• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 176
  • Last Modified:

Spyware: Can't remove coolwwwsearch.smartkiller

Anybody have any solutions for removing coolwwwsearch.smartkiller? I've been searching around for a way to get rid of it with no success. I installed cwshredder, spybot 1.4beta, hijackthis, adaware, etc. I have this on my work computer and my home computer. Tried removing with Spybot recommending a pre-startup scan and it still can't remove it cause it thinks it's in 'memory' or something. ugh...

Here is my hijackthis.log - I didn't see anything out of the ordinary. Maybe someone else can spot something:

<<  Hijack This log removed by humeniuk, Page Editor  >>
<<  log file available at www.hijackthis.de/logfiles/735236247466308dd55af05f8f218990.html >>

Thanks in advance for any help,
Jeremy
0
jplee3
Asked:
jplee3
  • 3
  • 2
1 Solution
 
softplusCommented:
Spyware Dr. will get rid of that. But it's payware :(
0
 
Pete LongTechnical ConsultantCommented:
0
 
Pete LongTechnical ConsultantCommented:
0
Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

 
jplee3Author Commented:
i removed the recommended "nasty" item (microsoft office lnk) with HijackThis and also disabled WinPCAP (i think). but coolwwwsearch still shows up under spybot and i can't remove it. i guess i'll check out spyware dr - i hope they would have at least a trial version.. no?
0
 
Pete LongTechnical ConsultantCommented:
run though this

Browser Hijacking/Spyware/Adware/Malware Removal instructions

Full removal and Prevention instructions are available on my website,

http://www.petenetlive.com/Tech/Browsers/hijack.htm


The EE Official Link to info is,
 http:Q_20975384.html#10973783
0
 
jplee3Author Commented:
i figured it out. id10t error over here - so i guess coolwwwsearch has been on my machine for some time now (i haven't run spybot in a long time). so before i ran a check on spybot, i thought "it would be good if i doublecheck my 'hosts' file to make sure there aren't any weird ips, to block ips with the '127.0.0.1' redirect trick, and to lock it down" --- this is the source of the problem. apparently, spybot is sifting through the modified hosts file and, for some reason, keeps complaining that there about three website redirects (i forgot the name of the spam websites off the top of my head). if i replace the modified hosts file with the original hostfile with "127.0.0.1 localhost" as the only entry, the "coolwwwsearch" doesn't show up anymore.

this is really odd behavior. not sure why spybot is picking up spyware from my hosts file. maybe it does a keyword-scan and assumes spyware exists if it hits specific keywords... i don't know.

anyway, problem resolved for now.
0

Featured Post

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now