Hello,
My computer is infected with a trojan virus called norio. It started by a hacking file called coolwebsearch, or at least that's what I've found out by running Adaware and Spybot.
Apparantly Norton Antivirus 2005, nor Panda Antivirus are able to do anything about this Trojan. Can anyone help me out? I've been searching the net for a sollution for the last 4 days now (what a way to spend the New Year eh...). Not to say I'm desperate.
Many thanks in advance
Brgds
Thomas O'Malley
| www.coolwebsearch.com, ******s :crazy: | |
|---|---|
| Post #1 Jan 3 2005, 19:05 | |
|
Neowinian  Group: Registered Posts: 17 Joined: 3-January 05 Member No.: 88,807 
|
|
   |
 
|
|
Log In or Register · Advertise on Neowin |
|
| Post #2 Jan 3 2005, 19:07 | |
Neowinian³  Group: Registered Posts: 387 Joined: 24-September 03 From: Guelph, Ontario Member No.: 36,073
|
Are you sure Norton can't do anything about it? Have you booted into Safe Mode before attempting to clean it?
http://securityresponse.symantec.com/avcen...ojan.norio.html Follow these steps! |
|
|
|
| Post #3 Jan 3 2005, 19:10 | |
|
Neowinian Group: Registered Posts: 17 Joined: 3-January 05 Member No.: 88,807
|
QUOTE(asmit @ Jan 3 2005, 21:07) Are you sure Norton can't do anything about it? Have you booted into Safe Mode before attempting to clean it? http://securityresponse.symantec.com/avcen...ojan.norio.html Follow these steps! [right][snapback]585223873[/snapback][/right] I saw that page, but no... It didn't work... 
|
|
|
|
| Post #4 Jan 3 2005, 19:11 | |
The Clash  Group: Registered Posts: 3,892 Joined: 16-March 03 From: Somerset West, Cape Town, SA Member No.: 23,703
|
CoolWebSearch is one of the worst Spyware infections. The latest variants use a Hidden DLL that is installed by taking over the file system's data stream and stealthing the DLL file. Some AntiVirus programs will detect and clean it from memory but as soon as your system is rebooted and another Internet connection made, it will reinstall itself. CWShredder 2.x removes this variant.
Here is the prog to clean it CWShredder This will fix it 
|
|
|
|
| Post #5 Jan 3 2005, 19:14 | |
|
The Clash Group: Registered Posts: 3,892 Joined: 16-March 03 From: Somerset West, Cape Town, SA Member No.: 23,703
|
Sorry, here are the instructions, pretty easy!
 Instructions - Download, close all web browsers and run, select "I AGREE", "Fix" and "OK". After it is finished select "Next" to see if you were infected. Run CWShredder again to confirm all variants of CoolWebSearch have been removed. |
|
|
|
| Post #6 Jan 3 2005, 19:16 | |
|
Neowinian³ Group: Registered Posts: 387 Joined: 24-September 03 From: Guelph, Ontario Member No.: 36,073
|
QUOTE CoolWebSearch is one of the worst Spyware infections. [right][snapback]585223898[/snapback][/right] Wow, you were right! http://www.adwarereport.com/mt/archives/000051.html |
|
|
|
| Post #7 Jan 3 2005, 19:25 | |
|
Neowinian Group: Registered Posts: 17 Joined: 3-January 05 Member No.: 88,807
|
QUOTE(toejam @ Jan 3 2005, 21:14) Sorry, here are the instructions, pretty easy! Instructions - Download, close all web browsers and run, select "I AGREE", "Fix" and "OK". After it is finished select "Next" to see if you were infected. Run CWShredder again to confirm all variants of CoolWebSearch have been removed. [right][snapback]585223912[/snapback][/right] Hi Toejam, Maybe it's me, maybe something changed over the last days but, following these instructions it does not work. I can download and make the scan run (it finds 46 infected files). At that time I need to register and pay for the complete version. |
|
|
|
| Post #8 Jan 3 2005, 19:30 | |
|
The Clash Group: Registered Posts: 3,892 Joined: 16-March 03 From: Somerset West, Cape Town, SA Member No.: 23,703
|
This is freeware you do not have to pay for it, just run the thing!
