Help! New User. CoolWebSearch Found!
hi all,
I am a new user of Spybot. I suspected that a spyware called "Cool Websearch" is affecting my comp...can anyone please kindly explain whats the meaning of this and how can i remove it completely from my system???
pls refer to pic:
when i right-click on the word "CooldWebSearch" on the right colume,
there is a pop-up saying "http:www.spywareinfo.com"
Is this the link of where I have gotton this spyware or???
and what are the rest of the items? can someone please help me?!?
thanks!
re: Ctfmon.exe
Please see:
http://forums.spybot.info/showpost.p...19&postcount=2
Getting an answer is one thing, learning is another.
Microsoft Windows XP Home Edition running on a 2.40GHz IntelŪ PentiumŪ 4 Processor with 512 MB of RAM and a 533 MHz System Bus.
so does that means that since its located in:Originally Posted by md usa spybot fan
C:\WINDOWS\system32\ctfmon.exe
then its 100% confirm that its not a spyware/virus???
please advise.... :(
If you have Windows XP Office products and run a anti-virus it should be ok.
It really is not necessary as a startup entry as the Paul Collin's listing indicates with "Not Required" in addition to indicating it can be a virus etc.
For more information see:
Frequently asked questions about Ctfmon.exe
http://support.microsoft.com/default...b;en-us;282599
Getting an answer is one thing, learning is another.
Microsoft Windows XP Home Edition running on a 2.40GHz IntelŪ PentiumŪ 4 Processor with 512 MB of RAM and a 533 MHz System Bus.
hi md usa spybot fan,
what about this? please see pic below:
also a "False" positive?
please advise....
BTW, thanks for the info...
this is the lower part of the above picture...
i did a scan at jotti but found nothing....
btw, i have NOD32 AV & Norton Personal Firewall installed....
can anyone pls advise
I don't consider these false positives. The information from Paul Collins' Startup list is static information to help you decide the validity of the entry. There is no scan involved to actually determine if your particular entry is good or bad.
You can find Paul Collins' Startup list here:
- Startup Applications List
http://www.sysinfo.org/startuplist.php
Please go there and search for "ccApp.exe" (no quotes).
Getting an answer is one thing, learning is another.
Microsoft Windows XP Home Edition running on a 2.40GHz IntelŪ PentiumŪ 4 Processor with 512 MB of RAM and a 533 MHz System Bus.
hi md usa spybot fan,
i have go to the Paul Collin's website to search for it,
but i don't understand what its actually talking about...
can u pls guide me through?
btw, if these are not false positives and they are for real,
will it help if i were to reinstall a fresh copy window and delete everything is drive c?
what i mean is, during the reinstalling of windows, i delete everything in C drive, then reinstall a FRESH copy of windows, will the "Trojans/Virus" be remove from my comp?
or does it still stay inside my comp even if i were to install a fresh copy of window?
i m sorry for so many questions, as i have little knowledge of these trojans/virus....and also i have no idea how to remover them...
i guess the best way is to reinstall a fresh copy of windows n delete everything in c drive...
ccApp.exe is a Common Component of most Symantec (Norton) products, which is why it's found in the \Common Files\Symantec Shared\ folder. I wouldn't be worried about this since you mentioned the Norton Personal Firewall, which I happen to know includes this file.
You seem to be overly concerned that your PC has some sort of malware. Are you seeing symptoms that make you think this or is it just the information in the System Startup Tool screen that has you concerned?
The Advanced Mode Tools section of Spybot S&D is intended for experts, which you've stated yourself that you aren't, for this very reason. It can be very confusing to read some of these cryptic explanations, which is why a warning is given when you enter Advanced Mode that it can be dangerous to the operation of your PC to mess with these tools. Unlike the basic 'Check for problems', which is designed to work in a relatively simple manner, the Advanced Mode assumes you have a level of knowledge above that of the average user. We can't give you that knowledge in a couple posts, so I'd recommend you not use these tools to change anything at this point.
What you can do is look at each tool as you have, read the related help by clicking the help button in each screen and then look at each entry and try to understand its purpose. You obviously have barely started that process, since you have chosen to display an image of the System Startup entries rather then post the related '--- Startup entries list ---' portion of the View Report results in the same Tools section.
As you try each of these tools, do not Delete, Remove or Change anything until you are completely certain what the results might be. Return here and use the 'Search' selection at the top of the page to look for existing posts that might answer your question, then post your question if you can't find anything. Try putting 'Ctfmon.exe' in the search box for an example and you'll find the post md usa spybot fan linked you to.
If you believe that you really have something on your PC, you can follow the instructions in the following post and then post your own log in the Malware Removal forum elsewhere on this site.
http://forums.spybot.info/showthread.php?t=288
hi,
last few days i saw something weird in my NPF's log...
its written:
Local IP address: local host
Local Service Port: backdoor**(forgot the name but it start with backdoor)
Remote IP address: Local Host
Remote Service Port: *forgot which number
can you pls tell me whats the meaning of the log?
p/s: i don't understand whats the meaning of this log, but i feel very weird regarding this...especially the word "backdoor" and that is why i am OVERLY concern about my comp...
the next day after i turn on my comp to check the log again, the log has been already erased, i guess it refresh itself on a system shut down...
after that i downloaded spybot to scan my comp but nothing was found, and while exploring the functions in spybot, i happen to saw these problems so thats why I am very concern about...
and yes, indeed i should use spybot in beginner mode, but i was just exploring around and DID NOT change/delete any important settings that i can't 100% confirm its meaning...
anyway, its seems like you are thinking that I am just OVERLY CONCERN about my comp, well its fine then...
if needed, i will delete/stop this thread immeditaly...
anyway, thanks!
Posting Permissions
