Security Incidents mailing list archives
RE: IE default Page
From: "Hagen, Eric" <ehagen () DenverNewspaperAgency com>
Date: Fri, 16 Jul 2004 09:21:54 -0600
I use "HijackThis" and have had success beating it. For most of my intensive Adware removal, I copy HiJackThis and CWShredder to the hard disk and then reboot the machine in safe mode. Then I manually kill all of the processes that it will allow me to kill... then run Hijackthis and cwshredder and take note of where the files are. I then go in and manually delete those files. CoolWebSearch hasn't been nearly as much problem for us as "TVMedia" and "WinTools" or a few of the other ones that have multiple threads and/or system services that watch the system processes and restart each other when one of them is killed. WinTools is an amazingly resilient program that uses this method with 2 processes PLUS a system service all watching each other. Interestingly enough, aren't they one of the companies who sued Symantec when they tried to add CWS as a "virus" to their definitions. After all, it's an "advertising engine" not a "virus" and they (like GMT and Gator) have been aggressive in pressing legal action against anyone who tries to "automatically" remove their "program". Eric -----Original Message----- From: wnorth [mailto:wnorth () verizon net] Sent: Thursday, July 15, 2004 6:46 PM To: incidents () securityfocus com Subject: IE default Page Interesting bug going around, coolwebsearch, has anyone been successful in removing this virus from a system? It looks like it recreates the DLL under c:\windows\system32 and renames it after a few reboots. It's pretty annoying and I haven't been able to fully contain it. Thoughts? Suggestions? I've used highjackthis, cwshredder and a few spyware detectors, but nothing is really fixing the problem. Thanks, -Wes
Current thread:
- IE default Page wnorth (Jul 16)
- Re: IE default Page Jeff Garrett (Jul 16)
- Re: IE default Page Steven Bairstow (Jul 16)
- Re: IE default Page Justin . Ross (Jul 16)
- RE: IE default Page wnorth (Jul 16)
- <Possible follow-ups>
- RE: IE default Page Hagen, Eric (Jul 16)
- RE: IE default Page Ed Wittmann (Jul 16)
- RE: IE default Page Micro Kluge (Jul 16)