Results 1 to 7 of 7

Thread: looking for advise

  1. #1
    Junior Member filborne's Avatar
    Join Date
    May 2006
    Posts
    3

    Exclamation looking for advise

    Hello...I'm new to your forum but an avid user of Spybot S&D...here is something I have noticed that S&D hasn't located but another proggy (SPYCATCHER) has...I don't have the log files cause it was a trial version,and have since removed the program, but I recall what was found and S&D hasn't. Could ya please help or add these to your product to locate and destroy these pest/problems...they are as follows

    WINFIXER
    CWS.HomeSearchAssistent

  2. #2
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,515

    Default

    Hi there.

    Please see:
    http://www.safer-networking.org/en/u...006-05-05.html
    Hijacker
    + CoolWWWSearch.HomeSearch + Dynamic Desktop Media + Teslaplus.com + CoolWWWSearch.Feat2Installer + CoolWWWSearch.Service + CoolWWWSearch.Feat2DLL
    I have not used SPYCATCHER so therefore cannot comment on what it found; it could have tagged something and be a false postive for all I know without seeing the details.

    There are many variants of Winfixer.

    If you would like to post a Spybot-S&D log someone can take a look at the system to see if it is clean.

    Instructions for version 1.4.
    • Open SpyBot, check for and get any updates available.
    • Close all browsers, check for problems and fix everything found in red
    • Then on the toolbar menu select mode and switch to advanced mode, on the left lower down select tools, and view report, ensure all the options are selected near the bottom except
    • Uncheck[ ] do not report disabled or known legitimate Items.
    • uncheck[ ] Include a list of services in report.
    • Uncheck[ ] Include uninstall list in report.
    • Now select (near the top) view report.
    • Press export in the save in box choose a place such as your my documents folder, then in your next post near the bottom select the "browse" button; navigate to and attach or post that report.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  3. #3
    Junior Member filborne's Avatar
    Join Date
    May 2006
    Posts
    3

    Default me again

    thnx for replying so fast here is my log...

    oh there was a hunt toolbar also being show...I went to regedit and deleted the /folder manager that it was located in ...if that may have been a location for either or.
    Last edited by filborne; 2006-05-08 at 01:54.

  4. #4
    Security Expert-Emeritus
    Join Date
    Oct 2005
    Posts
    5,025

    Default

    Your log looks fine
    Unless your searching or homepages are being redirected or changed Id say it a false possitive.

  5. #5
    Junior Member filborne's Avatar
    Join Date
    May 2006
    Posts
    3

    Default thnx

    thnx peeps for looking all this over...much appreciated!

  6. #6
    Junior Member
    Join Date
    May 2006
    Posts
    20

    Default Information from SpyCatcher

    Here is the inforamtion from Spy Catcher.
    Size: 247,458 bytes
    Threat level: High (more info...)
    Detections: 69,200 this month: 2,117
    Author: CoolWebSearch.com/Petro-Line, Ltd
    Appeared: 7/12/2005
    Research

    Spyware Information: CWS.HomeSearchAssistent
    This is a hijacker application. Hijackers take control of your web browser's settings, and usually change your homepage, search page or other default pages to point to web sites owned by the hijacker. Since the hijackers can make money just based on the number of visits to their web sites, they benefit from forcing you to view their web sites each time your web browser opens.

    Method of infection: CWS.HomeSearchAssistent, also known as Home Search Assistent, may be the latest CoolWebSearch variant. It can be downloaded from removed url or it can be automatically installed via drive-by download.

    CWS.HomeSearchAssistent appears to be closely related to CWS.about:blank. It is distributed on the removed url website, which claims to be run by "Petro-Line, Ltd". The domain name is registered to "Pavel Petroff (support-cc@yellow500.com)". Yellow500.com is a pornographic website. Therefore, the removed url website may be a facade for the distribution of CWS.HomeSearchAssistent.
    Advertising: CWS.HomeSearchAssistent replaces Internet Explorer's home page with 'about:blank'. The 'about:blank' page, however is hijacked to display an advertising page. CWS.HomeSearchAssistent also creates popup advertisements.
    Browser degradation: CWS.HomeSearchAssistent hijacks common Internet Explorer pages, including homepage, search page, blank page, and search assistant page.

    Hijackers don't normally damage your computer or steal your personal information.

    Privacy policy: Available online here.
    Security issues: CWS.HomeSearchAssistent may have the ability to update itself automatically. These updates can contain arbitrary code and may significantly alter the performance of CWS.HomeSearchAssistent.
    Stability issues: CWS.HomeSearchAssistent may cause significant system instability.
    Spyware Detection Stats
    Spyware Fingerprints: 91,468
    Detections: 5,207,279
    Detections this Month: 75,505
    Last edited by tashi; 2006-05-17 at 01:49. Reason: Removed live urls leading to possible infection

  7. #7
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,515

    Default

    Not sure what that has to do with filborne's question.
    Quote Originally Posted by LonnyRJones
    Your log looks fine
    Unless your searching or homepages are being redirected or changed Id say it a false possitive.
    Also information becomes outdated quite quickly:
    CWS.HomeSearchAssistent, also known as Home Search Assistent, may be the latest CoolWebSearch variant.
    CWS has continued into 2006 under new guises.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •