Author Topic: Hijacker- 'coolweb' dial up connection???  (Read 4968 times)

0 Members and 1 Guest are viewing this topic.

Offline paul barette

  • Newbie
  • *
  • Posts: 4
    • View Profile
Hijacker- 'coolweb' dial up connection???
« on: August 11, 2006, 09:02:15 AM »
Hi

I have uninstalled my norton anti virus (on the advice of a computer expert) as it would let many viruses through and installed avast which detected 5 viruses off line and about 6 online. I have noticed a 'coolweb' dial up network connection in my network connections and after some research I believe it is a hijacker. What is a hijacker- what will it do to my system and how can I get rid of it??!! After deleting the viruses/trojens that avast discovered I still have this 'coolweb' connection. Does this mean it is undetectable?? My hijackthis logfile is attched.

Would be so appreciative for any help you can give me!

Logfile of HijackThis v1.99.1
Scan saved at 00:51:47, on 11/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5450.0004)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ntl\ntl Netguard\fws.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\00THotkey.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\Program Files\TOSHIBA\PadTouch\PadExe.exe
C:\WINDOWS\LTSMMSG.exe
C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Common Files\{108BF3C3-05D7-2057-0428-04121220002c}\Update.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Sports Interactive\Football Manager 2006\fm.exe
C:\DOCUME~1\BOZ\LOCALS~1\Temp\~e5.0001
C:\Documents and Settings\BOZ\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ntlworld.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - Default URLSearchHook is missing
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [PadTouch] "C:\Program Files\TOSHIBA\PadTouch\PadExe.exe
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TFncKy] C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R220 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE /P30 "EPSON Stylus Photo R220 Series" /O6 "USB001" /M "Stylus Photo R220"
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [IMCServerAutoStart] "C:\Program Files\InterVideo\IMCSvr\IMCSvr.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\nbj.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk/
O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - https://www.wanadoo.co.uk/time/anytimereg_dialer/dialer/dialers/sd0101_5.exe
O16 - DPF: {1986331A-38FD-428D-9286-3BECCB3D995B} (UserCheck.UserChecker) - http://geoffrey.win2k.wkac.ac.uk/checkInstall153/BlueSocket153.CAB
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {38F5F92F-BD40-40DF-A569-6C1FCB638190} (InSPECS3_0 Control) - http://www.powerleap.com/cab_files/InSPECS3_0.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1141197701930
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1153614154969
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {AD7D424D-57BE-499A-A850-FCA502A2725B} (UserCheck.UserChecker) - http://geoffrey.win2k.wkac.ac.uk/checkInstall152/BlueSocket152.CAB
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://www.driveragent.com/files/driveragent.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{76D36819-124D-4A22-9161-D44F2525162F}: Domain = winchester.ac.uk
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Radialpoint Service (FWS) - Radialpoint Inc. - C:\Program Files\ntl\ntl Netguard\fws.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 20759
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Hijacker- 'coolweb' dial up connection???
« Reply #1 on: August 12, 2006, 10:43:59 PM »
Hi, paul barette.  Welcome to LandzDown Forum.  Follow these instructions carefully.  You may want to print them so you don't miss a step.

A.  It doesn't look as though everything is cleared up yet and there are still remnants of Norton left on your computer. For the easier part, go to this site and follow the instructions:  http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2005033108162039?

B.  Next, please install HijackThis in its own folder in Program files so backups won't be lost.  C:\Documents and Settings\BOZ\Desktop\HijackThis.exe

C.  Please download the following programs:
  • Please download CCleaner v1.30.310 - Slim from http://www.ccleaner.com/download/builds.aspx  . 
  • Download ewido anti-spyware from HERE.  Save the file to your desktop so  you can locate it.
    • Locate the ewido anti-spyware icon on the desktop.
    • Double-click the large yellow "e" ewido icon to launch the set up program. 
    • The installation will require a restart of the computer.
    Launch ewido to update to the latest definition files.
    • On the main screen select the "Update" icon
    • Click "Start Update".  The update will start and a progress bar will show the updates being installed.
    • If you have problems with the updater, you can use this link to manually update ewido --   ewido manual updates
    ewido settings
    • Select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
    • In the Settings screen click "Recommended actions" and then select "Quarantine".
    • Under "Reports"
      • Select "Automatically generate report after every scan"
      • DE-Select "Only if threats were found"
      • close ewido
    D. While performing the cleanup functions, you will need to disable Ad-Watch.

