lenidog
(1000+ posts)
Send PM |
Profile |
Ignore
|
Sun Feb-20-05 01:44 AM
Original message |
Ask me anything I just beat the CoolWeb Spyware |
|
Edited on Sun Feb-20-05 01:44 AM by lenidog
and damn it was a fearsome battle. It slipped past Spyware Blaster and resisted Spybot, Adware and CoolWeb Shredders attempts to remove it. It had buried itself in my registry and was sending me to a Yahoo lookalike web page every time I attempted to do a search. I finally went over to CNet and got a spyware removal tool that took it out. I don't know if anyone else has ever faced this problem but these guys who create this spy ware are the lowest forms of life on the planet. It pisses me of that these jerk offs create this crap that screws around with people's property, namely their computers. Why can't hackers do something useful for once and attack the computers of the major creators of spyware?
|
yourout
(1000+ posts)
Send PM |
Profile |
Ignore
|
Sun Feb-20-05 01:47 AM
Response to Original message |
1. Adaware and Hijack this run in safe mode can get rid of most... |
|
spyware but I have cleaned some computers than had some real nasty spyware that replaced operating system .dll files with corrupt ones.
|
lenidog
(1000+ posts)
Send PM |
Profile |
Ignore
|
Sun Feb-20-05 01:53 AM
Response to Reply #1 |
3. I had thought about using Hijack This |
|
But I figured it CoolWeb Shredder had failed so would it. It was one of those that if you removed it, it would recreat itself the next time you turned on your computer. Spyware Doctor by PC Tools was the one that finally ripped it out by the roots and took care of it. You are right Adaware 9 times out of 10 takes care of everything that get on your computer. Those guys are true lifesavers.
|
Ronbrynaert
(222 posts)
Send PM |
Profile |
Ignore
|
Sun Feb-20-05 01:51 AM
Response to Original message |
|
by ignoring it...it's tied to my internet explore which i blocked..now i just surf using mozilla
wish i had time to get rid of it all together...along with ie...but every solution ive seen takes too much time...and im too busy blogging...
|
lenidog
(1000+ posts)
Send PM |
Profile |
Ignore
|
Sun Feb-20-05 01:54 AM
Response to Reply #2 |
|
its a bad habit I have by using IE and I just can't seem to break it.
|
SmileyBoy
(1000+ posts)
Send PM |
Profile |
Ignore
|
Sun Feb-20-05 01:54 AM
Response to Original message |
5. I'm infected with CWS. Can you please tell me which program it is?? |
|
Edited on Sun Feb-20-05 01:57 AM by SmileyBoy
I desperately need to get rid of it. I've used Ad-Aware, Spybot Search and Destroy, Webroot SpySweeper and Norton AntiVirus, but still haven't gotten rid of it.
And I agree, I wish I could torture and kill those fuckers who made that fucking CoolWebSearch. I went to Best Buy, and the guy at Geek Squad said that CWS was very notorious.
|
SmileyBoy
(1000+ posts)
Send PM |
Profile |
Ignore
|
Sun Feb-20-05 02:01 AM
Response to Reply #5 |
leftyandproud
(1000+ posts)
Send PM |
Profile |
Ignore
|
Sun Feb-20-05 02:01 AM
Response to Reply #5 |
|
new program...free. Get it at download.com Or you can visit this site and download every recommended program...update them all and run in safe mode. SPYWARE KILLERS http://groups-beta.google.com/group/SPYWARE-Killers
|
grasswire
(1000+ posts)
Send PM |
Profile |
Ignore
|
Sun Feb-20-05 02:35 AM
Response to Reply #7 |
|
why should you run in safe mode?
|
yourout
(1000+ posts)
Send PM |
Profile |
Ignore
|
Sun Feb-20-05 02:46 AM
Response to Reply #17 |
23. The nastier ones will self replicate as fast as you remove them. |
|
Safe mode keeps the operating system from loading certain files as dictated by registry entrys. The really nasty ones I clean out using HiJack This. It is a tool best used my someone with a fairly high skill level with reguards to PCs to make sure you do not delete something you need.
|
leftyandproud
(1000+ posts)
Send PM |
Profile |
Ignore
|
Sun Feb-20-05 02:48 AM
Response to Reply #17 |
|
safe mode only loads the minimums XP needs to run. All other programs (including spyware) will not be loaded into memory as they are on a normal reboot. Spyware is easier to kill/delete when it isn't already running on your system.
