I did remove this along with running CWShredder. And thought that if it did come back that it would be another randomly generated name. However it came back and has the same name. If you wish i will post the source of this html file, but I figured you wouldn't want me to seeing as it is just the coding behind the CWS page and you probably have that lying around somewhere. Just wanted to let you know. I have no idea how new the "sp.html" case is but if you didnt know then now you do. I will be checking back for your response! THANKS!
F:\Documents and Settings\Evil Trigun\Local Data\Temp\sp.html
CWS update (I think)
1 reply to this topic
Posted 12 June 2004 - 09:15 PM
Ok I have been battling CoolWebSearch for a while now and have been using CWShredder the whole time. My system happens to be infected with the SearchX varient of this "virus". Currently I am using a program that not only Removes BHO's (something that CWS is connected to and I dont know how) but tells me when CWS has made changes and helps remove them. (not the actual files or keys, JUST THE CHANGES). This piece of software is called MRU Blaster (found it on the same site as SpywareGuard). Well I found something reoccurring with the CWS "virus". Some of which may be known and another I noticed this morning. The first of which was that CWS uses a dll file that has a randomly generated name and places it in the System32 directory. But the peculiar thing that I found was that it made a html file in my temp directory: IE
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users