Jump to content


Photo

I got rid of cws search.x and about blank


  • Please log in to reply
2 replies to this topic

#1 vyunda

vyunda

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 02 July 2004 - 10:38 AM

I am listing everything I have done in the last six days to get rid of the hijacker,what ever I did got rid of it.
I noticed my web page changed so I tried to set it back..kept resetting to about blank,then Microsoft money kept trying to instal itself so I uninstalled the program..fixed that.Ran ad-aware..found registry keys from cool www search,alexa and cws,deleted those..came back so I ran spybot,norton and ad-aware again,came up clean but my home page was still changed.So I searched about blank and found this board,I read about cws shredder,spysweeper,buster and hijack this,downloaded the programs and read the results..there were registry keys in current user and local machine.Read the test results from these programs and it shows you where in the registry this hijacker hides,find the keys and delete them.Run ad-aware,cws shredder and hijack this again.Still there?Of course it is,I read somewhere here about deleting a hiding registry key that keeps it loading,I did that started in safe mode,deleted all the registry keys that showed up in the scan results from all the programs listed above.It still came back,so I checked msconfig to see if it in the start up but nothing was showing so I checked under the boot.ini and there was an entry that didn't look right,it had something to do with system recovery,so I clicked on check all boot paths and it said that was uneeded,so i deleted it,restarted ran hijack this and adware and cws shredder..it was clean.Deleted all the registry keys again.But it came back the next day.I checked cnet for a hijack program,nothing I didn't already use,so I searched there site for a fix and found one.It's a free virus checker called AVG anti virus 6.0 it found a backdoor trojan in the system 32 folder..now I seen this when I used the buster program but it couldn't fix it but it was a windows protected file so I didn't think anything of it.I ran the AVG antivirus program and it found Trojan horse backdoor.agent.ba in the LOG.DLL but it couldn't fix it so I opened the system 32 folder and when I put my mouse over the log.dll and avg warned there was a virus in there...yea I found it,now my problem was figuring out how to get it out.So I dragged it to my desktop put it in a new folder,ran avg again and it got it!Virus gone!!I ran all the spyware programs again..clean nothing was there,the registry still had a few keys left so I deleted those,restarted and it was gone.My notepad was still screwed up so I ran ashampoo win optimizer (One click fix)Now I have my notepad back and still virus clean.
Here are a few other things I did..not sure if it helped but it may have.
I uninstalled Internet Explorer,turned off system restore,deleted anything that had to do with Notepad.exe,uninstalled realone player because the hijackers address was popping up in real player,ran disk cleanup constantly,deleted every registry key that showed up in hijack this cws shredder adaware and spysweeper constantly in safe mode and normal startup,deleted the boot.ini system recovery.
I'm sure I forgot to mention a few things but when I remember I put them here.
Any questions?

#2 xpy1999

xpy1999

    Member

  • Full Member
  • Pip
  • 12 posts

Posted 02 July 2004 - 10:47 AM

in short words, use AVG anti virus, I guess.

#3 vyunda

vyunda

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 02 July 2004 - 10:58 AM

Could be..I don't know.That was the last thing I did,so I can't say for sure if it would get rid of everything that came with the trojan.If it does,it sure would save alot of trouble fixing everything.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button