|
grasswire
(1000+ posts)
Send PM |
Profile |
Ignore
|
Sun Feb-20-05 03:10 AM
Response to Reply #25 |
|
and you enter and leave safe mode by using which keys?
|
leftyandproud
(1000+ posts)
Send PM |
Profile |
Ignore
|
Sun Feb-20-05 07:06 AM
Response to Reply #29 |
lenidog
(1000+ posts)
Send PM |
Profile |
Ignore
|
Sun Feb-20-05 02:08 AM
Response to Reply #5 |
9. Its the Black Plague of the internet |
|
I used Spyware Doctor to finally kill it off. I got the free version from CNet Downloads
|
SmileyBoy
(1000+ posts)
Send PM |
Profile |
Ignore
|
Sun Feb-20-05 02:11 AM
Response to Reply #9 |
11. It's telling me that I have to buy the registered, paid version. |
lenidog
(1000+ posts)
Send PM |
Profile |
Ignore
|
Sun Feb-20-05 02:13 AM
Response to Reply #11 |
|
I will be back in a moment with a link.
|
lenidog
(1000+ posts)
Send PM |
Profile |
Ignore
|
Sun Feb-20-05 02:14 AM
Response to Reply #11 |
lwin
(499 posts)
Send PM |
Profile |
Ignore
|
Sun Feb-20-05 02:01 AM
Response to Original message |
|
If you beat CWS, you deserve kudos. Those rat bastards destroyed one computer of mine. Even the guys at Webroot told me that CWS is absolutely the most insidious spyware they have ever encountered, as it reinvents itself all the time. They're constantly working on getting rid of it.
|
lenidog
(1000+ posts)
Send PM |
Profile |
Ignore
|
Sun Feb-20-05 02:11 AM
Response to Reply #8 |
10. The first time I faced it |
|
I got so frustrated that I just rebooted the entire system and used my disks to reload the various things like papers, links etc that were imported. Then I learned about Spyware Blaster which is a decent shield against most of them including the older CW variants and they usually update once a week. Though it seems that its a tough battle to keep ahead of these scumbags.
|
dbt
(1000+ posts)
Send PM |
Profile |
Ignore
|
Sun Feb-20-05 02:21 AM
Response to Reply #10 |
14. One more for Spyware Blaster! |
|
Took me two freakin' days to get rid of CWS, but Spyware Blaster does seem to keep it from coming back. Also, I will never willingly use IE again. Mozilla is the KILLA!
:thumbsup: dbt
|
lwin
(499 posts)
Send PM |
Profile |
Ignore
|
Sun Feb-20-05 02:29 AM
Response to Reply #10 |
15. Death to the spyware makers... |
|
I've never understood their fascination with wrecking havoc on innocent peons & their computers. It's not as if anyone would be caught dead buying something from a pop-up that came from spyware that hijacks their computer.
My system has done fine since I bought the new Webroot software, and I'm religious about downloading the updates.
The local PC repair shop has more business than they can handle, with desperate people hauling their PC's in to be cleaned. Even though it's their business, they are so sick of it and can't hire enough people to keep up with the volume.
|
lenidog
(1000+ posts)
Send PM |
Profile |
Ignore
|
Sun Feb-20-05 02:41 AM
Response to Reply #15 |
18. I would love to go Roman on them |
|
Which means kill all the designers, burn down their offices, salt the land and poison the water. So they could never rise up again.
|
lwin
(499 posts)
Send PM |
Profile |
Ignore
|
Sun Feb-20-05 02:52 AM
Response to Reply #18 |
26. I'm glad you're on our side... |
lenidog
(1000+ posts)
Send PM |
Profile |
Ignore
|
Sun Feb-20-05 02:56 AM
Response to Reply #26 |
27. Well I am kinda being merciful |
|
I wouldn't put their heads on pikes or turn their skulls into beer mugs.;)
|
grasswire
(1000+ posts)
Send PM |
Profile |
Ignore
|
Sun Feb-20-05 02:32 AM
Response to Original message |
16. I've got something new as of yesterday... |
|
...that neither adaware, spybot, or Norton could fix. I've tried about everything I can think of to get rid of it.
