For those of you wondering, yes, there is sometimes spyware that is totally unremovable. I'm currently battling, and loosing, against a nasty piece of work called coolweb search. The problem is that the primary file gets loaded onto your drive, somehow, and will not be detected. It then installs secondary files, at a regular rate. When you run ad-aware etc, you only ever kill the secondary files. The primary is never killed off, so you are always infected.

Things like this really p*** me off. And there is nothing that can be doen, AFAIK. I'm trying a possible solution I found on the net, but I didnt find the file that was initially suggested I would find. As such, I cant finish their solution.

Anyone out there managed to deal with this bugger? If so, how did you manage it, short of a full re-format. Also, anyone feel free to share your tales of woe at the hands of these.... *censored*

Read the first post by Tea in this thread

Link (http://www.storageforum.net/forum/viewtopic.php?t=3901)

I've not come across the particular piece of evilness you've been blighted with, so I can't say for sure if the safe mode method will work, but I have got rid of one or two other mysteriously recurring infections that way.

Good luck.

From the link:

Delete all the Internet Explorer icons...If they really need IE, they can type start/run/iexplore.exe. Why not run it from the icon?

(Sorry, Takara, I know this doesn't help your immediate problem, but I'm curious.)

This sort of thing is why you really need to have a good firewall.

If you know the filename, you should be able to delete it via a command prompt.

I believe that removal of this requires deletion of both the offending file AND the corresponding registry entries. I think that so long as the registry entries remain, it will keep coming back. The trick is making sure you delete the right registry entries without stuffing up your operating system.

A complete re-install is not such a bad idea. It may seem like a major hassle but it may be less of a hassle than clearing up ALL the malware that has infected your PC. Plus, you will clear a load of other junk of your harddrive too that you don't need and make a nice fresh start with an ironclad firewall.

From the link:

quote: Delete all the Internet Explorer icons...If they really need IE, they can type start/run/iexplore.exe.

Why not run it from the icon?

(Sorry, Takara, I know this doesn't help your immediate problem, but I'm curious.) I think his point is that you shouldn't run IE at all. If you're at all concerned about malware that is.

I was spwware free, 'till I booted up IE for a brief check. In the first 5 seconds I got hit. Hate that thing. I'm getting McAfee firewall in the post, and am going to do a re-format when it arrives. I'm aiming to turn my PC into fort knox. :)

I just reformated cuz of some spyware that got on my computer and couldn't get it off. I bought an ethernet adapter and router. I also have Norton firewall and antivirus, so I am pretty nicely protected now

That does sound good. I used to be a network with a firewalled router at the start of the line. I never had any problems, unless I istalled something with adware in it. (dodgy codex bundles spring to mind)

Edit: After running Ad-aware about a dozen times in the last 32 hours and killing off every registry entry, and file that was repeatedly thrown up at me, I *repeatedly touch wood* think I've finally killed it. I'm not sure if I was killing the registry entries before it could make enough more... but I've had my PC on all evening, and the last scan came up empty. Now if I can find a way to stop these same 6 tracking cookies from appearing...

[ September 22, 2004, 01:24: Message edited by: Takara ]

Try what I did: use your old computer to surf the Net. BTW, If you do this and transfer files using floppys, USB keys, or CD - RW then be careful because I once had a file hijack Nero ( my burning software ) and write itself, thus surviving a HDD format. Or, use Macs.

I hate to repeat myself, but use Mozilla or Opera and avoid many future problems.

"Security through obscurity"

When my brother bought his first computer and unleashed himself upon the hapless internet, I knew right away that I would hear the distant ringing...of my telephone. "help me with this, help me with that, and what the &%#$ did I do that caused this"

My brother became infested with that coolwebserach crap and it took every bit of evil patience in my spinal cord to take care of that problem..

Remove all temporary internet files in user folder and in windows folders.
Remove all cookies. all, cookies.
All offlne content needs to go, clean clean clean.
Clear all offending items from the registry.
A google search for the afflictions registry key information wouldn't be too hard. I dont remember them right off of hand.
Do not turn off your computer or reboot.
Install Norton (preferably) Internet Security. It detects all of that crap. Make sure it is updated.

We did this and it found all of the coolwebsearch stuff and others that ad-aware hadn't even been detecting.

the IT department of my school offers a pretty good antispyware called "spybot search and destroy". Follow the link provided by Equester below.

Previously, i use IE as by default browser and use netscape all the time. Lazy method gave me flawed result, but that's the easiest way i can think of.

[ October 03, 2004, 21:33: Message edited by: teekc ]

Spybot search and destroy is free for all.
you can get it here http://www.safer-networking.org/en/download/index.html

SpyBot is nice, but it's not as good as SpySweeper.
Or, use Macs. I'd sooner die than switch to a Mac-In-The-Trash! :rolling:

Spy sweeper sucks. But hey, maybe I'm biased against a company that sends a free trial version, only to find that it is expired as soon as you try to run it.

@ kitrax:
I see by that that you have never used one. When was your last system crash? Your last security problem? Your last virus? This thread's owner would not have started it if he used one.

So you dont think I'm biased, I use both, and if games for mac were cheaper and macs themselves were similarly priced I would only use one.

There is a utility designed to get rid of cool web search specefically. Google for cool web shredder.

Here's what I do: I use the search files command and try to find the primary (and secondary) source files. Usually you can limit the search with the "created between" option to a day or two because you know when you got hijacked. Then go through the list and check each item. If suspicious, make note of it. Strange files with .exe extensions are highly suspicious (good candidate for the primary file that runs itself to make the secondary ones). And they should be in your C:\ or C:\WINDOWS folder (that's the default) but you may have changed this. The point of this isn't so much that you can delete it directly, but it is to figure out the file's name.

Once you know the name of the file from that, it is much easier. You can try searching the registry (run regedit) for the file and delete all those entries. If that still doesn't work, you could do a net search on the file name and find a solution that way.

Format, it is not difficult and it gets rid of absolutely everything. Just up your important files to some webspace.

NO spyware is EVER completely "unremovable", although I've come very close to such thoughts in the past. It's true that Ad-aware etc. won't get rid of it all. But you can always get rid of it by other means. Boot up your computer in safe mode(use msconfig to do a "selective startup" or whatever, that way the files won't recopy themselves and once you delete the files and their keys, they won't come back) and run ad-aware. Then go to your hard drive and make sure any of the files of the malicious agent are deleted there. Then open the registry and delete the keys! If all else fails, back up your important files(such as documents and saved games) onto cd's, completely reformat your hard drive; do a fresh install of windows, get all the windows updates including service pack 2, install antivirus software like Norton 2005. Then put the back up cd's into your drive one at a time and scan them for viruses with Norton(right click on the cd and click scan for viruses). Then copy them onto the hard drive once the scan finishes. And finally, of course, reinstall whatever programs the files were associated with(example: Games, Microsoft Office...). Good luck man, don't give up!

Unfortunately there is something called "Rootkits" which predate "Windows". It originally targeted Unix etc. Recently it has hit "Windows". AFAIK it is extremely difficult to remove. The only sure way is to re-format.

There is a utility designed to get rid of cool web search specefically. Google for cool web shredder. BINGO. I had the same problem when my brother/ parents refused to use Firefox. This worked perfectly for me, even when AdAware and Spybot didn't (though those work for every single other one out there, if combined).

Oh, and go use Firefox. Or Linux. You do know you can play BG2 on Linux, right? (No mods, though)

guys I'm having the same problem, it's a new topic called p.c. emergency, pls. help me, even my internet explorer icon doesn't work anymore, and I was trying to email to myself important files so I can download it later (didn't work either, can I email whole folders? tried it says there was an error) Help!!! :(

[Don't post in other topics telling people to go read one of yours. Everyone can see your new topic just fine. :toofar: ] -Tal

[ November 09, 2004, 21:52: Message edited by: Taluntain ]

Just found out with spybot that I have coolwwwsearch. Guess what is going to be removed. :D


EDIT: Goddamnit, spybot fixes the problem, but the website, named about:blank in the browser but is really coolwwwsearch, keeps appearing as my starting website. What to do?

[ November 16, 2004, 08:51: Message edited by: Caleb* ]

ad-aware has removed this viscious piece of spyware in the past but I also use spybot to remove what ad-aware can miss.

Caleb, look two posts above yours, or here: http://www.sorcerers.net/cgi-bin/ultimatebb.cgi?/topic/33/45.html that has a link to the site.

There's a tool developed specifically for removing the cool web search hijacker (and its many incarnations).

Oh, well, :doh: . Now, with ad-aware and spybot together with pc-cillin I managed to remove all traces from the little bastard, so I am happy now. Lalalalala! :hippy: