file
C:\WIN2K\rmquvv.txts <--file
C:\WIN2K\system32\ipyv.exe <--file
C:\WIN2K\inqjsj.dat <--file

In safe mode
Do another Scan with Hijackthis and put a check next to these entries
and then FIX CHECKED when ALL other windows are closed

R3 - Default URLSearchHook is missing
O2 - BHO: IeCatch2 Class - {a5366673-e8ca-11d3-9cd9-0090271d075b} - C:\PROGRA~1\flashget\jccatch.dll (file missing)

O4 - HKLM\..\Run: [winsi.exe] C:\WIN2K\system32\winsi.exe
O4 - HKLM\..\Run: [javamg32.exe] C:\WIN2K\javamg32.exe
O4 - HKLM\..\RunOnce: [atvwuw.log] C:\WIN2K\atvwuw.log
O4 - HKLM\..\RunOnce: [appwo.exe] C:\WIN2K\appwo.exe

O4 - HKCU\..\Run: [Spyware Begone] c:\freescan\freescan.exe -FastScan
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?

Do a disk cleanup>Start>>Run>>type in "cleanmgr" without quotes
Restart your computer back In Normal Mode and post back with a fresh hijackthis log

If you don't remove what I ask, you are on your own..Take it or leave
it, but I'm not going to waste my time or yours fighting a losing battle
Logged

 
T
Newbie
*

Karma: +0/-0
Offline Offline

Posts: 8


Bookmark and Share

View Profile
« Reply #12 on: August 29, 2004, 04:41:47 AM »

kk, got all the things clean out.

Logfile of HijackThis v1.98.2
Scan saved at
Logged

 
benditup
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 2105


Bookmark and Share

View Profile
« Reply #13 on: August 29, 2004, 05:13:36 AM »

Are you still having problems?
Did you actually Download and install and Check for updates
Ad-Aware and Spybot?

It doesn't show in your log that Spybot got installed

Have Hijackthis fix these entries
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.2001.0001\en-us\msntb.dll (file missing)
O2 - BHO: (no name) - {F11EF3F2-3BB2-1A6E-E803-652B1F99B2AD} - C:\WIN2K\cryc32.dll

Optionally, things that are not needed on Startup
It's up to you whether you fix them or not

These are what I recommend
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LoadQM] loadqm.exe

RESTART your computer into SAFE MODE
Find and delete this file
C:\WIN2K\cryc32.dll <--this file if it exists

Navigate to this file
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
RENAME realsched.exe>>>>>realsched.old

RESTART back in Normal mode
If you don't have the latest version of Ad-Aware, download it from my
link
After Installation--Check for updates
Do a Full System Scan---Remove Critical objects
RESTART your computer
Post back with a fresh hijackthis log and let me know if you are having problems

You can check most of those optional fixed programs here at this site
http://www.sysinfo.org/startuplist.php
« Last Edit: August 29, 2004, 05:16:06 AM by benditup » Logged

 
T
Newbie
*

Karma: +0/-0
Offline Offline

Posts: 8


Bookmark and Share

View Profile
« Reply #14 on: August 31, 2004, 01:03:45 AM »

IVE DONE IT!!
coolwebsearch is gone, i download the upgrades for my adaware,
and when i scan, it comes out i had 74 CoolWebSearch in my comp.
i got rid all of it, and now i got a fine comp.
thx benditup for helping me this few weeks.
now im ready to rock the internet Cheesy
Logged

 
Pages: [1] 2  All Go Up Print 
 
Jump to:  

Powered by MySQL Powered by PHP

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS!

Disclaimer
This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
Back to Top
Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
Back to Top
Google visited last this page November 20, 2018, 11:06:23 PM