|
tkmorris
(1000+ posts)
Send PM |
Profile |
Ignore
|
Sun Feb-20-05 02:42 AM
Response to Reply #16 |
|
Maybe we can help. How does it manifest itself? What symptoms do you have? Do you have HijackThis and can you post a log?
|
grasswire
(1000+ posts)
Send PM |
Profile |
Ignore
|
Sun Feb-20-05 02:46 AM
Response to Reply #19 |
22. an unwanted page keeps popping up... |
|
....that then is replaced by one of those stupid boxes wanting me to accept a download of a .exe file of one kind or another. I don't have hijack this.
|
tkmorris
(1000+ posts)
Send PM |
Profile |
Ignore
|
Sun Feb-20-05 03:03 AM
Response to Reply #22 |
28. Hmm, those are annoying. |
|
Do you happen to know the name of the .exe it wants you to accept? That might help track it down.
|
grasswire
(1000+ posts)
Send PM |
Profile |
Ignore
|
Sun Feb-20-05 03:17 AM
Response to Reply #28 |
31. it's different almost every time... |
|
...the box comes up. Really annoying. I'll start writing them down.
|
lenidog
(1000+ posts)
Send PM |
Profile |
Ignore
|
Sun Feb-20-05 02:42 AM
Response to Reply #16 |
|
Edited on Sun Feb-20-05 02:43 AM by lenidog
|
grasswire
(1000+ posts)
Send PM |
Profile |
Ignore
|
Sun Feb-20-05 02:44 AM
Response to Reply #20 |
21. that link isn't working for me |
lenidog
(1000+ posts)
Send PM |
Profile |
Ignore
|
Sun Feb-20-05 02:47 AM
Response to Reply #21 |
|
No worries. Go up to my post in this thread called "Here it is" it has the same link to get Spyware Doctor and I just checked it out and it works.
|
grasswire
(1000+ posts)
Send PM |
Profile |
Ignore
|
Sun Feb-20-05 03:12 AM
Response to Original message |
30. anyone know anything about... |
|
Edited on Sun Feb-20-05 03:19 AM by grasswire
...spywarenuker.exe?
That's the latest in the attempts to get me to accept a download. spywarenukerinstaller.exe
|
DU GrovelBot
(1000+ posts)
Send PM |
Profile |
Ignore
|
Sun Feb-20-05 07:06 AM
Response to Original message |
33. ## PLEASE DONATE TO DEMOCRATIC UNDERGROUND! ## |
|
================== GROVELBOT.EXE v3.0 ==================
This week is our first quarter 2005 fund drive. Democratic Underground is a completely independent website. We depend almost entirely on donations from our members to cover our costs. Thank you so much for your support.
|
HughBeaumont
(1000+ posts)
Send PM |
Profile |
Ignore
|
Sun Feb-20-05 07:28 AM
Response to Original message |
34. One reason is now (another CWS horror story) |
|
These sons of Bitches can put exe's known as CTFMON and CSRSSU (which exist on your System32 Folder), which slip past the adaware and spybot searches and work with a dll called sehlp. Hijackthis is the only one I have that was able to detect these annoyances. Just part of the continuous reinvention of the CWS that pisses the user off to no end.
Spyware assholes are getting smarter and smarter. The first time I had to deal wtih them, they were able to install a dialer that loaded so fast, it disconnected me and activated so fast that I wasn't able to stop it. After getting rid of the program and all of the CWS bullshit that came with it, the next month, I received a 40 dollar charge on my phone bill from some Integretel (an outsourced billing service for 900 numbers) company. This is currently in dispute as I'm withholding payment.
I also have a small batch that I run from time to time that looks like this:
del c:\*.tmp del %temp%\*.tmp /f del %windir%\prefetch\*.* del %windir%\temp\*.* /f del C:\documents and settings\*\local settings\temp\*.* /f
Cleans the temp directories and possible exe's that exist in them.
|
grasswire
(1000+ posts)
Send PM |
Profile |
Ignore
|
Sun Feb-20-05 03:01 PM
Response to Original message |
35. another day, another problem... |
|
....the adaware identifies things it can't delete. Two of those problems are IBIS and People on Page. Another is something it says might be "possible CWS"
So if adaware can't delete, what is to be done? Something is installing icons on the desktop, too.
|
DU
AdBot (1000+ posts) |
Thu May 02nd 2024, 12:39 AM
Response to Original message |