In the past week I have run into a new variant of the CoolWebSearch that is a major pain in the a#$ to remove. Dannjr also told me he has seen it, I did some searching and so far I have only found minimal instructions on removing it.
What I have seen is Ad Aware detect it and say it's removed but it keeps coming back.
Has anyone run into this?
Do you know of an easy fix or a fix at all?
If you haven't seen this yet you will and it's very hard to remove.
FYI..... I have used Ad Aware, SpyBot, HijackThis, SpySweeper & PestPatrol to try and fully remove this,
as YARDofSTUF said its better then both of them for coolweb varients
Go to http://www.spywareinfo.com/~merijn/cwsc ... cwshredder , and download the latest version of CWShredder by Merijn Bellekom, the creator of Hijack This.
Run it, press 'Fix', and allow it to fix all it finds.
And remember to click "Fix" (Not "Scan only")
I'm not doubting you, but are you sure it's a cool web variant and not this pain in the Arse new VX2? Let me search through my tools and see if I have anything that may work.
Sounds like merlin.org works hard to remove it, maybe the next update to cwshredder will remove this latest version.
More money for us repair guys if we have to do a format/reinstall.
If customers won't listen to advice there's not much else we can do but soak them.
If you know what app installed the problem, you could reinstall it while you monitor the registry, and file access/creation.
Then remove everything it created.
I've had allaboutsearching and search2020 on my computer for about a month and they have resisted everything I've tried to remove them. I've used all of the suggested programs in this thread multiple times and have edited my registry repeatedly, to no avail.
First, when they are removed they regenerate themselves; then, if you find and delete the files that are set to recreate the deleted ones, there are files somewhere else that hijack the browser, go back to the site that installed them to begin with, and have the whole mess reinstalled.
Searching requires using the variants: search2020, 2020search, allabout, and aboutsearching as well as the obvious allaboutsearching.
Any help appreciated.
_ _______________________ _
Dell 420 quad core @ 2.4 GHz
3 Gig DDR 2
2 500 GB drives in Raid 0 configuration
ATI Radeon HD 3650 Graphics
Please do this. Click here: http://www.sherrylynn.us/HijackThis.exe to download Hijack This. Save it to it’s own folder (not temporary files or the desktop).
Close all open windows and open HIJACK THIS. Click “Scan”. When the scan is finished (it only takes a second), the scan button will change to “Save Log”. Click on “Save Log” and save it to NotePad. Copy the entire log and paste it here.
DO NOT FIX ANYTHING YET,
most items that appear in the log are harmless or even needed. Wait for someone to analyze the scan and advise.
The CWS "About Blank" is so far impossible to remove on all systems.
It actually hides from windows,is different in NTFS and FAT32 and also between Different operating systems....Some of the best brains on the net have been working on this 24/7 since before Easter.There is no auto-fix and no two versions act the same way.The instructions we put together for removal are just too complicated for most users to follow and even then theres no guarantee it works.The best thing to recomend at the moment is to ditch IE for now and go with Mozilla or Opera until we get a definate solution for it.
$teve wrote:The CWS "About Blank" is so far impossible to remove on all systems.
It actually hides from windows,is different in NTFS and FAT32 and also between Different operating systems....Some of the best brains on the net have been working on this 24/7 since before Easter.There is no auto-fix and no two versions act the same way.The instructions we put together for removal are just too complicated for most users to follow and even then theres no guarantee it works.The best thing to recomend at the moment is to ditch IE for now and go with Mozilla or Opera until we get a definate solution for it.
Thanks $teve, that's the conclusion I have come to. It has racked my brain and anyone else who has actually run into it.
Personally Mozilla is the only browser I use and all the clients that I have talked into trying it love it.
i'm currently infected by this pain in the butt spyware. I have minimised the damage in the only way I could think of (for now). I was annoyed with the changing of my start page and search page etc So i did this;
Windows 2000 / XP
1. Run regedt32.exe
2. Changed permissions on my HKLM\Software\Microsoft\Windows\CurrentVersion\Run key to READ ONLY for all users. Only ADMINISTRATOR has full control (i'm usually loged in as myself and find no need to modify the RUN key)
This will by no means fix the problem, but will reduce the impact. You will also have to do the same for the HKCU equivalent to the above. Also the HKCU\Software\Microsoft\Internet Explorer\Main key as well as it's HKLM equivalent.
Note: You or any program won't be able to modify any subkeys in these keys when you make these changes. I myself don't care about this as I find no need to have my RUN key modified, nor do I change my home page and search pages etc
mnosteele52 wrote:In the past week I have run into a new variant of the CoolWebSearch that is a major pain in the a#$ to remove. Dannjr also told me he has seen it, I did some searching and so far I have only found minimal instructions on removing it.
What I have seen is Ad Aware detect it and say it's removed but it keeps coming back.
Has anyone run into this?
Do you know of an easy fix or a fix at all?
If you haven't seen this yet you will and it's very hard to remove.
FYI..... I have used Ad Aware, SpyBot, HijackThis, SpySweeper & PestPatrol to try and fully remove this,
Yes I've seen it...been struggling for weeks to rid myself of this one...I've used all the removers you mention plus CWS...to no avail...
