OK, don't know why my thread was removed, but I can't get rid of this issue!

basically my IE has been hijacked. Norton systemworks, panda, ad-aware all have failed to get rid of the issue! I have something in my task manager that's flashing called Hiden. It's in my services menue, and dissabled there too. When I boot, I get a pop up that asks if I'm infected with spyware. yes or no. Then it launches a spyware page :mad:

help!

OK it wasn't removed. my IE is so baked, I didn't see it :bawling:

I htink i can help you with this, cuz i think i had the same thing, do you have aim or msn?

http://securityresponse.symantec.com/avcenter/venc/data/adware.coolwebsearch.html

I know this doesn't help much now, but it would be good to always keep another browser (or two) as a backup, just incase. Personally, I prefer using Firefox, but I also have Lexun browser as a backup. In fact, I keep them on a disc in my car for when my friends lose their IE!

Long live Firefox!! I've been using it since 0.6 and I don't touch IE unless Windows makes me (updates, etc.).

http://sfx-images.mozilla.org/affiliates/Banners/120x600/rediscover.png (http://www.spreadfirefox.com/)

wow. did you try booting in safe mode and deleting from there? If you have not installed any new apps recently, go into the windows folder, sort by date and delete any suspicious files that have a datestamp of the infection or newer. Repeat for any folders that have recent changed dates. Repeat for the program files directory. Really the only recent files you will typically see will be either .dat, .ini .log or .txt files. Anything else is suspect.

this may or may not help. Since your system has been nuked, it probably won't hurt. Repeat in the c: folder. Note, you need to set file manager to see all hidden and system files, otherwise you can't delete them.

anyway, i think you are looking at a repair install of windows. you don't lose anything, and if you are lucky (you cut deep enough before the repair install) then that may fix the problem.

http://securityresponse.symantec.com/avcenter/venc/data/adware.coolwebsearch.html

What sucks about this jewel that we've got is that CoolWebSearch is the easier thing to remove... Norton/Symantec does not detect what we have... :mad:

when I tried to delete the Hiden file before, winblows would'nt allow me to because it was in use by another program or person. In safe mode, will this not occur?

personally, I have no issues uninstalling everything I have put on my PC for the month of Feb. I just don't want to see winblows fighting me on it.

will a repair fix where this thing dug into my registry?

Windows repair will replace missing or damaged registry files. I found out last March when I got a worm, removed it with the removal tool and it took a bunch of my registry files with it. The windows repair utility replace all my files and got me back up and running.

Eventually, I still had to reformat the HDD due to some other issues, but it did get me back up and running to save all my other files. Now I back everything up on a regular basis.

ok, pure, download and run this program to find out what stuff you have running and which are locking files.

http://www.sysinternals.com/ntw2k/freeware/procexp.shtml

damn, that sucker can kill anything. i tested it and my system is shutting down, lol...

Read this, I had to do a similiar manual deletion on a workstation at my office.

Ooops forgot link. :P http://computercops.biz/postt96717.html

Also, you might want to go ahead and get coolwebshredder.

From what I've read, it's about the best there is at taking out that extremely nasty program.

For what it's worth, it IS considered just about the hardest malware program in existence to remove. :)

Bingo

LOL, I can't even get to safe mode! :confused:

start the computer, after the bios screens press and hold (or tap) f8 key....
you may need to hit the f-lock key first on your kb

XP REPAIR INSTALL

1. Boot the computer using the XP CD. You may need to change the
boot order in the system BIOS. Check your system documentation
for steps to access the BIOS and change the boot order.


2. When you see the "Welcome To Setup" screen, you will see the
options below This portion of the Setup program prepares Microsoft
Windows XP to run on your computer:

To setup Windows XP now, press ENTER.

To repair a Windows XP installation using Recovery Console, press R.

To quit Setup without installing Windows XP, press F3.




3. Press Enter to start the Windows Setup.

do not choose "To repair a Windows XP installation using the
Recovery Console, press R", (you do not want to load Recovery
Console). I repeat, do not choose "To repair a Windows XP
installation using the Recovery Console, press R".

4. Accept the License Agreement and Windows will search for existing
Windows installations.

5. Select the XP installation you want to repair from the list and
press R to start the repair. If Repair is not one of the options,
read this Warning!!

6. Setup will copy the necessary files to the hard drive and reboot.
Do not press any key to boot from CD when the message appears.
Setup will continue as if it were doing a clean install, but your
applications and settings will remain intact.

Blaster worm warning: Do not immediately activate over the internet
when asked, enable the XP firewall
[ http://support.microsoft.com/?kbid=283673 ]
before connecting to the internet. You can activate after the
firewall is enabled. Control Panel - Network Connections. Right click
the connection you use, Properties, and there is a check box on the
Advanced [ http://michaelstevenstech.com/xpfirewall1.jpg ] page.


7. Reapply updates or service packs applied since initial Windows XP
installation. Please note that a Repair Install from the Original
install XP CD will remove SP1/SP2 and service packs will need to be
reapplied.
Service Pack 2
http://www.microsoft.com/downloads/details.aspx?FamilyId=049C9DBE-3B8E-
4F30-8245-9E368D3CDB5A&displaylang=en
An option I highly recommend is creating a Slipstreamed XP CD with SP2.
Slipstreaming Windows XP with Service Pack 2 (SP2)
http://www.winsupersite.com/showcase/windowsxp_sp2_slipstream.asp

__________________________________________________ ____________________

Warning!!
If the option to Repair Install is not available and you continue
with the install;you will delete your Windows folder and Documents
and Settings folder. All applications that place keys in the registry
will need to be re-installed. You should exit setup if the repair
option is not available and consider other options.

start the computer, after the bios screens press and hold (or tap) f8 key....
you may need to hit the f-lock key first on your kb

did that. it didn't work, not kidding, it didn't work :down:

sorry i havent called yet pure, i have the worst sinus infection and have been in bed as much as possible. i hate when snot comes out of your eye balls:bawling:

hope to c u well again :) have a speedy recovery.

here you go, try this one out ;)

http://www.soft32.com/download-CWShredder-19014-5.html

here you go, try this one out ;)

http://www.soft32.com/download-CWShredder-19014-5.html

Won't do him any good if he can't get to safe mode....BTW LaSh has the same bug, he can't get to safe mode either. It will say safe mode but there will be no start button or anything else on the screen.

Have your two (Pure and LaSh) computers not been practicing safe sex???

:down: game over! :down:

I lost internet connection today, the thing has beaten me bad.

Installing a clean version of XP pro and am saying a prayer that Thundarr has better luck.

Thanks to everyone for trying to help. ;)

Have your two (Pure and LaSh) computers not been practicing safe sex???

LOL & BTW Both of you were at that LAN right, I wonder if you both could've picked up the bug then?

well, I'm on Firefox and I have my basic drivers, antivirus installed, no games or printers.... glad the big stuff is done.
LaSH :down: sorry bro, this thing was bad ass. also nailed my old p-4 system that's now off the network :mad:

hey pure, have you tried running the mikesoft malicious spyware removal tool?
it isn't enought to download it, and I don't see that it makes a menu item.
you can run it though from the microsoft website...

http://www.microsoft.com/security/malwareremove/default.mspx

(the windows update version is supposed to run on the 2nd of every month and then delete itself)