In fact all you must do is run fix and take it from there! |
|
|
|
| Post #9 Jan 3 2005, 19:34 | |
|
Neowinian Group: Registered Posts: 17 Joined: 3-January 05 Member No.: 88,807
|
QUOTE(toejam @ Jan 3 2005, 21:30) This is freeware you do not have to pay for it, just run the thing! In fact all you must do is run fix and take it from there! [right][snapback]585223990[/snapback][/right] I can run the thing, I just can not erase all the infected files. 
|
|
|
|
| Post #10 Jan 3 2005, 19:49 | |
|
The Clash Group: Registered Posts: 3,892 Joined: 16-March 03 From: Somerset West, Cape Town, SA Member No.: 23,703
|
Did you download the file from the link that I gave you? You end up on majorgeeks website and there it quite clearly says that it is freeware, sorry if this is not the case. I ran the thing and did not run into any registration requests, so I am not really sure what it is asking you!
|
|
|
|
| Post #11 Jan 3 2005, 20:08 | |
|
Neowinian Group: Registered Posts: 17 Joined: 3-January 05 Member No.: 88,807
|
QUOTE(toejam @ Jan 3 2005, 21:49) Did you download the file from the link that I gave you? You end up on majorgeeks website and there it quite clearly says that it is freeware, sorry if this is not the case. I ran the thing and did not run into any registration requests, so I am not really sure what it is asking you! Indeed I did download it from the site you gave me.[right][snapback]585224068[/snapback][/right] And indeed you do end up here: http://www.majorgeeks.com/download3019.html If you decide to download you are transferred to this site http://www.pctools.com/spyware-doctor/?ref...al_mg_sd_336_rd . All of a sudden they don't mention Freeware anymore. If you finally perform the scan, they ask you to register. So far, no sollution found, I may add 
|
|
|
|
| Post #12 Jan 3 2005, 20:28 | |
|
The Clash Group: Registered Posts: 3,892 Joined: 16-March 03 From: Somerset West, Cape Town, SA Member No.: 23,703
|
Sorry to hear that bud, I will see what I can do!
Just checked the link you said you tried, you are downloading the wrong thing, you must download CWShredder 2.12 click on one of the American sites! This post has been edited by toejam: Jan 3 2005, 20:42 |
|
|
|
| Post #13 Jan 3 2005, 20:37 | |
Neowinian Guru Group: Registered Posts: 313 Joined: 27-May 04 From: India Member No.: 57,062
|
Here try this link.From the MVP's freebie section.
|
|
|
|
| Post #14 Jan 3 2005, 20:48 | |
|
The Clash Group: Registered Posts: 3,892 Joined: 16-March 03 From: Somerset West, Cape Town, SA Member No.: 23,703
|
I can see what you did, you must wait for the download to start, you did not give it a chance to start, and then you clicked on download Spyware Doctor, no wonder you ended up with the wrong thing! As they say in the classics read the instruction and ye shall be rewarded!!!
|
|
|
|
| Post #15 Jan 3 2005, 20:58 | |
|
Neowinian Group: Registered Posts: 17 Joined: 3-January 05 Member No.: 88,807
|
Thanks guys,
CWShredder scanned and worked. At least that problem is solved. There was no infected file from www.coolwebsearch found. So the next question I have is how it can be possible that CWShredder doesn't find anything while my Homepage on my browser always resets itself on about:blanc (while it was www.google.com) and how it is possible that Adaware finds 19 infected files from www.coolwebsearch.com... 
|
|
|
|
| « Older · Internet, Network & Security · Newer » | |
4 Pages 
[1] 2 3 ... Next : Last »
|
|
