Has CWS.SmartSearch.2 still got me? CWShredder says I'm safe but...I'm not so sure.
Posted on 2004-08-15
Each time I open CWShredder v.1.59.0 and hit the "Check for update" button I get the "Fetching CWShredder update....etc." panel. After a nominal minute, I get the message; "Unable to retrieve...etc. Server might be unavailable, try again later." This has been going on for 3 days. This is the SWI site and I realize that it is very busy and that it has been under "attack' for some time now, but 3 days of failing to get thru seemed excessive.
What has me most concerned is the following sequence of events; 3 days ago on my first attempt, I opened CWS Shredder and checked for updates, the message came up that there were updates available. I hit the "Download and open the update", a message popped on screen informing me that "...CoolWebSearch trojan (CWS.SmartSearch.2) has attempted to...etc...to counter this,....random string of text,...Cws is still functioning....has not been corrupted." When I closed that message, I was back at the CWSHredder opening panel. Closing and restarting CWShredder, I again hit the Check for updates, got the "Fetching...etc." and then after the short wait I got the "Unable to retrieve...etc.". Since that time, after 10 or 12 attempts each day I am still unable to reach the updates. Further:
Yesterday, on 2 of my attempts, as soon as the CWShredder panel hit the screen, the "....CWS.SmartSearch.2 has attempted to close CWShredder...etc." came up. Yesterday I was plagued with a lot of "failures to respond", inability to remove programs by means of "Add/Remove" (MediaPlayer 7.1 specifically) it would take control of my machine, locking me up in whatever program was running, dead mouse, etc. The 3 finger salute was the only way out. On each of these occassions. WMP7.1 was the prime offender. After 5 or 6 hours of work with Regedit, Explorer, and 3 different registry utilities I managed to get rid of MediaPlayer and the lock-ups. During all of this, IE has never seemed to be affected.
I have run Panda, Housecalls, and McAfee several times. All 3 report nothing. I run SpywareBlaster, Spybot S&D, Ad-Aware daily, always after seeking updates. All of them have nothing to report.
Well, wouldn't you just know it, as of 2 minutes ago; I attempted the CWShredder update routine and finally it got past the "Unable to retrieve" and it said there was an update. I hit "Download and open the update", got the "Connecting", waited it out, and got the download, but, "An error occurred opening the downloaded file"...... "You need a file compression program like Winzip....etc". My trial period with Winzip expired yesterday, I have no means by which to open the download. Any suggestions? I need a means of unzipping zipped downloads...Googling brings up several possibilities but I have no familiarity with any of them and am therefore fearful to select one. I really liked the Winzip but I just can't afford it (or anything else for that matter - my signature says it all, plain and simple). I'm not cheap and looking for free rides, I'm just living on very limited means and there is no room in the budget for anything more than necessities.
I have submitted my most recent HJT log to SWI for evaluation and am waiting to see what that brings... if anyone here wants to look at it I will post it on request. I know that SWI, as well as you folks at EE, are swamped so if it takes some bit of time to get to my query I'll understand, but believe me, I will be waiting with great antici...........pation (as Dr. Frankenfurter, in Rocky Horror Picture Show put it).
In summary, I am concerned that CWS.SmartSearch.2 is still lurking somewhere, waiting for another exploitable such as MP7.1.
This may be relevant; whenever I have run HJT during the past few days it does that "quick as a flash" scan and then stalls for about 45 seconds, the progress bar is about 90% across and it says "015 - Trusted Zone enumeration...", during the delay my mouse is essentially dead. After the delay, HJT finishes the scan and all is normal.
In passing; if BillDl hits me again with the Tweakui stuff, forget it Bill...that thing is still doing crazy stuff, but nothing that is of great import in this issue, have a good one BillDl.
Thanks for any help, advice, or commentary anyone would care to offer. Harshale