Obviously, ALL of my search needs could be accessed through this handy site. :rolleyes: I don’t even know what a URL with “res” IS!
I’ve tried Adaware, Spybot, CWShredder, Spywareblaster and Aluria as well as a daily updated version of Norton Profesional. This menace has blocked me from accessing doxdesk.com’s parsite scan. This bugger’s mean.
sniff
I explored the registry but, alas, I had NO idea what I was looking for.
NOTHING works.
Although I don’t *really * have a shotgun pointed at my monitor, pretend I do…
The “resource” protocol, courtesy MS KB. (Basically, the index.html page has been packaged as a resource in the wufha.dll file, which is somewhere on your hard drive, I’m guessing the windows\system32 directory.).
Can’t find any mention of that dll, so it’s probably a random name. Describing the page that comes up when it loads might help narrow down the problem.
Off the top of my head, I’d try booting in safe mode, then unregistering and deleting that dll file (“regsvr32 /u wufha.dll”) (since running in normal mode, there’s probably some process going to replace the file).
If you can’t do that, since that dll is probably redirecting traffic, try to find out where it’s going. “netstat -n” might help here, I dunno.
Then listen to GorillaMan. Figuring out which item in the startup tab is being a jerk is tedious, but can be made faster by the use of binary searching.
What you have, alas, is what’s called the about:blank variant of CoolWebSearch.
It is a bitch and a half to remove, since it uses a very obscure registry key to run (and it can’t be found in MSCONFIG), as well as using a randomly generated hidden file that can’t be found easily.
Your best bet is to get hijackthis (You should be able to reach this site if you can’t get to others) and go to http://www.spywareinfo.com and post your hijackthis log. Someone will guide you through the cleaning process.
If you can’t reach spywareinfo, look for all the entries in hijackthis beginning with O1 (they should give an IP address number and a site) and fix them all. Then try again.
CWShredder does not clean this variant; it’s too difficult.