Re: IE default Page

[Steven Bairstow <sab139 () psu edu>]

Try this out, I had one that was doing that and used the technique described by LoPhatPhuud in the web-forum topic 
linked below to remove it.  The only difference was that my .dll and .cpy.dll files had a different base name.  But 
it's easy enough to find as it's mentioned in the Guardian branch and should be the only .cpy.dll file in the system32 
directory.  It is set to hidden, system, and read-only, so you'll need to tell Windows to show it to you.

http://forums.net-integration.net/index.php?showtopic=13744


> Interesting bug going around, coolwebsearch, has anyone been successful in
> removing this virus from a system? It looks like it recreates the DLL under
> c:\windows\system32 and renames it after a few reboots. It's pretty annoying
> and I haven't been able to fully contain it.
>
> Thoughts? Suggestions? I've used highjackthis, cwshredder and a few spyware
> detectors, but nothing is really fixing the problem.
>
> Thanks,
>
> -Wes


-- 


Steven Bairstow
Computer and Network Services - Abington College - Penn State University
http://www.personal.psu.edu/~sab139              PGP Key ID = 0x0C81E13C


"No trees were killed in the creation of this message.
However, many electrons were terribly inconvenienced."