Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Cannot get rid of "websearch" adware

Posted on 2004-10-28
19
Medium Priority
?
431 Views
Last Modified: 2013-11-16
Hello.  Got a good one for ya.

I recently began having trouble with adware - pop ups even when not on line - so I ran Norton and it found a ton of viruses (120) and adware but it couldn't delete most of the adware.  I already had Spybot on my computer, Windows XP Pro with it's firewall and Norton Internet Security installed and updated so I'm not sure where this stuff came from.  In addition, I bought Spyware Doctor and it cleaned up some of the adware.  Norton still finds 62 +/-problems but it can only get rid of one or two, and Spyware Doctor finds two that it cannot remove.  I rebooted in Safe mode and ran Norton, Spybot and Spyware Doctor again but they still cannot delete most of the problems so I kept the list of the adware files in Norton, updated my permissions, and manually deleted most of the adware.  They were in the C drive under the 'System Volume Information' folder.  Rebooted in normal mode, ran another Norton sweep and the WebSearch adware (plus others) are found again but this time under the C drive in a folder I can't get to C:\RESTORE...  It's like it duplicated the files I deleted (yes I emptied the recyle bin), renamed them and put them in another folder I can't get to.  

Also, the two files Spyware Doctor cannot delete are under 'HKLM\SYSTEM\ControlSet001\Enum\Root\Legacy_WintoolSSVC' and 'HKLM\SYSTEM\CurrentContolSet\Enum\Root\Legacy_WintoolSSVC.'

I have also been denied access to an excel sheet that was encripted by me.  

I have no idea how to get rid of all this junk.  HELP???????????

0
Comment
Question by:bjansson4
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 11
  • 8
19 Comments
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 12439990
Hello bjansson4 =)

First use msconfig to untick unwanted progrmas as described here >> http://netsquirrel.com/msconfig/
Then Download these tools and install them:
========================================================
AdAware ==> http://www.spychecker.com/program/adaware.html
SpyBot  ==> http://www.spychecker.com/program/spybot.html
CoolWebShredder ==> http://www.softpedia.com/public/cat/10/17/10-17-150.shtml
Stinger ==> http://vil.nai.com/vil/stinger
========================================================

Turn off ur System Restore before cleaning the system if its WinME\XP >> http://www.pchell.com/virus/systemrestore.shtml (Recommeneded in ur case)
Then Run all of them one by one in safemode and delete everything they detect.
Then delete the temporary internet files and history of IE
and run Disk Cleanup on ur hard drive to delete those temp and junk files.
Restart back in Normal Mode to check for the problems now ??
0
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 12440002
after coming back from safemode to normal mode, Dont forget to turn ur System Restore back on, and create a New System Restore point !!
0
 

Author Comment

by:bjansson4
ID: 12440095
I've downloaded everything but the coolwebshredder - When I try to download that one it closes the browser.  There is a disclaimer at the bottom explaining this and a tool to remove whatever is closing the browser but it goes to 'page cannot be found.'

Now what?
0
Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 12440131
wait i will find a another link for both products !! :)
0
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 12440146
ok this is for CWShredder 2.0 >> http://www.intermute.com/spysubtract/cwshredder_download.html
and if this one also closes , then here is the working link for CWShredder.SmartKiller >> http://www.majorgeeks.com/download4113.html
0
 

Author Comment

by:bjansson4
ID: 12440147
Cool, thanks!  :)
0
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 12440152
my pleasure =)
0
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 12444550
bjansson, any progress today :)
0
 

Author Comment

by:bjansson4
ID: 12445179
Well, it took a while to do all of that and about 2.5 hours to run Norton again.  Here's what happened;  everything malicious is gone (bravo) except the websearch stuff.  Norton is completely clean now.  As Aware found 35 bugs and removed them.  Spybot got rid of come.  Nothing was found with Coolwebshredder or stinger.

I had already gotten into add remover programs and uninstalled Websearch before I did any of there.

It's just these two files now under 'HKLM\SYSTEM\ControlSet001\Enum\Root\Legacy_WintoolSSVC' and 'HKLM\SYSTEM\CurrentContolSet\Enum\Root\Legacy_WintoolSSVC' that are so stubborn.  I'm just afraid they are going to open the door to more junk.

What do you think?
0
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 12445282
ok so when u try to delete those registry folder manually from regedit, do u get an error,,,, or they come back again after deleting ??
coz if u get an error, then u have to boot into safemode, login with Administrator(if tis XP), and then open regedit, right clcik the Legacy_WintoolSSVC folder and clcik Permissions, check that u have Full permission on this folder and nothing shud be Deny !!
do same for the other folder and check if u can delete them now or not ?? :)
0
 

Author Comment

by:bjansson4
ID: 12445763
Ah!  I didn't know how to do that.  OK, When I go to those directories I don't see anything that resembles 'websearch.'  How do I know what to delete?  Spyware doctor cannot delete them and this is the total path.  Both directories look like they have the same content.
0
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 12445823
u have to delete the "Legacy_WintoolSSVC" folder from there :)
0
 

Author Comment

by:bjansson4
ID: 12445850
The whole fooooollllllder!  I get it.  Let me do that real quick.
0
 
LVL 65

Accepted Solution

by:
SheharyaarSaahil earned 2000 total points
ID: 12445881
:)
0
 

Author Comment

by:bjansson4
ID: 12446069
That worked perfectly!  You're a GENIUOS!!!!!!!!!!!
0
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 12446087
Excellent..... ^_^
0
 

Author Comment

by:bjansson4
ID: 12446159
I really appreciate your help.  Thank you!
0
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 12446174
my pleasure bjansson.... its always a good feeling to see a happy costumer here =)
Cheers ^_^
0
 

Author Comment

by:bjansson4
ID: 12446282
I've got another question out about that encrypted file I can't open now - because of all this I think.  Can you help with that one too?
0

Featured Post

Q2 2017 - Latest Malware & Internet Attacks

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out our latest Quarterly Internet Security Report!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

What monsters are hiding in your child's room? In this article I will share with you a tech horror story that could happen to anyone, along with some tips on how you can prevent it from happening to you.
An overview of cyber security, cyber crime, and personal protection against hackers. Includes a brief summary of the Equifax breach and why everyone should be aware of it. Other subjects include: how cyber security has failed to advance with technol…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question