• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
BriosCometfyre

Hijacked, CoolWebSearch

8 posts in this topic

:grrr: Not exactly sure what is going on but every time i try to use the internet my homepage is changed. I read some of the other posts and did some of the reccomended things and still cant figure this out. Ad-aware, spy sweeper and other things keep finding CoolWWW and deleting it but it keeps coming back. Here are my Buster logs and Hijackthis logs. Any help in fixing this is much appreciated. Also, i am constantly getting popups, mostly saying that i have spyware on my computer, annoying porn is also popping up, and im not sure why. Some of the things listed in my scans are DyFuCA, CoolWWW, WildTangent, Kontiki, Doubleclick Inc., Cydoor, Coolwebsearch, 00hq, SubmitHook and a few others. I also get a thing called Alexa Toolbar occasionally, and Minibug/Weatherbug, neither of which i want or need.

 

Sorry for the edit but i have a new problem. like 20% of the time when i open the internet it takes me to some about:blank site, and like 70% of the time it takes me to google, so only maybe 1 out of 10 times does my normal homepage open, i have no idea what any of this means or how to fix it.

 

 

-- Scan 1 --------

About:Buster Version 1.26

Removed! : C:\WINDOWS\System32\hbcmdo.dll

Removed! : C:\WINDOWS\System32\bkldbk.dll

Removed! : C:\WINDOWS\System32\olfcn.dll

Removed! : C:\WINDOWS\System32\nogid.dll

Removed! : C:\WINDOWS\System32\nbedl.dll

Attempted Clean Of Temp folder.

Pages Reset... Done!

 

-- Scan 2 --------

About:Buster Version 1.26

Attempted Clean Of Temp folder.

Pages Reset... Done!

 

 

Logfile of HijackThis v1.97.7

Scan saved at 4:42:12 PM, on 7/9/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe <---Occasionally on start up like 50 of these are open, not sure if that means anything.

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\EPSON\ESM2\eEBSVC.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\PROGRA~1\NORTON~1\navapw32.exe

C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\AIM95\aim.exe

C:\HJT\HijackThis.exe

 

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe

O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl

O4 - HKCU\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE

O4 - HKCU\..\Run: [spyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup

O4 - HKCU\..\Run: [Adware Spy] C:\Program Files\AdwareSpy\AdwareSpy.exe

O4 - Global Startup: EPSON Background Monitor.lnk = C:\Program Files\EPSON\ESM2\STMS.exe

O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: AIM (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)

O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab

O16 - DPF: {8E28B3A9-FE83-45D1-B657-D5426B81A121} (CustomerCtrl Class) - http://cs1b.instantservice.com/jars/customerxsigned35.cab

O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {B3872502-F9FD-4E96-93FF-0D37298F0689} (SOESysInfo Control) - http://everquest2.station.sony.com/beta_reg/soesysinfo.cab

O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) - http://kr.pristontale.com/nprotect/nprotect/npx.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v5.cab

 

Every , morning when i wake up, everything i got rid of the day before, including new about:buster entries, all comes back.Please help!!!!

Edited by BriosCometfyre

Share this post


Link to post
Share on other sites

hi

 

just a month ago, i had this same problem, although im quite certain it was a different virus. it redirected my homepage etc...it sounds like you've got alot of problems there...im not too great at fixing computers but i'll share with you what i did and maybe it will work for u too. (im not sure how much you know about computers so if you already tried these things i apologize)

 

first of all, what operating system are you running? windows 98, winXP? try doing a search on the spyware programs with the find files optiion in the start menu. type in their names and find out what folders there in and try to delete them. also, go to your start menu, go to "run", and type in "regedit.exe" (without the quotes.) once your in regedit, go to "Hkey Classes Root" (it should be the first one) and scroll down through there until you come to the folders (the actual named folders) try to see if you can find any folder thats spyware, if you do, then delete it. sometimes this works.

 

also, go back to the start menu, and back to "run" and type in msconfig.exe and run that. go to the last tab that says startup. there will be all sorts of programs in there. if you find any of the spywares that you mentioned, then uncheck them. you will need to restart your computer.

