One of our sales guys got some heavy-duty hijacker on his laptop. His browser keeps getting redirected to, errr, unpleasant sites of various kinds and he’s hit with continuous popups. I tried to have him clean it with an Ad-Aware deep scan. It detects and cleans multiple instances of hijackers, but when it’s done the problem is still there, just as bad as ever. Subsequent Ad-Aware scans show all the same hijackers in place. We need something else. I know that some of the downloadable software out there claiming to be anti-spyware is actually just the opposite. I need some advice and I trust you guys. What would be a good next step? If you know of a good tool to download or a trustable anti-hijack forum, please let me know. Sorry if I sound a little paranoid: this is getting to me. :mad:
Detail: Here are some of the things I’ve seen on the infected laptop.
Homepage on browser set to “About:blank”
An error on boot saying “unable to find bridge.dll”
Frequent browser redirects to “coolsearch.biz”
References to “Cool Web Search” in the Ad-Aware output
References to “winpup32” in the Ad-Aware output
I’ve seen multiple references on the web to tools called “hijackthis” and “cwshredder”. I have not attempted to downlaod them yet. Anyone know if they’re valid tools?
Quite valid. Since this is CoolWebSearch, you need to use CWShredder, the best layman’s tool to fix the problem. It fixes many versions of this nasty bit of crap easily.
If CWShredder keeps crashing, you need to download the tool (from the same site) to turn off the CWS’s SmartKiller, which shuts down cleaning tools. :mad:
Note, though, there are some versions of CoolWebSearch that CWshredder can’t clean yet. They use really obscure methods of hiding themselves and require an expert and other tools to clean properly.
That’s where Hijackthis comes in. It is the tool of choice for cleaning stubborn spyware and virus problems. However, you need someone who knows how to read a hijackthis log. If CWShredder can’t fix the problem, download hijackthis, and post the log in the forums at Spywareinfo.com. They will get back to you with a solution.
Oops, looks like RealityChuck and I were composing posts at the same time. Thanks, I’ll try CWShredder. Just wanted to be sure I wasn’t going to make things worse.
It will help a lot. That “unable to find bridge.dll” is probably due to an improper cleaning on the part of Ad-Aware.* The file (definitely spyware) has been removed, but the registry entry remains. Use hijackthis and delete entries that refer to bridge.dll.
*BTW, I never criticize the people who are making these products. It’s next to impossible to keep up with the spyware and they deserve a lot of credit for trying.
