PDA

View Full Version : looking for advise



filborne
2006-05-07, 20:58
Hello...I'm new to your forum but an avid user of Spybot S&D...here is something I have noticed that S&D hasn't located but another proggy (SPYCATCHER) has...I don't have the log files cause it was a trial version,and have since removed the program, but I recall what was found and S&D hasn't. Could ya please help or add these to your product to locate and destroy these pest/problems...they are as follows

WINFIXER
CWS.HomeSearchAssistent

tashi
2006-05-08, 00:30
Hi there.

Please see:
http://www.safer-networking.org/en/updatehistory/2006-05-05.html

Hijacker
+ CoolWWWSearch.HomeSearch + Dynamic Desktop Media + Teslaplus.com + CoolWWWSearch.Feat2Installer + CoolWWWSearch.Service + CoolWWWSearch.Feat2DLL

I have not used SPYCATCHER so therefore cannot comment on what it found; it could have tagged something and be a false postive for all I know without seeing the details. ;)

There are many variants of Winfixer.

If you would like to post a Spybot-S&D log someone can take a look at the system to see if it is clean.

Instructions for version 1.4.

Open SpyBot, check for and get any updates available.
Close all browsers, check for problems and fix everything found in red
Then on the toolbar menu select mode and switch to advanced mode, on the left lower down select tools, and view report, ensure all the options are selected near the bottom except

Uncheck[ ] do not report disabled or known legitimate Items.
uncheck[ ] Include a list of services in report.
Uncheck[ ] Include uninstall list in report.

Now select (near the top) view report.
Press export in the save in box choose a place such as your my documents folder, then in your next post near the bottom select the "browse" button; navigate to and attach or post that report.

filborne
2006-05-08, 01:50
thnx for replying so fast here is my log...

oh there was a hunt toolbar also being show...I went to regedit and deleted the /folder manager that it was located in ...if that may have been a location for either or.

LonnyRJones
2006-05-08, 02:27
Your log looks fine
Unless your searching or homepages are being redirected or changed Id say it a false possitive.

filborne
2006-05-10, 19:03
thnx peeps for looking all this over...much appreciated!:bigthumb:

tsSecure
2006-05-17, 00:30
Here is the inforamtion from Spy Catcher.
Size: 247,458 bytes
Threat level: High (more info...)
Detections: 69,200 this month: 2,117
Author: CoolWebSearch.com/Petro-Line, Ltd
Appeared: 7/12/2005
Research

Spyware Information: CWS.HomeSearchAssistent
This is a hijacker application. Hijackers take control of your web browser's settings, and usually change your homepage, search page or other default pages to point to web sites owned by the hijacker. Since the hijackers can make money just based on the number of visits to their web sites, they benefit from forcing you to view their web sites each time your web browser opens.

Method of infection: CWS.HomeSearchAssistent, also known as Home Search Assistent, may be the latest CoolWebSearch variant. It can be downloaded from removed url or it can be automatically installed via drive-by download.

CWS.HomeSearchAssistent appears to be closely related to CWS.about:blank. It is distributed on the removed url website, which claims to be run by "Petro-Line, Ltd". The domain name is registered to "Pavel Petroff (support-cc@yellow500.com)". Yellow500.com is a pornographic website. Therefore, the removed url website may be a facade for the distribution of CWS.HomeSearchAssistent.
Advertising: CWS.HomeSearchAssistent replaces Internet Explorer's home page with 'about:blank'. The 'about:blank' page, however is hijacked to display an advertising page. CWS.HomeSearchAssistent also creates popup advertisements.
Browser degradation: CWS.HomeSearchAssistent hijacks common Internet Explorer pages, including homepage, search page, blank page, and search assistant page.

Hijackers don't normally damage your computer or steal your personal information.

Privacy policy: Available online here.
Security issues: CWS.HomeSearchAssistent may have the ability to update itself automatically. These updates can contain arbitrary code and may significantly alter the performance of CWS.HomeSearchAssistent.
Stability issues: CWS.HomeSearchAssistent may cause significant system instability.
Spyware Detection Stats
Spyware Fingerprints: 91,468
Detections: 5,207,279
Detections this Month: 75,505

tashi
2006-05-17, 01:20
Not sure what that has to do with filborne's question. ;)

Your log looks fine
Unless your searching or homepages are being redirected or changed Id say it a false possitive.
Also information becomes outdated quite quickly:

CWS.HomeSearchAssistent, also known as Home Search Assistent, may be the latest CoolWebSearch variant.
CWS has continued into 2006 under new guises. :sick: