Elliot Posted January 6, 2005 Share Posted January 6, 2005 Hello, I have been seriously attacked by CSW (Cool Webb Search). A new variety that is very nasty. I disconnected the machine from the network. During the last 24 hours I have tried everything that is on the web and I can't get rid of it. Has anybody been attacked by a CWS and succesfully removed the Trojan without having to reformat? Thanks Elliot Link to comment Share on other sites More sharing options...
Ismael Posted January 6, 2005 Share Posted January 6, 2005 Elliot, http://spywareinfo.com/~merijn/ Totally check that site. Best info on that subject. Ismael Link to comment Share on other sites More sharing options...
Elliot Posted January 6, 2005 Author Share Posted January 6, 2005 Ismael, Thanks for the information. I have been in panic for the last 30 hours. I have been at the site you mentioned on your message. During the last 30 hours I must have spent about $300.00 on usless software that can identify the CWS but not remove it. I talked with a very pleasant girl at Spy Sweeper and almost begged for help. She sent a utility they do not publish. This utility is like a super cleaner with powerfull ACID or something like that. She wrote on the EMail... "Use at your own risk...". Well, it worked..... Now the problem is that some of the programs are not loading correctly. But this is just a small issue.... I will be more than glad to reload the programs that have been affected. It was rough. I would go into the registry and erase all the problems. Re-boot the computer and within the first 10 to 15 minutes Pcillin anti-virus would find 400 to 500 traces of the virus on my system. This is a horrible variation of this nasty virus. It hijacked my browser. Everytime I would touch the browser not only it will send me to the Anti Virus software makers but additionally the RED ALERT sign of PCilllin would flash on the center of the screen and anounced that a new trace was just created. It was incredible.... Never seen anything like this. I have add hijack issues before but this one was NASTY. This took me out of circulation the entire day. This was on the new AMD computer I put together three months ago. One fringe benefit, my IE had slowed down and now it is very fast. I have one of those 5mbit cable connections and sometimes it is fast. When the young guys return from work and start using the Internet is slows down. I am looking for a new neighborhood. Told my wife the main request is that I want OLD neighbors.... you know the kind allergic to computers..... that way I don't have to share the connection..... He he At any rate thanks very much for the information. Regards Elliot Hey Ismael, I sent to you an E Mail.... did you get it...? I may have the wrong E Mail. My E Mail is still the same for the last 12 years....! This age thing is really getting to me. Today in downtown Atlanta at a construction site, one of the workers asked somebody to take care of the GRANDPA.... refering to me....! I just smiled and told him "DON'T WORRY EVERY TURKEY WILL GET HIS THANKSGIVING" He he he he Link to comment Share on other sites More sharing options...
Ismael Posted January 6, 2005 Share Posted January 6, 2005 Elliot, Fine time to tell me you sent me an email!!! I didn't get it. Probably got lost or blocked somewhere in cyberspace. Definitely you should stop hanging with those kids on tha block. With so many problems you've posted here lately, most definitely sounds like the wrong crowd. Take care, Ismael Link to comment Share on other sites More sharing options...
Elliot Posted January 6, 2005 Author Share Posted January 6, 2005 Ismael, I sent you the E Mail a copule of days ago. I will try again. The crowd here is pretty weird but they are OK..... He he he I feel like at home and fit perfectly well.... See you Elliot Link to comment Share on other sites More sharing options...
Elliot Posted January 6, 2005 Author Share Posted January 6, 2005 Ismael, I tried to send to you a private E Mail through the forum but you have that feature disabled. If you still have my E Mail send me an message so I can pick up your address. Elliot Link to comment Share on other sites More sharing options...
Iain Denby Posted January 6, 2005 Share Posted January 6, 2005 Elliot Out of interest, how do you think you got it onto your system? Link to comment Share on other sites More sharing options...
abicalho Posted January 6, 2005 Share Posted January 6, 2005 I got it in my system through a vulnerability in Sun's Java. After I removed it (a painful process), I uninstalled Java and will never ever use it anymore. I remember the HD started cranking up, a pop-up window showed up, Java started, and then I saw many many things being installed, among them the nasty CWS guy. That reminded me that I should always keep my HD's ghost image up to date. Now I have it ghosted, and update it once a month or so. Sorry to hear you guys had this problem. Many here in our office had it too, and it was easier to remove in XP SP2, since there you can disable the ActiveX Controls you want to. Link to comment Share on other sites More sharing options...
Elliot Posted January 6, 2005 Author Share Posted January 6, 2005 Hello Dibbers and Alex, I have two different networks here with even different connections to the internet. One connects through DSL and the other through cable. I had to do this because either service providers were reliable enough for my business. My business is 80% dependant on the internet. The connection thought the cable gets attacked all the time. I even had a neighbor that would send me messages when I was on the laptop. It is amazing how they do this, I complained to the ISP and they came over but couldn't do a thing about it. What a nightmare.... I got a nasty variation.... I started reading on the web about companies offering a free removal software. You download the software and it will identify the virus. At the end of the setion they all say you have to pay the $39.99 to remove the virus. I must have purchased 6 of them. None of them work. There is no phone support. It is just a scam. The virus hijacks your explorer and just points to these software companies. Any good detective could see the case very clearly. My suspicion is that I got it through Active X and Java. I know that part is accurate. However, I don't understand how it works. I tried Lavasoft and Spybot who are the kings of the hill on these issues and they couldn't remove it. However, Spysweeper gave the secret utility that removed the darn thing. The utility also removed my SATA raid settings but not my SCCI Raid settings. The name of the un-published at your own risk utility is "HiJack This" At the end I will be grateful to the hijackers. I don't know what I did but my machine is even faster now. After all the cleaning now the AMD is faster than the XEON. He he he On another note, it is a strange coincidence that Microsft announced today that they are giving Free antivirus software to the people using Windows. I guess they are realizing their commercial vulnerability. I wish these "Bad Guys" would use their intelligence to create a new "Windows" to compete against Microsoft. On the way they could could probably fix 3D Max. He he he Thanks to both of you....! Elliot Link to comment Share on other sites More sharing options...
abicalho Posted January 6, 2005 Share Posted January 6, 2005 My suggestion to you: get a hardware firewall, like a Linksys or something like that. I never got a single attack through neighbors, etc after I got the firewall. There are ways to configure the firewall to allow access to ports if you need FTP or other services. The reason why the anti-spyware cannot remove these is because they're very smart. Simple as that. I think that the fact we run as power users also doesn't help much. Maybe what we need is a semi-power user setup, where these things wouldn't be installed, but our apps would still run. Sorry to hear you have so many problems with providers too. I'm glad we have good ones here at home. Alexander Link to comment Share on other sites More sharing options...
Elliot Posted January 6, 2005 Author Share Posted January 6, 2005 Alex, One system I have it with a LinkSys and the other with D-Link routers. This guy can still go through. The tech for the ISP has become a friend and he help me configure the system. We have several layers of protection. I have not seen the neighbor lately. Maybe we are keeping him out.... He he he Guess who owns the cable ISP, Charter Communications. Bill's partner.... Paul..! These ISP in this part of Atlanta is not very good. When I lived in KY there was a company called InSight and they are just great. In Florida we use Comcast and they are acceptable.... Charter is OK but their eqipment is grossly outdated. Thanks Elliot Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now