bjansson4
asked on
Cannot get rid of "websearch" adware
Hello. Got a good one for ya.
I recently began having trouble with adware - pop ups even when not on line - so I ran Norton and it found a ton of viruses (120) and adware but it couldn't delete most of the adware. I already had Spybot on my computer, Windows XP Pro with it's firewall and Norton Internet Security installed and updated so I'm not sure where this stuff came from. In addition, I bought Spyware Doctor and it cleaned up some of the adware. Norton still finds 62 +/-problems but it can only get rid of one or two, and Spyware Doctor finds two that it cannot remove. I rebooted in Safe mode and ran Norton, Spybot and Spyware Doctor again but they still cannot delete most of the problems so I kept the list of the adware files in Norton, updated my permissions, and manually deleted most of the adware. They were in the C drive under the 'System Volume Information' folder. Rebooted in normal mode, ran another Norton sweep and the WebSearch adware (plus others) are found again but this time under the C drive in a folder I can't get to C:\RESTORE... It's like it duplicated the files I deleted (yes I emptied the recyle bin), renamed them and put them in another folder I can't get to.
Also, the two files Spyware Doctor cannot delete are under 'HKLM\SYSTEM\ControlSet001
I have also been denied access to an excel sheet that was encripted by me.
I have no idea how to get rid of all this junk. HELP???????????
I recently began having trouble with adware - pop ups even when not on line - so I ran Norton and it found a ton of viruses (120) and adware but it couldn't delete most of the adware. I already had Spybot on my computer, Windows XP Pro with it's firewall and Norton Internet Security installed and updated so I'm not sure where this stuff came from. In addition, I bought Spyware Doctor and it cleaned up some of the adware. Norton still finds 62 +/-problems but it can only get rid of one or two, and Spyware Doctor finds two that it cannot remove. I rebooted in Safe mode and ran Norton, Spybot and Spyware Doctor again but they still cannot delete most of the problems so I kept the list of the adware files in Norton, updated my permissions, and manually deleted most of the adware. They were in the C drive under the 'System Volume Information' folder. Rebooted in normal mode, ran another Norton sweep and the WebSearch adware (plus others) are found again but this time under the C drive in a folder I can't get to C:\RESTORE... It's like it duplicated the files I deleted (yes I emptied the recyle bin), renamed them and put them in another folder I can't get to.
Also, the two files Spyware Doctor cannot delete are under 'HKLM\SYSTEM\ControlSet001
I have also been denied access to an excel sheet that was encripted by me.
I have no idea how to get rid of all this junk. HELP???????????
after coming back from safemode to normal mode, Dont forget to turn ur System Restore back on, and create a New System Restore point !!
ASKER
I've downloaded everything but the coolwebshredder - When I try to download that one it closes the browser. There is a disclaimer at the bottom explaining this and a tool to remove whatever is closing the browser but it goes to 'page cannot be found.'
Now what?
Now what?
wait i will find a another link for both products !! :)
ok this is for CWShredder 2.0 >> http://www.intermute.com/spysubtract/cwshredder_download.html
and if this one also closes , then here is the working link for CWShredder.SmartKiller >> http://www.majorgeeks.com/download4113.html
and if this one also closes , then here is the working link for CWShredder.SmartKiller >> http://www.majorgeeks.com/download4113.html
ASKER
Cool, thanks! :)
my pleasure =)
bjansson, any progress today :)
ASKER
Well, it took a while to do all of that and about 2.5 hours to run Norton again. Here's what happened; everything malicious is gone (bravo) except the websearch stuff. Norton is completely clean now. As Aware found 35 bugs and removed them. Spybot got rid of come. Nothing was found with Coolwebshredder or stinger.
I had already gotten into add remover programs and uninstalled Websearch before I did any of there.
It's just these two files now under 'HKLM\SYSTEM\ControlSet001
What do you think?
I had already gotten into add remover programs and uninstalled Websearch before I did any of there.
It's just these two files now under 'HKLM\SYSTEM\ControlSet001
What do you think?
ok so when u try to delete those registry folder manually from regedit, do u get an error,,,, or they come back again after deleting ??
coz if u get an error, then u have to boot into safemode, login with Administrator(if tis XP), and then open regedit, right clcik the Legacy_WintoolSSVC folder and clcik Permissions, check that u have Full permission on this folder and nothing shud be Deny !!
do same for the other folder and check if u can delete them now or not ?? :)
coz if u get an error, then u have to boot into safemode, login with Administrator(if tis XP), and then open regedit, right clcik the Legacy_WintoolSSVC folder and clcik Permissions, check that u have Full permission on this folder and nothing shud be Deny !!
do same for the other folder and check if u can delete them now or not ?? :)
ASKER
Ah! I didn't know how to do that. OK, When I go to those directories I don't see anything that resembles 'websearch.' How do I know what to delete? Spyware doctor cannot delete them and this is the total path. Both directories look like they have the same content.
u have to delete the "Legacy_WintoolSSVC" folder from there :)
ASKER
The whole fooooollllllder! I get it. Let me do that real quick.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
That worked perfectly! You're a GENIUOS!!!!!!!!!!!
Excellent..... ^_^
ASKER
I really appreciate your help. Thank you!
my pleasure bjansson.... its always a good feeling to see a happy costumer here =)
Cheers ^_^
Cheers ^_^
ASKER
I've got another question out about that encrypted file I can't open now - because of all this I think. Can you help with that one too?
First use msconfig to untick unwanted progrmas as described here >> http://netsquirrel.com/msconfig/
Then Download these tools and install them:
==========================
AdAware ==> http://www.spychecker.com/program/adaware.html
SpyBot ==> http://www.spychecker.com/program/spybot.html
CoolWebShredder ==> http://www.softpedia.com/public/cat/10/17/10-17-150.shtml
Stinger ==> http://vil.nai.com/vil/stinger
==========================
Turn off ur System Restore before cleaning the system if its WinME\XP >> http://www.pchell.com/virus/systemrestore.shtml (Recommeneded in ur case)
Then Run all of them one by one in safemode and delete everything they detect.
Then delete the temporary internet files and history of IE
and run Disk Cleanup on ur hard drive to delete those temp and junk files.
Restart back in Normal Mode to check for the problems now ??