NationStates Jolt Archive

im infected by apparently the mother of all whatever it is


it is continuing to alter my favorites, homepage and make popups.

it is not detected by ad-aware se, spybot s&d, OR spysweeper (and i have 3.0, because my free trial updates ran out)

and if it is a virus it is NOT detected by pandasoft scanner (the online one though) or avg anti-virus (newest free version)

if anyone has any ideas it keeps trying to set my homepages to fountainofyouth.com

I hate to say this, but you may have to switch from Internet Explorer. It probably will only affect IE, so try an alternative one like Mozilla. (http://www.mozilla.org/)

I hate to say this, but you may have to switch from Internet Explorer. It probably will only affect IE, so try an alternative one like Mozilla. (http://www.mozilla.org/)
you seem to be missing the point, i have fire fox, i still want to fix the god damn thing

I have the same thing I think. Hard to tell what it is though, as I have 65 viruses on my computer. AVG isn't all that helpful.
"65 infected files. Heal?"
"Yes."
"3 files healed"

AAARGH!

I have the same thing I think. Hard to tell what it is though, as I have 65 viruses on my computer. AVG isn't all that helpful.
"65 infected files. Heal?"
"Yes."
"3 files healed"

AAARGH!
make sure to update avg, the free version they just released for 2005 is alot better than the last one, and use online scanners from norton, i would suggest pandasoft

im infected by apparently the mother of all whatever it is


it is continuing to alter my favorites, homepage and make popups.

it is not detected by ad-aware se, spybot s&d, OR spysweeper (and i have 3.0, because my free trial updates ran out)

and if it is a virus it is NOT detected by pandasoft scanner (the online one though) or avg anti-virus (newest free version)

if anyone has any ideas it keeps trying to set my homepages to www.fountainofyouth.com
i don't think anyone should click that link, it probably reloads the spyware every time you go there and will infect anyone who clicks and is vulnerable. it kinda sounds like a Cool WebSurfer variant but i don't really know.

i don't think anyone should click that link, it probably reloads the spyware every time you go there and will infect anyone who clicks and is vulnerable. it kinda sounds like a Cool WebSurfer variant but i don't really know.
your not supposed to click it you moron, im saying thats what it turns it too

your not supposed to click it you moron, im saying thats what it turns it too
and yet you've given us the option to if we're so inclined. how thoughtful of you.

Mine becomes Web--Search.com

Go to the Microsoft security site and download the free anti virus and firewall. Also download all the latest security updates for your OS. Get the latest Firefox web browser. Download the latest free version of Adaware, not the trial demo of the full version. The basic free Adaware does scan and delete, and you can download the latest malware updates.

If you have a bad malware like "Bookspace", after Adaware scans try deleting the files separately and leave the registry entries, then reboot your PC and scan again. This time allow Adaware to delete the registry entries, because doing it yourself is tedious and dangerous.

UNLESS YOU CAN HELP DO NOT POST IN THIS TOPIC ANY MORE

Go to the Microsoft security site and download the free anti virus and firewall. Also download all the latest security updates for your OS. Get the latest Firefox web browser. Download the latest free version of Adaware, not the trial demo of the full version. The basic free Adaware does scan and delete, and you can download the latest malware updates.

If you have a bad malware like "Bookspace", after Adaware scans try deleting the files separately and leave the registry entries, then reboot your PC and scan again. This time allow Adaware to delete the registry entries, because doing it yourself is tedious and dangerous.
did you even read my post?

that sounds real familar from when i had problems with the Cool Web Surfer variants. they are eastern european(romanian maybe) and they are being constantly update to fool antvirus programs. you generally catch them from eastern european adult sites and they redirect your homepage and search pages to their crappy search sites. they are a real bitch to get rid of because they hide in multiple places and reinfect if you miss any bits.

there was a special utility to get rid of it, but the creater sold it to some crappy off brand antispyware company and i think any new updates are bundled with their pay products.

I had something like that, it kept changing my homepage and adding favorites (Hot bestiality now! sort of thing), I never could get rid of it.
If all else fails, backup what you dont want to lose and format, this might be your only option.
OR you could just deal with it, stuff the added favorties into a folder and forget them.

ooops the correct name for what i'm taking about is Cool Web Searcher(not surfer). here is a link to the company that now owns the CWS spredder utility.



http://www.intermute.com/spysubtract/cwshredder_download.html


you can still just download the cws shredder as a free stand alone utility

did you even read my post?


Yeah you said your Adaware was out of its demo trial time. There's a freeware version of Adaware SE at:

http://www.lavasoft.de/support/download/


Dude, I've cleaned a lot of Malware infections.

