Jump to content


Photo

new CWS variant?


  • Please log in to reply
1 reply to this topic

#1 CWSsucks

CWSsucks

    Member

  • New Member
  • Pip
  • 1 posts

Posted 26 July 2004 - 09:22 PM

i started to get a lot of pop-ups and my start-up page changed. i ran ad-aware and it found cool web search. i deleted it but the pop-ups continued. i ran the lateset version of CWS shredder but it said nothin was wrong. then i ran hijackthis... and here were the objects i found:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\igjti.dll/sp.html#26512
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://igjti.dll/index.html#26512
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://igjti.dll/index.html#26512
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\igjti.dll/sp.html#26512
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://igjti.dll/index.html#26512
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\igjti.dll/sp.html#26512
O2 - BHO: (no name) - {33AC10E4-94BE-C3D0-855D-41F27DCEDD3D} - C:\WINDOWS\system32\msma.dll

the bho name seems to change...it says msma.dll at da end but when i deleted it and it reappeared but it says winen.dll now...

...every time i deleted them it made a back-up on my desktop and about 20-30 sec later i ran hijackthis again and it showed these objects again.
i went 2 Merijin.org but didnt list these objects on any of the CWS variants.
Is it a new CWs variant? If not how can i get rid of it??

oh BTW im not sure this is important but when i try to update CWS shredder it freezes up...but it eventually updates. oh ya also when i close the da program and open it again it says i have a varient of Cws Smart Search but i downloaded a program from merijin.org and it says i dun have Smart Search version 1 or 2.

im so confused...

#2 mmxx66

mmxx66

    The SWI drummer

  • Retired Staff
  • PipPipPipPipPip
  • 4,412 posts

Posted 27 July 2004 - 01:38 PM

Can you post the complete log. please.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button