Jump to content


Photo

Jksearch


  • Please log in to reply
4 replies to this topic

#1 Zulu

Zulu

    Member

  • New Member
  • Pip
  • 3 posts

Posted 24 June 2004 - 11:40 PM

I recently downloaded CWShredder v1.59.0 and it detects/removes the Jksearch trojan on my power user account on Windows 2000 professional. Every time I run the scan Jksearch reappears and is again removed by the shredder. Jksearch doesn't appear on my administrator account. After checking various forums on this topic, I learned that I needed to use the clear.reg file to clean the registry and then remove the system32.dll to get rid of the trojan. I cleared the registry, but I couldn't find the system32.dll. This led me to the conclusion that I don't have Jksearch. Adware, spybot, cleaner, tauscan, and hijackthis don't show any sign of the trojan. What is going on? Is my shredder interfering with other anti-spyware programs? Here is my hijackthis log file:

Logfile of HijackThis v1.97.7
Scan saved at 8:30:09 PM, on 6/24/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\Explorer.EXE
C:\Program Files\Agnitum\Tauscan 1.7\Taumon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\NavNT\vptray.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\Program Files\SMC\SMC2835W 54 Mbps WLAN Utility\SMCUTIL.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINNT\system32\cmd.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\The Cleaner\mzN3OIby2Vn7RG.exe
C:\Program Files\The Cleaner\vwasdg5.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\k\Desktop\hijack this\HijackThis.exe

O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Tau Monitor] C:\Program Files\Agnitum\Tauscan 1.7\Taumon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: SMC2835W 54 Mbps WLAN Utility.lnk = C:\Program Files\SMC\SMC2835W 54 Mbps WLAN Utility\SMCUTIL.exe
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - http://download.macr...re/awswax65.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://autos.msn.com...id/MSSurVid.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...7988.3059143519
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft.../20/SassCln.CAB
O16 - DPF: {BB47CA33-8B4D-11D0-9511-00C04FD9152D} (ExteriorSurround Object) - http://autos.msn.com...ior/Outside.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab

#2 Zulu

Zulu

    Member

  • New Member
  • Pip
  • 3 posts

Posted 25 June 2004 - 06:58 PM

I need help!!! Hello?? CWShredder is detecting CWS.Jksearch

#3 Zulu

Zulu

    Member

  • New Member
  • Pip
  • 3 posts

Posted 28 June 2004 - 07:42 PM

I downloaded the new version of Shredder (1.59.1) and it is still detecting CWS.Jksearch. It has to be a false positive. Please help!!

#4 meandor

meandor

    meandor

  • Full Member
  • Pip
  • 60 posts

Posted 09 July 2004 - 10:57 PM

meandor here, I'm another one that has CWS.Jksearch returning .
CWShredder v1.59.1 detects it, says it's removed, but always shows on next scan, which again says it's been removed. I have had .Jksearch
in the past but it was removed each time with CWshredder and stayed away. This problem has just begun today. July9
Nothing new shows in HijackThis 1.97.7 scan, everything has been accounted for. AdAware 6 with latest update is clear, as is Spy-bot 1.3
I'm running XP Home with SP1 using IE 6 all MS patches are up to date.
I still have MS VM in place but have installed the latest Java Script from Sun Microsystems. I see I'm not alone with this problem, but haven't seen any postings with solutions. Help please

#5 meandor

meandor

    meandor

  • Full Member
  • Pip
  • 60 posts

Posted 10 July 2004 - 07:06 PM

Re: CWS.Jkseach returning, my post July 9/04
I was able to solve my problem with .Jksearch continueously showing up after scanning with CWShredder V1.59.1.
I have a lot more respect for Ad-Aware 6.181, this program worked. Instead of running the regular default Ad-Aware search, I set the options for a Custom scan and checked off all search avenues.
Additionally I opened hidden folders, turned off the option to hide protected system files and turned off System Restore. (Win'XP Home). Using the Custom scan found 81 objects of "Hosts file re-directs", which really surprised me as Ad-Aware default scan produced zero objects. After deletion of the 81 re-directs, returning folders and SR to normal I ran CWShredder once again, everything was clear. Gone permanently was CWS.Jksearch.
The URL below is a site I've used many times to help provide directions for solving many issues. There's a lot of good ideas available here.
I hope my suggestion works for others. I''ll remember to keep an eye on my hosts file from now on. Good luck.

http://inetexplorer.....org/Darnit.htm




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button