Yeah you said your Adaware was out of its demo trial time. There's a freeware version of Adaware SE at:

http://www.lavasoft.de/support/download/


Dude, I've cleaned a lot of Malware infections.
no, i didnt, please stop posting

i guess ill go hit up majorgeeks because no one here knows crap and im pretty sure its not cool web searchers becuase none of it is searcher stuff

Make sure that you turn off System Restore before scanning for viruses. Most new viruses install themselves into the protected System Restore folder so you can't delete them. Right click on My Computer and go to properties, then go to the System Restore tab and turn it off. Run your scan, delete the files, then turn System Restore back on. Also, you should probably get a full version virus blocker. I recommend Norton, but they're all very similar in effectiveness.

no, i didnt, please stop posting

i guess ill go hit up majorgeeks because no one here knows crap and im pretty sure its not cool web searchers becuase none of it is searcher stuff

maybe you shouldn't be so impolite to people that are trying to help you. Based on your replies to other people, if I did know how to fix it I doubt I'd bother telling you for fear of getting flamed.

Make sure that you turn off System Restore before scanning for viruses. Most new viruses install themselves into the protected System Restore folder so you can't delete them. Right click on My Computer and go to properties, then go to the System Restore tab and turn it off. Run your scan, delete the files, then turn System Restore back on. Also, you should probably get a full version virus blocker. I recommend Norton, but they're all very similar in effectiveness.
which system restore folder

maybe you shouldn't be so impolite to people that are trying to help you. Based on your replies to other people, if I did know how to fix it I doubt I'd bother telling you for fear of getting flamed.
if anyone knew how to fix it they wouldnt get flamed, the only person who has provided pertinent information didnt even read the first post or didnt read it very well

which system restore folder

I don't know where the folder is on the drive, but I know how to turn off the protection so that you can delete any viruses that managed to get in there.

if anyone knew how to fix it they wouldnt get flamed, the only person who has provided pertinent information didnt even read the first post or didnt read it very well

Well you came here asking for help, you don't have to be a dick about it.
:rolleyes:

I don't know where the folder is on the drive, but I know how to turn off the protection so that you can delete any viruses that managed to get in there.
if you mean system volume information i've opened that folder so it can be scanned and stuff removed

Well you came here asking for help, you don't have to be a dick about it.
:rolleyes:
because i expected help?

if you mean system volume information i've opened that folder so it can be scanned and stuff removed

That's not what I mean.

Right click on My Computer and go to properties, then to the System Restore tab. There should be a toggle which reads "turn off system restore on all drives." Press it then run your scan disk.

ooops the correct name for what i'm taking about is Cool Web Searcher(not surfer). here is a link to the company that now owns the CWS spredder utility.



http://www.intermute.com/spysubtract/cwshredder_download.html


you can still just download the cws shredder as a free stand alone utility
i'd really try the cws shredder, its a quick download and it runs fast. even if it doesn't help anything it shouldn't take more than 5 minutes

best thing you should do is just wipe your machine and backup everything you need like game saves and stuff the reason why i said wipe it most virus scaners spyware adware scaners never pick somestuff in the registy with is dangerus to mess about with

once your computers sorted do this

install http://www.javacoolsoftware.com/spywareblaster.html

it stops spyware and adware from getting in the first place you can lock your homepage and favs with it and it also protects firefox from spyware and adware
its recommed by spybot search and destory if you look in the Search and Destroy immunize section you should see what i am on about

I would also definitely try HijackThis (available from http://www.merijn.org/). It is usually very good at finding programs that have attached itself to browsers.

I would also definitely try HijackThis (available from http://www.merijn.org/). It is usually very good at finding programs that have attached itself to browsers.
yeah theres the program i forgot the name of

google the name of the spyware and see if it gives any help on how to remove it. (It would be ironic if you ended up in this thread through google.)
You might find some files (often dll files) or registry keys you have to remove manually. Often you won't be able to delete them just like that. If this is the case, the spyware attached itself to a vital process like explorer.exe.

-Open AAW and SB S&D
-Open register editor (Start, run, type 'regedit')
-Open a quarantaine tool if you have one for example from Norton,
-go to task manager: ctrl-alt-del
-shut down all suspect looking processes (.exe) after googling their name to see what they are.
-you might even have to shut down explorer.exe in task manager.
-If you have a virus quarantaine tool, you should now be able to remove said .dll's or other files.
-in regedit, search all folders for references to the spyware,i.e. URLs of websites the spyware directs you to, the names of unwanted icons on your desktop,...
-delete the keys and folders if they directly refer to the spyware.
-if they (registry folders, keys) do not refer to the spyware, but contain the name of the spyware, for example in the key that holds your Internet Explorer start page, edit said key and fill in the url of your desired start page.
-run AAW and SB S&D again.

I hope I haven't lost you after step 1. ;)
If this doesn't help, I'm sorry.

because i expected help?

No, because you asked for help. If your going to be a dick someone might just slip you step by step directions on fragging yourself. You can't "Expect" jack when "Expecting" free advice. :D

eh, you oughtta just format
if you dont wanna do that then try trendmicro.com