 

i hope some of this will help you, but to be honest i dont think it will, being as it sounds like what you have is hidden in your computer and checks the regestry each time you turn on the computer to make sure it wasnt deleted, and if it was, it just starts it back up. when i had this virus, i used hijackthis.exe and it wiped it out so if that didnt work for you i dont know what else you can try. i currnently have another really nasty virus and i cant get rid of it for the life of me. grr/

 

good luck

Edited by darksilvertears

Share this post


Link to post
Share on other sites

thanks for trying to help dark, tried all that, rescanned, rebooted, blah blah... still came back a few minutes later, with a lot more lol, ad aware found like 200 things.

 

Also i tried using Trojanhunter just for the chance it might find a few things and maybe minimize the problem during the wait and it said all this, not sure how to proceed with any of it though.

 

Registry scan

No suspicious entries found

Inifile scan

No suspicious entries found

Port scan

Port 1784/TCP is open (Matches Snid.120. Port being used by process svchost.exe/PID 860) (Tell me more about port alerts...)

Port 1784/TCP is open (Matches Snid.212. Port being used by process svchost.exe/PID 860) (Tell me more about port alerts...)

Memory scan

No trojans found in memory

File scan

Warning: Unable to unpack UPX-packed file C:\Program Files\AdbeRdr60_enu_full.exe (Add to ignore list)

Found possible trojan file: C:\WINDOWS\Downloaded Program Files\UGO20.exe (Possible trojan downloader) (What's a possible trojan file?) (Submit for analysis...) (Add to ignore list)

1 possible trojan files found

Share this post


Link to post
Share on other sites

Ad-Aware still finding lots of CoolWebSearch and other stuff, and this is like 30 mins after a a prior scan...

 

Lavasoft Ad-aware Personal Build 6.181

Logfile created on :Monday, July 12, 2004 10:13:19 AM

Created with Ad-aware Personal, free for private use.

Using reference-file :01R331 08.07.2004

______________________________________________________

 

Reffile status:

=========================

Reference file loaded:

Reference Number : 01R331 08.07.2004

Internal build : 263

File location : C:\PROGRA~1\Lavasoft\AD-AWA~1\reflist.ref

Total size : 1300142 Bytes

Signature data size : 1279388 Bytes

Reference data size : 20690 Bytes

Signatures total : 28395

Target categories : 10

Target families : 519

 

Memory + processor status:

==========================

Number of processors : 1

Processor architecture : Intel Pentium IV

Memory available:80 %

Total physical memory:1047564 kb

Available physical memory:830376 kb

Total page file size:2521396 kb

Available on page file:1842588 kb

Total virtual memory:2097024 kb

Available virtual memory:2044496 kb

OS:

 

Ad-aware Settings

=========================

Set : Activate in-depth scan (Recommended)

Set : Safe mode (always request confirmation)

Set : Scan active processes

Set : Scan registry

Set : Deep scan registry

Set : Scan my IE Favorites for banned URLs

Set : Scan within archives

Set : Scan my Hosts file

 

Extended Ad-aware Settings

=========================

Set : Unload recognized processes during scanning

Set : Include basic Ad-aware settings in logfile

Set : Include additional Ad-aware settings in logfile

Set : Automatically try to unregister objects prior to deletion

Set : Let windows remove files in use at next reboot

Set : Delete quarantined objects after restoring

Set : Always back up reference file, before updating

Set : Play sound if scan produced a result

 

 

7-12-2004 10:13:19 AM - Scan started. (Custom mode)

 

Listing running processes

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

 

#:1 [smss.exe]

FilePath : \SystemRoot\System32\

ThreadCreationTime : 7-9-2004 10:55:39 PM

BasePriority : Normal

 

 

#:2 [csrss.exe]

FilePath : \??\C:\WINDOWS\system32\

ThreadCreationTime : 7-9-2004 10:55:42 PM

BasePriority : Normal

 

 

#:3 [winlogon.exe]

FilePath : \??\C:\WINDOWS\system32\

ThreadCreationTime : 7-9-2004 10:55:43 PM

BasePriority : High

 

 

#:4 [services.exe]

FilePath : C:\WINDOWS\system32\

ThreadCreationTime : 7-9-2004 10:55:44 PM

BasePriority : Normal

FileSize : 99 KB

FileVersion : 5.1.2600.0 (xpclient.010817-1148)

ProductVersion : 5.1.2600.0

CompanyName : Microsoft Corporation

FileDescription : Services and Controller app

InternalName : services.exe

OriginalFilename : services.exe

ProductName : Microsoft

Created on : 8/18/2001 12:00:00 PM

Last accessed : 7/12/2004 3:58:13 PM

Last modified : 8/18/2001 12:00:00 PM

 

#:5 [lsass.exe]

FilePath : C:\WINDOWS\system32\

ThreadCreationTime : 7-9-2004 10:55:44 PM

BasePriority : Normal

FileSize : 11 KB

FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)

ProductVersion : 5.1.2600.1106

CompanyName : Microsoft Corporation

FileDescription : LSA Shell (Export Version)

InternalName : lsass.exe

OriginalFilename : lsass.exe

ProductName : Microsoft

Created on : 8/18/2001 12:00:00 PM

Last accessed : 7/12/2004 3:58:13 PM

Last modified : 8/29/2002 10:41:26 AM

 

#:6 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ThreadCreationTime : 7-9-2004 10:55:45 PM

BasePriority : Normal

FileSize : 12 KB

FileVersion : 5.1.2600.0 (xpclient.010817-1148)

ProductVersion : 5.1.2600.0

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

OriginalFilename : svchost.exe

ProductName : Microsoft

Created on : 8/18/2001 12:00:00 PM

Last accessed : 7/12/2004 3:58:13 PM

Last modified : 8/18/2001 12:00:00 PM

 

#:7 [svchost.exe]

FilePath : C:\WINDOWS\System32\

ThreadCreationTime : 7-9-2004 10:55:45 PM

BasePriority : Normal

FileSize : 12 KB

FileVersion : 5.1.2600.0 (xpclient.010817-1148)

ProductVersion : 5.1.2600.0

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

OriginalFilename : svchost.exe

ProductName : Microsoft

Created on : 8/18/2001 12:00:00 PM

Last accessed : 7/12/2004 3:58:13 PM

Last modified : 8/18/2001 12:00:00 PM

 

#:8 [svchost.exe]

FilePath : C:\WINDOWS\System32\

ThreadCreationTime : 7-9-2004 10:55:46 PM

BasePriority : Normal

FileSize : 12 KB

FileVersion : 5.1.2600.0 (xpclient.010817-1148)

ProductVersion : 5.1.2600.0

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

OriginalFilename : svchost.exe

ProductName : Microsoft

Created on : 8/18/2001 12:00:00 PM

Last accessed : 7/12/2004 3:58:13 PM

Last modified : 8/18/2001 12:00:00 PM

 

#:9 [svchost.exe]

FilePath : C:\WINDOWS\System32\

ThreadCreationTime : 7-9-2004 10:55:47 PM

BasePriority : Normal

FileSize : 12 KB

FileVersion : 5.1.2600.0 (xpclient.010817-1148)

ProductVersion : 5.1.2600.0

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

OriginalFilename : svchost.exe

ProductName : Microsoft

Created on : 8/18/2001 12:00:00 PM

Last accessed : 7/12/2004 3:58:13 PM

Last modified : 8/18/2001 12:00:00 PM

 

#:10 [explorer.exe]

FilePath : C:\WINDOWS\

ThreadCreationTime : 7-10-2004 4:26:54 AM

BasePriority : Normal

FileSize : 980 KB

FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)

ProductVersion : 6.00.2800.1106

CompanyName : Microsoft Corporation

FileDescription : Windows Explorer

InternalName : explorer

OriginalFilename : EXPLORER.EXE

ProductName : Microsoft

Created on : 6/18/2003 3:03:41 PM

Last accessed : 7/12/2004 3:58:13 PM

Last modified : 8/29/2002 10:41:24 AM

 

#:11 [ctfmon.exe]

FilePath : C:\WINDOWS\System32\

ThreadCreationTime : 7-10-2004 3:33:39 PM

BasePriority : Normal

FileSize : 13 KB

FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)

ProductVersion : 5.1.2600.1106

CompanyName : Microsoft Corporation

FileDescription : CTF Loader

InternalName : CTFMON

OriginalFilename : CTFMON.EXE

ProductName : Microsoft

Created on : 6/18/2003 3:02:15 PM

Last accessed : 7/12/2004 3:58:13 PM

Last modified : 8/29/2002 10:41:22 AM

 

#:12 [spysweeper.exe]

FilePath : C:\Program Files\Webroot\Spy Sweeper\

ThreadCreationTime : 7-11-2004 10:46:45 PM

BasePriority : Normal

FileSize : 649 KB

FileVersion : 2.6.1.45

ProductVersion : 1.0.0.0

Copyright : Copyright © 2001-2003 Webroot Software, Inc.

CompanyName : Webroot Software, Inc.

