Welcome to Thunderdome

RIP Gordon
https://www.dtman.com/forum3/

CWShredder - Another tool

https://www.dtman.com/forum3/viewtopic.php?t=3024

Page 1 of 1

Posted: Thu Sep 09, 2004 6:29 pm
by Paul
FYI
I had trouble removing spyware from a customer's machine. Running Ad-Aware, Spybot Search & Destroy, and Norton's anti-spyware software didn't fix it. SpywareBlaster didn't help. SpywareGuard would alert me every time the homepage (or other settings) was changed, and let me automatically change it back, but it didn't fix the problem.

Upgrading to XP SP2, doing all the XP security updates, etc. didn't work.

The problem was CoolWebSearch changing the homepage to "About:Blank".

I finally found a forum with a bunch of people who had the same problem A program called CWShredder did the job when I ran it from Safe Mode. I had to reboot, and afterwards I did find one more thing that was reinstalled with Ad-Aware, but otherwise things look clean now.

I hate CoolWebSearch.

Posted: Thu Sep 09, 2004 7:40 pm
by 71-1085092892
Wait.

1. I always use about"blank as a webpage. Saves me having to wait for a page to load when I want a browser. CWS gives you a porn start page (or some weird search page), typically.

2. Did the CWS guy go back into bidness? About 4 months ago the (shredder) author quit, stating that he couldn't keep up with the rapidly evolving CWS (hijacker). The two versions of CWS I've contracted both outpaced the then-current versions of CoolWebShredder.

Posted: Fri Sep 10, 2004 9:15 am
by Paul
Their website is down. You can't download from them, so maybe you're right.

Here's what I know:
I ran fully updated versions of Ad-Aware, Spybot Search & Destroy and some Symantec (Norton Spyware thing) software that the customer had. I also installed SpywareBlaster and SpywareGuard which didn't help. (SpywareGuard would alret me every few seconds that something changed, and allow me to change it back, but who wants to revert every ten seconds?)

They only thing that went in and killed the trojan was the copy of CWShredder that I downloaded. Even if it was old, it got what the others wouldn't. It's the only thing I tried that fixed the problem.

Posted: Fri Sep 10, 2004 11:24 am
by 71-1085092892
The 2 times I contracted CWS, both this year, all of my anti-spyware knowledge couldn't save the patient. Including CoolWebShredder, which as I mentioned hadn't caught up yet. I had to scratch and reload the system both times.

Posted: Fri Sep 10, 2004 4:02 pm
by Paul
What they heck were you doing to get it twice???

Stay off the warez, donkey porn sites!

Posted: Fri Sep 10, 2004 4:12 pm
by 71-1085092892
The first time was when I was surfing a dubious warez site, possibly russian.

The second time, I have no idea. It was just a month later. Interestingly, earlier that day I had popped the new Velvet Revolver CD into my puter, which I learned later installed some spyware.

I like to think it was just a coincidence.

After I reloaded the system after THAT infection, I disabled windows autoplay in the registry. Then I locked down almost all activex. So far so good.
All times are UTC-04:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited