Solved

Will reformatting your hard drive remove winproc32 virus???

Posted on 2004-03-31
10
440 Views
Last Modified: 2013-12-04
Will reformatting your hard drive (uninstalling and using the manufacturers restore cd) remove winproc32 virus?  The winproc 32 virus hijacks your default homepage and changes your default windows registry information.  I am not interested in downlaoding any software to fix the problem.  Will reformatting the hard-drive remove the virus and eliminate subsequent problems???

Thanks!

0
Comment
Question by:a2bc777
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
10 Comments
 
LVL 20

Accepted Solution

by:
What90 earned 77 total points
ID: 10729464
Hi a2bc777,


Yes it will, but it an extreme way to go for a simple remove and clean up job. Most av or spyware removal tools will get the job done in a tiny amount of time compared to a full rebuild.
0
 
LVL 12

Expert Comment

by:trywaredk
ID: 10730013
Dont format your hard drive - Just unplugg your internetcable while you remove the CoolWebSearch Spyware

***quote***
CoolWebSearch.winproc32 hijacks your SearchUrl, Search Bar, Search Page, Home Page, Search Assistant, Default Page Url and Customized Search to 4-counter.com.

Classification
Adware

Files
WINPROC32.EXE

Vendor
CoolWebSearch.com

Privacy policy
No privacy policy available.

Detection
Bazooka Adware and Spyware Scanner detects CoolWebSearch.winproc32. Bazooka is freeware and detects spyware, adware, foistware, trojan horses, viruses, worms, etc. Read more »

Manual removal
Please follow the instructions below if you would like to remove CoolWebSearch.winproc32 manually. Please notice that you must follow the instructions very carefully and delete everything that is mentioned. In most cases the removal will fail if one single item is not deleted. If Bazooka still detects CoolWebSearch.winproc32 after stepping through the removal instructions, please double-check by stepping through them again.

Start your computer in safe mode.
Start the registry editor. This is done by clicking Start then Run. (The Run dialog will appear.) Type regedit and click OK. (The registry editor will open.)
Browse to the key:
'HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run'
In the right pane, delete the value called 'Windows Internet Protocol', if it exists.
Exit the registry editor.
Start Windows Explorer and delete:
%SystemDir%\WINPROC32.EXE
Note: %SystemDir% is a variable (?). By default, this is C:\Windows\System (Windows 95/98/Me), C:\WINNT\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
Restart your computer.
***end of quote***

Many Regards
Jorgen Malmgren
IT-Supervisor
Denmark

:o) Your brain is like a parachute. It works best when it's open
0
 
LVL 12

Expert Comment

by:trywaredk
ID: 10730031
>"Will reformatting the hard-drive remove the virus and eliminate subsequent problems???"
>"I am not interested in downlaoding any software to fix the problem"

Reformatting your harddrive will remove a lot of your problem, but not nescessary everything, because virus can be hidden i the boot-sector of your harddrive - forget all about reformatting !!

The above url tells you how to remove CoolWebSearch manually, but you have to find out if anything else is hidden on your hard drive, and to protect yourself in the future:

Get a firewall
Get an antivirusprogram
Get an antispywareprogram
0
Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

 
LVL 12

Expert Comment

by:trywaredk
ID: 10730032
Getting a personal Firewall
http://www.zensecurity.co.uk/default.asp?URL=personal

Download the free version of Sygate personal firewall
http://smb.sygate.com/support/documents/spf/default.htm
http://smb.sygate.com/download/download.php?pid=spf

Download the free version of ZoneAlarm firewall
http://www.zonelabs.com/store/content/company/zap_za_grid.jsp?lid=ho_za

Comparative reviews of personal firewall software:
http://www.firewallguide.com/software.htm 

Firewall Product Selector - Choose yourself which one to compare
http://www.spirit.com/cgi-new/report.pl?dbase=fw&function=view
0
 
LVL 12

Expert Comment

by:trywaredk
ID: 10730035
Spybot:
http://security.kolla.de/index.php

Ad-aware Standard Edition is THE award winning, free*, multicomponent adware detection and removal utility:
http://www.lavasoft.de/software/adaware/

SpyFerret detects & removes spyware
http://www.onlinepcfix.com/spyware/spyware.htm

Bazooka Adware and Spyware Scanner v1.13.01
http://www.kephyr.com/spywarescanner/

Automatic check of your browser for parasites, adware and spyware
http://www.doxdesk.com/parasite/
0
 
LVL 12

Expert Comment

by:trywaredk
ID: 10730038
Use this free online Trend Housecall scanner to find and clean every known virus/rootkits/backdoors:
http://housecall.trendmicro.com/housecall/start_corp.asp

Some viruses can't be removed by housecall. If so, use the free Trend Micro system cleaner:
http://www.trendmicro.com/download/tsc.asp

If you get's an ActiveX error, when loading the HouseCall web page:
http://kb.trendmicro.com/solutions/solutionDetail.asp?solutionId=4317

If you want to secure your one workstation in the future, consider to purchase PC-cillin with builtin firewall:
http://www.trendmicro.com/en/products/desktop/pc-cillin/evaluate/overview.htm
0
 
LVL 12

Expert Comment

by:trywaredk
ID: 10730042
:o) Forgot the url from the quotes above from 04/01/2004 09:02AM CEST ....

http://www.kephyr.com/spywarescanner/library/coolwebsearch.winproc32/index.phtml
0
 
LVL 12

Expert Comment

by:rossfingal
ID: 10730101
Reformatting your hard drive using restore/boot disk will not necessarily remove every nasty thing that's out there.
Even fdisk/MBR will not work at all times - and there are possible concomitant problems with this.
A low-level format (using the manufacturer of the hard disk's utility) generally, will get rid of almost everything.
Oh, and by the way - the virus that you,re referring to is nothing more then apart of Cool-Web-Search, which is spyware,
 malware, garbageware - and it is removed by a free, unobtrusive, app. called CWShredder.
Interesting!?! 77!?!
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

No security measures warrant 100% as a "silver bullet". The truth is we also cannot assume anything but a defensive and vigilance posture. Adopt no trust by default and reveal in assumption. Only assume anonymity or invisibility in the reverse. Safe…
Security measures require Windows be logged in using Standard User login (not Administrator).  Yet, sometimes an application has to be run “As Administrator” from a Standard User login.  This paper describes how to create a shortcut icon to launch a…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
In this video you will find out how to export Office 365 mailboxes using the built in eDiscovery tool. Bear in mind that although this method might be useful in some cases, using PST files as Office 365 backup is troublesome in a long run (more on t…
Suggested Courses

615 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question