RE: Spyware becomes increasingly malicious
Sean Donelan wrote: Spyware isn't the best term for what is happening, but it is quickly exceeding (or contributing) to all the other problems associated with the online (not just Internet) world.
Indeed. Lately, I have not been able to clean a very annoying piece of crud named "CoolWebSearch". Spybot will not always detect and never remove; Ad-aware will likely detect but not remove either. None of the other crapware removers I have tried could clean the machine either. I have instructed helpdesk not to waste any time with it and systematically re-image the infected PC :-( Fortunately, re-imaging a PC is now a matter of minutes. Michel.
On Sun, 11 Jul 2004 20:24:19 -0700, Michel Py wrote:
None of the other crapware removers I have tried could clean the machine either.
Try Bazooka spyware detector from <http://www.kephyr.com/>. This detected for me a bunch of malware neither Spybot nor Adaware caught. Jeffrey Race
----- Original Message ----- From: "Michel Py" <michel@arneill-py.sacramento.ca.us> To: "Sean Donelan" <sean@donelan.com>; <nanog@merit.edu> Sent: Sunday, July 11, 2004 5:24 PM Subject: RE: Spyware becomes increasingly malicious
Indeed. Lately, I have not been able to clean a very annoying piece of crud named "CoolWebSearch". Spybot will not always detect and never remove; Ad-aware will likely detect but not remove either. None of the other crapware removers I have tried could clean the machine either.
You're right...it can be a sob to remove. CWShredder has worked well for me. http://www.spywareinfo.com/~merijn/cwschronicles.html --Michael
Try booting into safe mode before running software to detect or remove spyware; some of them fight to survive if they are running, dunno if it is the case with CoolWebSearch. Rubens ----- Original Message ----- From: "Michel Py" <michel@arneill-py.sacramento.ca.us> To: "Sean Donelan" <sean@donelan.com>; <nanog@merit.edu> Sent: Monday, July 12, 2004 12:24 AM Subject: RE: Spyware becomes increasingly malicious
Sean Donelan wrote: Spyware isn't the best term for what is happening, but it is quickly exceeding (or contributing) to all the other problems associated with the online (not just Internet) world.
Indeed. Lately, I have not been able to clean a very annoying piece of crud named "CoolWebSearch". Spybot will not always detect and never remove; Ad-aware will likely detect but not remove either. None of the other crapware removers I have tried could clean the machine either. I have instructed helpdesk not to waste any time with it and systematically re-image the infected PC :-( Fortunately, re-imaging a PC is now a matter of minutes. Michel.
RKJ> Date: Mon, 12 Jul 2004 01:43:50 -0300 RKJ> From: Rubens Kuhl Jr. RKJ> Try booting into safe mode before running software to detect RKJ> or remove spyware; some of them fight to survive if they are Also use msconfig to disable non-critical extras. Some of us have manually ripped out ActiveX controls and BHOs care of regedit... but, alas, malware often has made enough registry and other system changes that the system is left unstable or inoperable. CVs archives of { { system file MD5/SHA1 hashes } and { registry dumps } }, anyone? Eddy -- EverQuick Internet - http://www.everquick.net/ A division of Brotsman & Dreger, Inc. - http://www.brotsman.com/ Bandwidth, consulting, e-commerce, hosting, and network building Phone: +1 785 865 5885 Lawrence and [inter]national Phone: +1 316 794 8922 Wichita _________________________________________________________________ DO NOT send mail to the following addresses: davidc@brics.com -*- jfconmaapaq@intc.net -*- sam@everquick.net Sending mail to spambait addresses is a great way to get blocked.
coolwebsearch has become more and more sneaky..so bad that development of cws shredder has been abandoned by its developer....Either serious lock down you ie(which with CWS is not going to help) or use something other than ie. Edward B. Dreger wrote:
RKJ> Date: Mon, 12 Jul 2004 01:43:50 -0300 RKJ> From: Rubens Kuhl Jr.
RKJ> Try booting into safe mode before running software to detect RKJ> or remove spyware; some of them fight to survive if they are
Also use msconfig to disable non-critical extras. Some of us have manually ripped out ActiveX controls and BHOs care of regedit... but, alas, malware often has made enough registry and other system changes that the system is left unstable or inoperable.
CVs archives of { { system file MD5/SHA1 hashes } and { registry dumps } }, anyone?
Eddy -- EverQuick Internet - http://www.everquick.net/ A division of Brotsman & Dreger, Inc. - http://www.brotsman.com/ Bandwidth, consulting, e-commerce, hosting, and network building Phone: +1 785 865 5885 Lawrence and [inter]national Phone: +1 316 794 8922 Wichita _________________________________________________________________ DO NOT send mail to the following addresses: davidc@brics.com -*- jfconmaapaq@intc.net -*- sam@everquick.net Sending mail to spambait addresses is a great way to get blocked.
-- My "Foundation" verse: Isa 54:17 No weapon that is formed against thee shall prosper; and every tongue that shall rise against thee in judgment thou shalt condemn. This is the heritage of the servants of the LORD, and their righteousness is of me, saith the LORD. -- carpe ductum -- "Grab the tape"
----- Original Message ----- From: "William Warren" <hescominsoon@emmanuelcomputerconsulting.com> To: <nanog@merit.edu> Sent: Monday, July 12, 2004 10:04 PM Subject: Re: Spyware becomes increasingly malicious
coolwebsearch has become more and more sneaky..so bad that development of cws shredder has been abandoned by its developer....Either serious lock down you ie(which with CWS is not going to help) or use something other than ie.
Are you honestly serious? I came up against it for the first time only about 3 days ago and I got rid of it in 10 minutes! I can see how it would be a problem for a newbie but it shouldn't be anything more than 10 minutes work for anyone here with Windows experience. Greg.
On Mon, 12 Jul 2004, William Warren wrote:
coolwebsearch has become more and more sneaky..so bad that development of cws shredder has been abandoned by its developer....Either serious lock down you ie(which with CWS is not going to help) or use something other than ie.
http://www.securityfocus.com/news/8998 "Jun 28 2004 7:38AM US CERT (the US Computer Emergency Readiness Team), is advising people to ditch Internet Explorer and use a different browser after the latest security vulnerability in the software was exposed" http://www.eweek.com/article2/0,1759,1622344,00.asp "July 12, 2004 In the wake of last week's revelation of a security hole in Mozilla that allows the execution of arbitrary programs on the client system a philosophical debate has emerged: Is this a bug in Mozilla or a bug in Windows?" -- William Leibzon Elan Networks william@elan.net
----- Original Message ----- From: "Michel Py" <michel@arneill-py.sacramento.ca.us> To: "Sean Donelan" <sean@donelan.com>; <nanog@merit.edu> Sent: Monday, July 12, 2004 1:24 PM Subject: RE: Spyware becomes increasingly malicious
Indeed. Lately, I have not been able to clean a very annoying piece of crud named "CoolWebSearch".
Look I am not attempting to be flippant but do yourself a favour and download HiJackThis and check out the registry entries that show up. It is quite obvious how to remove it the moment you do that. As I said in my last letter, it is all of 10 minutes' work if that. I cant even remember what the damned registry entries were, now but it all comes in via SmilyeyCentral (possibly other progs) so anyone annoyed by CoolWebSearch has to block installation of that program. Greg.
participants (8)
-
Dr. Jeffrey Race
-
Edward B. Dreger
-
Gregh
-
Michael Painter
-
Michel Py
-
Rubens Kuhl Jr.
-
William Warren
-
william(at)elan.net