Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Will reformatting your hard drive remove winproc32 virus???

Posted on 2004-03-31
10
Medium Priority
?
443 Views
Last Modified: 2013-12-04
Will reformatting your hard drive (uninstalling and using the manufacturers restore cd) remove winproc32 virus?  The winproc 32 virus hijacks your default homepage and changes your default windows registry information.  I am not interested in downlaoding any software to fix the problem.  Will reformatting the hard-drive remove the virus and eliminate subsequent problems???

Thanks!

0
Comment
Question by:a2bc777
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
10 Comments
 
LVL 20

Accepted Solution

by:
What90 earned 308 total points
ID: 10729464
Hi a2bc777,


Yes it will, but it an extreme way to go for a simple remove and clean up job. Most av or spyware removal tools will get the job done in a tiny amount of time compared to a full rebuild.
0
 
LVL 12

Expert Comment

by:trywaredk
ID: 10730013
Dont format your hard drive - Just unplugg your internetcable while you remove the CoolWebSearch Spyware

***quote***
CoolWebSearch.winproc32 hijacks your SearchUrl, Search Bar, Search Page, Home Page, Search Assistant, Default Page Url and Customized Search to 4-counter.com.

Classification
Adware

Files
WINPROC32.EXE

Vendor
CoolWebSearch.com

Privacy policy
No privacy policy available.

Detection
Bazooka Adware and Spyware Scanner detects CoolWebSearch.winproc32. Bazooka is freeware and detects spyware, adware, foistware, trojan horses, viruses, worms, etc. Read more »

Manual removal
Please follow the instructions below if you would like to remove CoolWebSearch.winproc32 manually. Please notice that you must follow the instructions very carefully and delete everything that is mentioned. In most cases the removal will fail if one single item is not deleted. If Bazooka still detects CoolWebSearch.winproc32 after stepping through the removal instructions, please double-check by stepping through them again.

Start your computer in safe mode.
Start the registry editor. This is done by clicking Start then Run. (The Run dialog will appear.) Type regedit and click OK. (The registry editor will open.)
Browse to the key:
'HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run'
In the right pane, delete the value called 'Windows Internet Protocol', if it exists.
Exit the registry editor.
Start Windows Explorer and delete:
%SystemDir%\WINPROC32.EXE
Note: %SystemDir% is a variable (?). By default, this is C:\Windows\System (Windows 95/98/Me), C:\WINNT\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
Restart your computer.
***end of quote***

Many Regards
Jorgen Malmgren
IT-Supervisor
Denmark

:o) Your brain is like a parachute. It works best when it's open
0
 
LVL 12

Expert Comment

by:trywaredk
ID: 10730031
>"Will reformatting the hard-drive remove the virus and eliminate subsequent problems???"
>"I am not interested in downlaoding any software to fix the problem"

Reformatting your harddrive will remove a lot of your problem, but not nescessary everything, because virus can be hidden i the boot-sector of your harddrive - forget all about reformatting !!

The above url tells you how to remove CoolWebSearch manually, but you have to find out if anything else is hidden on your hard drive, and to protect yourself in the future:

Get a firewall
Get an antivirusprogram
Get an antispywareprogram
0
Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

 
LVL 12

Expert Comment

by:trywaredk
ID: 10730032
Getting a personal Firewall
http://www.zensecurity.co.uk/default.asp?URL=personal

Download the free version of Sygate personal firewall
http://smb.sygate.com/support/documents/spf/default.htm
http://smb.sygate.com/download/download.php?pid=spf

Download the free version of ZoneAlarm firewall
http://www.zonelabs.com/store/content/company/zap_za_grid.jsp?lid=ho_za

Comparative reviews of personal firewall software:
http://www.firewallguide.com/software.htm 

Firewall Product Selector - Choose yourself which one to compare
http://www.spirit.com/cgi-new/report.pl?dbase=fw&function=view
0
 
LVL 12

Expert Comment

by:trywaredk
ID: 10730035
Spybot:
http://security.kolla.de/index.php

Ad-aware Standard Edition is THE award winning, free*, multicomponent adware detection and removal utility:
http://www.lavasoft.de/software/adaware/

SpyFerret detects & removes spyware
http://www.onlinepcfix.com/spyware/spyware.htm

Bazooka Adware and Spyware Scanner v1.13.01
http://www.kephyr.com/spywarescanner/

Automatic check of your browser for parasites, adware and spyware
http://www.doxdesk.com/parasite/
0
 
LVL 12

Expert Comment

by:trywaredk
ID: 10730038
Use this free online Trend Housecall scanner to find and clean every known virus/rootkits/backdoors:
http://housecall.trendmicro.com/housecall/start_corp.asp

Some viruses can't be removed by housecall. If so, use the free Trend Micro system cleaner:
http://www.trendmicro.com/download/tsc.asp

If you get's an ActiveX error, when loading the HouseCall web page:
http://kb.trendmicro.com/solutions/solutionDetail.asp?solutionId=4317

If you want to secure your one workstation in the future, consider to purchase PC-cillin with builtin firewall:
http://www.trendmicro.com/en/products/desktop/pc-cillin/evaluate/overview.htm
0
 
LVL 12

Expert Comment

by:trywaredk
ID: 10730042
:o) Forgot the url from the quotes above from 04/01/2004 09:02AM CEST ....

http://www.kephyr.com/spywarescanner/library/coolwebsearch.winproc32/index.phtml
0
 
LVL 12

Expert Comment

by:rossfingal
ID: 10730101
Reformatting your hard drive using restore/boot disk will not necessarily remove every nasty thing that's out there.
Even fdisk/MBR will not work at all times - and there are possible concomitant problems with this.
A low-level format (using the manufacturer of the hard disk's utility) generally, will get rid of almost everything.
Oh, and by the way - the virus that you,re referring to is nothing more then apart of Cool-Web-Search, which is spyware,
 malware, garbageware - and it is removed by a free, unobtrusive, app. called CWShredder.
Interesting!?! 77!?!
0

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many people tend to confuse the function of a virus with the one of adware, this misunderstanding of the basic of what each software is and how it operates causes users and organizations to take the wrong security measures that would protect them ag…
In a recent article here at Experts Exchange (http://www.experts-exchange.com/articles/18880/PaperPort-14-in-Windows-10-A-First-Look.html), I discussed my nine-month sandbox testing of the Windows 10 Technical Preview, specifically with respect to r…
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.
In this video you will find out how to export Office 365 mailboxes using the built in eDiscovery tool. Bear in mind that although this method might be useful in some cases, using PST files as Office 365 backup is troublesome in a long run (more on t…
Suggested Courses

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question