Jump to content


Cool Web Search log

  • Please log in to reply
3 replies to this topic

#1 SRB



  • New Member
  • Pip
  • 2 posts

Posted 27 June 2004 - 07:40 PM

Hello I recently aquired the Cool Web Search trojan and it is a real pain to get rid of. I have tried all the conventional methods and even ran cws shedder (removes search.x but it always comes back), and its getting realy old. If anyone can help me I greatly apreciate it.

Logfile of HijackThis v1.98.0
Scan saved at 11:05:11 PM, on 6/17/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security Professional\NISUM.EXE
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\CasinoOnline\CsRemnd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\TM1184\ControlUtility\ControlUtility.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Norton Internet Security Professional\ccPxySvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\scoot0-m\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\scoot0-m\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\scoot0-m\LOCALS~1\Temp\sp.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\scoot0-m\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\scoot0-m\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\scoot0-m\LOCALS~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\scoot0-m\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Remndr] "C:\Program Files\CasinoOnline\CsRemnd.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] C:\Valve\Steam\Steam.exe -silent
O4 - Global Startup: Dell Control Utility.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_42.cab

Btw this log is with the trojan fully active.

Ps i did read the faq

Edited by SRB, 28 June 2004 - 06:16 PM.

#2 mme_nrd



  • Full Member
  • Pip
  • 38 posts

Posted 27 June 2004 - 10:56 PM

I had the same problem. This posting helped me solve it:


Hope this helps. Good luck.

#3 SRB



  • New Member
  • Pip
  • 2 posts

Posted 28 June 2004 - 06:13 PM

I doubt that will help as this trojan is very versitile and everyone ive seen with it had unique bad files but thx anyways, ill go ahead and read it.

Edited by SRB, 28 June 2004 - 06:14 PM.

#4 mme_nrd



  • Full Member
  • Pip
  • 38 posts

Posted 28 June 2004 - 07:46 PM

It should help because there is a tool that will fix it. All you have to do is produce the log file which will tell you the unique name of your particular bad file and follow the rest of the steps....

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button