differ
Members-
Content Count
8 -
Joined
-
Last visited
About differ
-
Rank
Member
-
Ewido Vs Coolwebsearch (hijack This Added)[INACTIVE]
differ replied to differ's topic in Malware Removal
Until now, my questions are not being solved, they are too difficult 1. ewido found CoolWebSearch but cannot remove it and I cannot get the report because ewido closed automatically. 2. Cannot find the CoolWebSearch by other ways. -
Ewido Vs Coolwebsearch (hijack This Added)[INACTIVE]
differ replied to differ's topic in Malware Removal
Hi, I am confused: I deleted aswBoot.exe in C:\WINDOWS\SYSTEM32\, not in C:\Program Files\Alwil Software\Avast4 and I remember I have removed Avast long time ago. When rebooted my PC I didn't get any error message about Avast not starting properly. -
Ewido Vs Coolwebsearch (hijack This Added)[INACTIVE]
differ replied to differ's topic in Malware Removal
Hi, In safe mode, I found C:\WINDOWS\SYSTEM32\aswBoot.exe and the Description of the file is "avast! start-up scanner". I deleted it into the Recycle Bin. In the Registry, I found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services (instead of HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet Services) but there is no "Xuy v palto"!! -
Ewido Vs Coolwebsearch (hijack This Added)[INACTIVE]
differ replied to differ's topic in Malware Removal
Hi, Please check following report from WinPFind, that is a quite big report: WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding. If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly. »»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Product Name: Microsoft Windows XP Current Buil -
Ewido Vs Coolwebsearch (hijack This Added)[INACTIVE]
differ replied to differ's topic in Malware Removal
Hi, After doing "fix checked" for the item in HijackThis and rebooted the PC, I run ewido again to scan my PC, and unfortunately the CWS still there. This is what ewido said: Registry: HKLM\SOFTW..\Classes\CLSID\{D2B24D87-699F-16C6-2875-242... Infection: Adware.CoolWebSearch Threat: High I clicked the button in ewido to remove it but, again nothing happened. Until finishing the scan, the list in ewido still was Infected objects: 6 Cleaned infections: 0 Ignored infections: 0 (note: only one CWS, the rest are TrackingCookie) Moreover, when finished scan, the Save report and View report buttons -
Ewido Vs Coolwebsearch (hijack This Added)[INACTIVE]
differ replied to differ's topic in Malware Removal
Thank you for your response. I don't know what is "debug a winserver". I used my computer for IIS, Java..... -
Ewido Vs Coolwebsearch (hijack This Added)[INACTIVE]
differ replied to differ's topic in Malware Removal
OK, this is the fresh Hijack this log after set to "Normal Startup" in msconfig. It looks longger? Logfile of HijackThis v1.99.1 Scan saved at 17:30:12, on 05/03/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Lin\Tool\ewido\ewido anti-malware\ewidoctrl.exe C:\Lin\Tool\ewido\ewido anti-malware\ewidoguard.exe -
Hi, I tried my best to remove CoolWebSearch without success. When run the updated ewido anti-malware, I found CoolWebSearch. I clicked the button to remove it but nothing happened. When scanning finished the report buttons were grey that I couldn't get the report. After a second ewido automatically closed. I also tried cwshredder but coudn't find anything. Can you help? --------------------------------------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 22:40:54, on 04/03/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2800.1106