FileDescription : Spy Sweeper

ProductName : Spy Sweeper

Created on : 7/7/2004 4:10:32 PM

Last accessed : 7/12/2004 3:56:42 PM

Last modified : 2/13/2004 10:52:36 PM

 

#:13 [ad-aware.exe]

FilePath : C:\PROGRA~1\Lavasoft\AD-AWA~1\

ThreadCreationTime : 7-12-2004 4:13:12 PM

BasePriority : Normal

FileSize : 668 KB

FileVersion : 6.0.1.181

ProductVersion : 6.0.0.0

Copyright : Copyright

CompanyName : Lavasoft Sweden

FileDescription : Ad-aware 6 core application

InternalName : Ad-aware.exe

OriginalFilename : Ad-aware.exe

ProductName : Lavasoft Ad-aware Plus

Created on : 7/5/2004 4:48:00 PM

Last accessed : 7/12/2004 4:13:12 PM

Last modified : 7/13/2003 3:00:20 AM

 

Memory scan result :

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

New objects : 0

Objects found so far: 0

 

 

Started registry scan

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

 

Registry scan result :

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

New objects : 0

Objects found so far: 0

 

 

Started deep registry scan

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Possible browser hijack attempt : .Default\Software\Microsoft\Internet Explorer\MainStart Pageabout:blank

 

Possible Browser Hijack attempt Object recognized!

Type : RegData

Data : "about:blank"

Category : Data Miner

Comment : Possible browser hijack attempt

Rootkey : HKEY_USERS

Object : .Default\Software\Microsoft\Internet Explorer\Main

Value : Start Page

Data : "about:blank"

 

Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainSearch Pagetemp\sp.html

 

Possible Browser Hijack attempt Object recognized!

Type : RegData

Data : "file://C:\DOCUME~1\BRYAN\LOCALS~1\Temp\sp.html"

Category : Data Miner

Comment : Possible browser hijack attempt

Rootkey : HKEY_CURRENT_USER

Object : Software\Microsoft\Internet Explorer\Main

Value : Search Page

Data : "file://C:\DOCUME~1\BRYAN\LOCALS~1\Temp\sp.html"

 

Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainSearch Bartemp\sp.html

 

Possible Browser Hijack attempt Object recognized!

Type : RegData

Data : "file://C:\DOCUME~1\BRYAN\LOCALS~1\Temp\sp.html"

Category : Data Miner

Comment : Possible browser hijack attempt

Rootkey : HKEY_CURRENT_USER

Object : Software\Microsoft\Internet Explorer\Main

Value : Search Bar

Data : "file://C:\DOCUME~1\BRYAN\LOCALS~1\Temp\sp.html"

 

Possible browser hijack attempt : Software\Microsoft\Internet Explorer\SearchSearchAssistanttemp\sp.html

 

Possible Browser Hijack attempt Object recognized!

Type : RegData

Data : "file://C:\DOCUME~1\BRYAN\LOCALS~1\Temp\sp.html"

Category : Data Miner

Comment : Possible browser hijack attempt

Rootkey : HKEY_CURRENT_USER

Object : Software\Microsoft\Internet Explorer\Search

Value : SearchAssistant

Data : "file://C:\DOCUME~1\BRYAN\LOCALS~1\Temp\sp.html"

 

Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainSearch Pagetemp\sp.html

 

Possible Browser Hijack attempt Object recognized!

Type : RegData

Data : "file://C:\DOCUME~1\BRYAN\LOCALS~1\Temp\sp.html"

Category : Data Miner

Comment : Possible browser hijack attempt

Rootkey : HKEY_LOCAL_MACHINE

Object : Software\Microsoft\Internet Explorer\Main

Value : Search Page

Data : "file://C:\DOCUME~1\BRYAN\LOCALS~1\Temp\sp.html"

 

Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainSearch Bartemp\sp.html

 

Possible Browser Hijack attempt Object recognized!

Type : RegData

Data : "file://C:\DOCUME~1\BRYAN\LOCALS~1\Temp\sp.html"

Category : Data Miner

Comment : Possible browser hijack attempt

Rootkey : HKEY_LOCAL_MACHINE

Object : Software\Microsoft\Internet Explorer\Main

Value : Search Bar

Data : "file://C:\DOCUME~1\BRYAN\LOCALS~1\Temp\sp.html"

 

Possible browser hijack attempt : Software\Microsoft\Internet Explorer\SearchSearchAssistanttemp\sp.html

 

Possible Browser Hijack attempt Object recognized!

