Page 1 of 4 123 ... LastLast
Results 1 to 15 of 56
  1. #1
    5 Star Lounger
    Join Date
    May 2003
    Location
    Sterling Heights, Michigan, USA
    Posts
    633
    Thanks
    0
    Thanked 1 Time in 1 Post

    Can't Kill These!

    Friend of mine told me his PC had picked up some crud when he got a broadband connection, and in spite of installing Ad-Aware, he couldn't get rid of the stuff. Today I went to his apartment and took a look. I updated Ad-Aware and set it for a Custom scan, and it located a few things. Killed those, then installed Spybot S&D, updated and ran it. It killed a few more. But Internet Explorer still refuses to go to the page he has set as Home. Instead, he gets one of the following pages:

    Global Search Solutions, with "new genereation search" in the Title bar
    GloboLOOK!
    Adult Search bar

    I ran a Google search on these, but only found a set of manual Registry entries and files to kill that are supposed to get rid of Adult Search bar (no "automated" removal). Can anyone point me to a way to get rid of these 3 pieces of c**p?

  2. #2
    Uranium Lounger
    Join Date
    Mar 2001
    Location
    New Jersey
    Posts
    6,684
    Thanks
    1
    Thanked 11 Times in 11 Posts

    Re: Can't Kill These!

    Hi John,

    It appears that your friend has picked up a rather difficult browser hijacker. I'm unable to find much on GloboLOOK or any of several variants and what I am finding is very disconcerting. My best suggestion is to take a look at this post read some of the tutorials and see if tweaking any of the software that's loaded or trying a couple of the other <img src=/S/free.gif border=0 alt=free width=30 height=15> products suggested will get this thing off the system. I'm pretty sure that you are going to need the help of the HijackThis folks on one of the Forums mentioned. Once you get the HijackThis program setup and run a scan to generate a log file you can post to one of the forums, you might first want to try an online log analyzer that will parse your log and tell you what to remove. Two of theose are here and here. HTH <img src=/S/smile.gif border=0 alt=smile width=15 height=15>

    PS - Tell your friend to avoid those types of sites in the future. <img src=/S/wink.gif border=0 alt=wink width=15 height=15>
    <IMG SRC=http://www.wopr.com/w3tuserpics/DocWatson_sig.gif>

  3. #3
    5 Star Lounger
    Join Date
    May 2003
    Location
    Sterling Heights, Michigan, USA
    Posts
    633
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: Can't Kill These!

    Doc,

    >> I'm unable to find much on GloboLOOK or any of several variants and what I am finding is very disconcerting. My best suggestion is to take a look at this post read some of the tutorials and see if tweaking any of the software that's loaded or trying a couple of the other products suggested will get this thing off the system. <<

    Thanks for the references. He's going to bring the PC to me Monday, so I can hook it up on my home network and spend some time trying to clean it up. What I'm concerned about is that neither Ad-Aware or Spybot S&D are even SEEING these things, let alone killing them. Even if I get the PC cleaned up, I hope it won't get these things back right away. I did convince him he needs to put a router between the PC and his cable modem, and I may even put a software firewall on the PC.

  4. #4
    Uranium Lounger
    Join Date
    Mar 2001
    Location
    New Jersey
    Posts
    6,684
    Thanks
    1
    Thanked 11 Times in 11 Posts

    Re: Can't Kill These!

    John,

    I'm starting to find some info on this nasty and it appears to be some variant of CWS or CoolWebSearch. His new homepage is probably <font color=red>http://www.hotoffers.info/066/</font color=red> (***Mods please don't make this link hot***), right ?? It seems he was probably trying to do something good for the PC and got caught up in this scam.

    The Google I did this AM gave me the sites I got the information above from, but also turned up more sites that are where you can get this piece of junk. I'm not gonna link to those search results but they all began with GLOBOLOOK and referred to something else like "Want to buy a house??" and then the link took you to a page that looks just like the bottom of the page I just linked to, telling you that your PC was infected and you need to download their software from this site, right away. Doc's Rule #1 - If you didn't ask for it, don't download it !!!

    I found some removal instructions for the Adult Search Bar here, but I'd use the information from here and I really think that you need to get HijackThis and post the log file to one of their forums. This is a new problem and there really isn't much out there to tell you what to do to clean it yourself. Post back if you need any help or advice. Good Luck with this thing.
    <IMG SRC=http://www.wopr.com/w3tuserpics/DocWatson_sig.gif>

  5. #5
    5 Star Lounger
    Join Date
    May 2002
    Location
    43.8N 81.0W, Ontario
    Posts
    815
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Can't Kill These!

    Hi John

    CoolWebShredder and NoAdware are two free downloads that should be able to remove CoolWebSearch.

    Have a Great day!!!
    Ken
    <IMG SRC=http://www.wopr.com/w3tuserpics/KenK_sig.gif>

  6. #6
    5 Star Lounger
    Join Date
    May 2003
    Location
    Sterling Heights, Michigan, USA
    Posts
    633
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: Can't Kill These!

    Doc,

    >> I found some removal instructions for the Adult Search Bar here, but I'd use the information from here and I really think that you need to get HijackThis and post the log file to one of their forums. <<

    Not making much progress. Tried the instructions for Adult Search Bar at the first link you posted, but the various registry entries and files it said I should delete weren't on the PC. HijackThis shows some entries that appear to be part of these problems, but when I tell it to Fix them, nothing happens--that is, the nasties are still there. Grrrr!

  7. #7
    Platinum Lounger
    Join Date
    Nov 2001
    Location
    Melbourne, Victoria, Australia
    Posts
    5,016
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Can't Kill These!

    Just a silly thought, but have you clicked the checkboxes next to the items you want "fixed"?

    Alan

  8. #8
    Uranium Lounger
    Join Date
    Mar 2001
    Location
    New Jersey
    Posts
    6,684
    Thanks
    1
    Thanked 11 Times in 11 Posts

    Re: Can't Kill These!

    You didn't say whether you posted the log to the HijackThis forums, but from what you are saying, it doesn't sound as though you have. I would strongly caution you NOT to do this without assistance. Removing the wrong thing can turn the PC into a doorstop in a heartbeat and it's not always easy to tell the bad from the good in these logs. And often the only recourse is a format and reinstall.

    That said, Alan's thought about being sure you put a check in the suspected entries box is a good first step. As a second thought, you can post your HijackThis log file to this site and have it parsed (analyzed). The results will suggest which items to have HijackThis remove. This is an alternative to posting to the forums and having a person who is experienced with these messes check your log and guide you through cleaning your system. If your system is not too severely compromised, the online analysis might be all you need but if it is still misbehaving after that, it's time to post to the forum (I recommend that anyway. It's <img src=/S/free.gif border=0 alt=free width=30 height=15> and only requires that you wait until they can get to you and that you then trust that they will get things straight and follow ALL instructions. They are very good at what they do and you can't beat the price. <img src=/S/smile.gif border=0 alt=smile width=15 height=15>
    <IMG SRC=http://www.wopr.com/w3tuserpics/DocWatson_sig.gif>

  9. #9
    5 Star Lounger
    Join Date
    May 2003
    Location
    Sterling Heights, Michigan, USA
    Posts
    633
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: Can't Kill These!

    Alan,

    >> Just a silly thought, but have you clicked the checkboxes next to the items you want "fixed"? <<

    Yes.

  10. #10
    5 Star Lounger
    Join Date
    May 2003
    Location
    Sterling Heights, Michigan, USA
    Posts
    633
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: Can't Kill These!

    Doc,

    >> As a second thought, you can post your HijackThis log file to this site and have it parsed (analyzed). <<

    Are you referring to the "automatic" analysis at that site (I did that, and it didn't help), or posting in the forums at this site?

  11. #11
    Uranium Lounger
    Join Date
    Mar 2001
    Location
    New Jersey
    Posts
    6,684
    Thanks
    1
    Thanked 11 Times in 11 Posts

    Re: Can't Kill These!

    John,

    Yes, the "automatic" analysis was what I was talking about, but you can also post your log to that forum. There are 3 or 4 HijackThis Forums that I'm aware of and perhaps more. I'm pretty sure the "experts" are different on the various sites (perhaps some in common), so it might be to your advantage to post to more than one. I would suggest that if you do, you follow only one person's advice at a time to avoid <img src=/S/dizzy.gif border=0 alt=dizzy width=15 height=15>. As I said at the outset, this is aparticularly insidious little nasty with not a lot of info to work with. These things can be maddeningly frustrating the way they just keep coming back. I've always found that you can excise them if you know your system and what should and shouldn't be there and in most cases, the nice folks at these help forums can lead you through the process. I know it's a friend's system and that can make it more frustrating simply because you are not familiar with the setup, but hang in and you should be rewarded. <img src=/S/thumbup.gif border=0 alt=thumbup width=15 height=15>
    <IMG SRC=http://www.wopr.com/w3tuserpics/DocWatson_sig.gif>

  12. #12
    5 Star Lounger
    Join Date
    May 2003
    Location
    Sterling Heights, Michigan, USA
    Posts
    633
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: Can't Kill These!

    Doc,

    >> I'm pretty sure the "experts" are different on the various sites (perhaps some in common), so it might be to your advantage to post to more than one. I would suggest that if you do, you follow only one person's advice at a time to avoid . <<

    I tried posting just 3 log entries from HJT of stuff that won't go away, at the IAmNotAGeek forum, but the first person who responded said it was better if I posted the entire log. So I did that, and am waiting for responses. If that forum doesn't help me resolve this, I'll try one of the other ones.

  13. #13
    Uranium Lounger
    Join Date
    Mar 2001
    Location
    New Jersey
    Posts
    6,684
    Thanks
    1
    Thanked 11 Times in 11 Posts

    Re: Can't Kill These!

    I think you have taken the first step on the road to recovery. Good Luck !! <img src=/S/crossfingers.gif border=0 alt=crossfingers width=17 height=16>
    <IMG SRC=http://www.wopr.com/w3tuserpics/DocWatson_sig.gif>

  14. #14
    3 Star Lounger
    Join Date
    Jun 2001
    Location
    Los Angeles, California, USA
    Posts
    289
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Can't Kill These!

    Get the latest version of CWS direct from Intermute. Avoid a purchase and 'Download Now' on the top right of the page: http://www.intermute.com/spysubtract/cwshr...r_download.html

    They are keeping this important tool free for now. It has saved my butt a number of times. I've used the report to look for similar items in HiJack This that can be removed manually. I've done this on about thirty - forty different badly CWS variant infected PCs myself and eventually you'll get rid of it. I'm quite thankful I haven't turned one into a doorstop yet <img src=/S/smile.gif border=0 alt=smile width=15 height=15> Didn't realize it was so dangerous. But then, I am relatively careful. Some of this cretinware takes heroic efforts to remove.

    Good luck.

  15. #15
    5 Star Lounger
    Join Date
    May 2003
    Location
    Sterling Heights, Michigan, USA
    Posts
    633
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: Can't Kill These!

    Van,

    >> Get the latest version of CWS direct from Intermute. <<

    I had already tried an earlier version of CWS, but followed your advice and downloaded the latest one. It didn't find anything, but at the end it suggested trying SpySubtract. Installed that, and it found one file relating to Grokster, and a Registry entry for a new piece of c**p: SearchSquire3. Had it kill the second one, but those same freaking pages are showing up, in rotation, when I start Internet Explorer. This PC originally had an AOL dialup connection, then the owner got Comcast Broadband. I'm beginning to wonder if this junk is somehow being reinstalled by either the AOL software or the Comcast stuff.

Page 1 of 4 123 ... LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •