Author Topic: CWS.HiddenDll (Read 1123 times)

guestolo · « **Reply #20 on:** October 30, 2005, 09:02:05 PM »

Do all the steps I asked about and then post the results of RegSearch tool
Remember to do all the steps

Afterwards, If you have IE-Spyad installed
Reinstall it

Open SpywareBlaster and check for updates
Then enable all protections

Open Spybot and check for updates
Then click the Immunize button>>Ok>>Immunize at the top menu bar

Then we'll go from there

Don't enable all the other protections yet

Also, I asked,
Is this the trial version of SpySweeper
How long before it expires?

charlie · « **Reply #21 on:** October 30, 2005, 09:43:30 PM »

I have a subscription with Spysweeper. Just renewed it about 2 months ago.

guestolo · « **Reply #22 on:** October 30, 2005, 09:47:59 PM »

Okay, we'll reenable the protection in a bit
What happened to the results of the RegSearch tool after you disabled all protections?

charlie · « **Reply #23 on:** October 31, 2005, 08:31:10 AM »

Hi Questolo

I disable all as you instructed and install the DelDomains, then ran the RegSearch again for coolwebsearch.com, searchmeup.com, and searchsquire.com. The result for coolwebsearch.com is this:

[color=\"red\"]REGEDIT4
; RegSrch.vbs © Bill James

; Registry search results for string "coolwebsearch.com" 1/11/2005 12:12:25 AM

; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Webroot\SpySweeper\Host File]
"acoolwebsearch.com"="127.0.0.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Webroot\SpySweeper\Host File]
"www.acoolwebsearch.com"="127.0.0.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Webroot\SpySweeper\Host File]
"coolwebsearch.com"="127.0.0.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Webroot\SpySweeper\Host File]
"www.coolwebsearch.com"="127.0.0.1"
[/color]

Nothing was found for searchmeup.com or searchsquire.com

charlie

guestolo · « **Reply #24 on:** October 31, 2005, 11:28:09 PM »

Those look like they are Spysweeper hosts file which leads me to believe you never entered SpySweeper Host file protection and disabled it

Again, as I said, with all the protection tools you have on your computer
And a couple not regularly recommended, they look like false positives

What do you think???

Guest · « **Reply #25 on:** October 31, 2005, 11:47:26 PM »

[quote name=\'guestolo\' date=\'Oct 31 2005, 10:28 PM\']Those look like they are Spysweeper hosts file which leads me to believe you never entered SpySweeper Host file protection and disabled it

[post=\"67473\"]<{POST_SNAPBACK}>[/post]

[/quote]

So If I do this, will the problem go away? I'm beginning to agree with you that it is a false positive.....as you call them.

So how do I enter Spysweeper Host file protection and disable it?

charlie

guestolo · « **Reply #26 on:** November 01, 2005, 12:02:33 AM »

Open Spysweeper
Click on Shields on the left
Click on the Hosts file tab
Uncheck all options in that tab

Again run RegSearch.vbs and search for the following

coolwebsearch.com

Do you get any results, if so

Open Hijackthis>>Open Misc tools section
Open Hosts file manager>>click the "Open In Notepad button"
A text file will open, copy and paste that text file back here

TheTechGuide Forum

News:

Author Topic: CWS.HiddenDll (Read 1123 times)

guestolo

CWS.HiddenDll

charlie

CWS.HiddenDll

guestolo

CWS.HiddenDll

charlie

CWS.HiddenDll

guestolo

CWS.HiddenDll

Guest

CWS.HiddenDll

guestolo

CWS.HiddenDll