Type : RegData

Data : "file://C:\DOCUME~1\BRYAN\LOCALS~1\Temp\sp.html"

Category : Data Miner

Comment : Possible browser hijack attempt

Rootkey : HKEY_LOCAL_MACHINE

Object : Software\Microsoft\Internet Explorer\Search

Value : SearchAssistant

Data : "file://C:\DOCUME~1\BRYAN\LOCALS~1\Temp\sp.html"

 

Possible browser hijack attempt : .Default\Software\Microsoft\Internet Explorer\MainSearch Pagetemp\sp.html

 

Possible Browser Hijack attempt Object recognized!

Type : RegData

Data : "file://C:\WINDOWS\TEMP\sp.html"

Category : Data Miner

Comment : Possible browser hijack attempt

Rootkey : HKEY_USERS

Object : .Default\Software\Microsoft\Internet Explorer\Main

Value : Search Page

Data : "file://C:\WINDOWS\TEMP\sp.html"

 

Possible browser hijack attempt : .Default\Software\Microsoft\Internet Explorer\MainSearch Bartemp\sp.html

 

Possible Browser Hijack attempt Object recognized!

Type : RegData

Data : "file://C:\WINDOWS\TEMP\sp.html"

Category : Data Miner

Comment : Possible browser hijack attempt

Rootkey : HKEY_USERS

Object : .Default\Software\Microsoft\Internet Explorer\Main

Value : Search Bar

Data : "file://C:\WINDOWS\TEMP\sp.html"

 

Possible browser hijack attempt : .Default\Software\Microsoft\Internet Explorer\SearchSearchAssistanttemp\sp.html

 

Possible Browser Hijack attempt Object recognized!

Type : RegData

Data : "file://C:\WINDOWS\TEMP\sp.html"

Category : Data Miner

Comment : Possible browser hijack attempt

Rootkey : HKEY_USERS

Object : .Default\Software\Microsoft\Internet Explorer\Search

Value : SearchAssistant

Data : "file://C:\WINDOWS\TEMP\sp.html"

 

 

CoolWebSearch Object recognized!

Type : RegKey

Data :

Category : Malware

Comment : c:\windows\system32\bkldbk.dll

Rootkey : HKEY_CLASSES_ROOT

Object : CLSID\{16EBD877-B7B7-4397-B1D8-B3B84A414DE9}

 

 

CoolWebSearch Object recognized!

Type : File

Data : bkldbk.dll

Category : Malware

Comment :

Object : c:\windows\system32\

FileSize : 30 KB

Created on : 7/12/2004 5:07:14 AM

Last accessed : 7/12/2004 3:58:20 PM

Last modified : 7/12/2004 5:07:14 AM

 

 

 

CoolWebSearch Object recognized!

Type : RegKey

Data :

Category : Malware

Comment : c:\windows\system32\bkldbk.dll

Rootkey : HKEY_CLASSES_ROOT

Object : PROTOCOLS\Filter\text/html

 

 

CoolWebSearch Object recognized!

Type : RegKey

Data :

Category : Malware

Comment : c:\windows\system32\bkldbk.dll

Rootkey : HKEY_CLASSES_ROOT

Object : PROTOCOLS\Filter\text/plain

 

 

Deep registry scan result :

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

New objects : 13

Objects found so far: 14

 

 

Deep scanning and examining files (C:)

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

 

Disk scan result for C:\

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

New objects : 0

Objects found so far: 14

 

 

Scanning Hosts file(C:\WINDOWS\System32\drivers\etc\hosts)

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

 

Hosts file scan result:

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

1 entries scanned.

New objects :0

Objects found so far: 14

 

 

 

 

Performing conditional scans..

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

 

CoolWebSearch Object recognized!

Type : File

Data : sp.html

Category : Malware

Comment :

Object : c:\docume~1\bryan\locals~1\temp\

FileSize : 7 KB

Created on : 7/11/2004 11:56:26 PM

Last accessed : 7/12/2004 4:13:53 PM

Last modified : 7/12/2004 4:13:53 PM

 

 

 

Conditional scan result:

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

New objects : 1

Objects found so far: 15

 

 

10:42:08 AM Scan complete

 

Summary of this scan

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Total scanning time :00:28:40:204

Objects scanned :182524

Objects identified :15

Objects ignored :0

New objects :15

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0