    To disable Ad-Watch:
    • Right-click on the Ad-Watch icon in the system tray
    • Select "Restore Ad-Watch"
    • At the bottom of the screen you will see 2 options -- Active and Automatic.
    • Uncheck both options (red X).
    • Since you will likely be doing several shutdown/restarts, under Tools  & Preferences > Options > Activity > Deselect  "Load Ad-Watch at Windows startup".  This can be re-enabled after cleanup.
    E.  Instructions for using CCleaner:
    • Close all open programs, including Internet Explorer, Fire Fox and any instances of Windows Explorer.
    • Launch CCleaner and under Options > Advanced > UNcheck "Only delete files in Windows Temp folder older than 48 hours".
    • A pop up box will appear advising this process will permanently delete files from your system.
    • To protect logon cookies that you wish to retain, under Options > Cookies.  Select and using the arrow move those cookies to the "Cookies to keep" column.
    • Then select the following items
      • In the Windows Tab:
        • Clean all entries in the "Internet Explorer" section.
        • Clean all the entries in the "Windows Explorer" section.
        • Clean all entries in the "System" section except Windows Log Files.
      • In the Applications Tab:
        • Clean all in the Firefox/Mozilla section if you use it.
        • Clean all in the Opera section if you use it.
        • Clean Sun Java in the Internet Section.
        • Please UNcheck "Utilities" (i.e., Ad-Aware, ewido and other security program logs.)
    • Click the "Run Cleaner" button and it will scan and clean your system.
    • Click exit. 
    • Shutdown/restart the computer.

    F.  Next, please reboot your computer in SafeMode by doing the following:
    • Restart your computer
    • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
    • Instead of Windows loading as normal, a menu should appear
    • Select the first option, to run Windows in Safe Mode.
    G. Scanning and system cleanng with ewido. 
    • Lauch ewido-anti-spyware by double-clicking the icon on the desktop. IMPORTANT: Do not open any other windows or programs while ewido is scanning, it may interfere with the scanning proccess.
    • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan"
    • ewido will now begin the scanning process.  Be patient as this may take a little time.
    • While scanning, ewido will list any infections found on the left side.
    • When the scan is completed, the recommended action should be set to Quarantine.  If not click Recommended Action and set it there. Click the Apply all actions button. Ewido will display "All actions have been applied" on the right side.
    • Click on "Save Report", then "Save Report As".  This will create a text file.  Make sure you know where to find this file again (like on the Desktop).
    • Close ewido.

    H.  While in safe mode, look for and delete the following. 
    C:\Program Files\Common Files\{108BF3C3-05D7-2057-0428-04121220002c}\Update.exe

    I.  Restart in normal mode and scan with HijackThis.  Place a checkmark next to each of the following items and click FIX CHECKED:

    R3 - Default URLSearchHook is missing
    O3 - Toolbar: (no name) - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - (no file)
    O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - https://www.wanadoo.co.uk/time/anytimereg_dialer/dialer/dialers/sd0101_5.exe


    J.  Shutdown/restart and post a reply with the following:
    • ewido log
    • a fresh HijackThis log
    Please let us know how you're doing.


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

    Offline paul barette

    • Newbie
    • *
    • Posts: 4
      • View Profile
    Re: Hijacker- 'coolweb' dial up connection???
    « Reply #2 on: August 12, 2006, 11:06:53 PM »
    Corrine

    Thank you so much for your reply and suggested help. Unfortunately I decided to do a complete system recovery which I have literally done in the last hour!!! I'll hopefully not pick any viruses now as I am much more aware of the programmes I need to keep safe...however if I ever do- Ill come back to the forum for some help you so kindly offer!

    Thank you
    Paul

    Offline Corrine

    • The Mystical Rose
    • Administrator
    • Hero Member
    • *****
    • Posts: 20759
    • "Stronger than the past, united in our goal."
      • View Profile
      • Security Garden
    Re: Hijacker- 'coolweb' dial up connection???
    « Reply #3 on: August 12, 2006, 11:27:14 PM »
    You're welcome, Paul. 

    By "system recovery", I take that to mean that you formated and reinstalled your operating system and software or did a "system restore" to an earlier date.  Either way, be sure to check for Windows Updates.  This past Patch Tuesday included a number of highly critical updates, particularly MS06-040.

    For additional information on protecting your PC, please see Tony Klein's "So how did I get infected in the first place?" for important tips on how to prevent future infections.  There is also a lot of helpful information in "Mitch's Good Stuff" linked from here.

    Install and update both SpywareBlaster & SpyGuard to prevent the installation of spyware and other potentially unwanted software:
     
    SpywareBlaster -- http://www.javacoolsoftware.com/spywareblaster.html 
    SpywareGuard --  http://www.javacoolsoftware.com/spywareguard.html 

    If you use Internet Explorer, IE-Spyad will add thousands of sites into your IE restricted zone:  http://www.spywarewarrior.com/uiuc/resource.htm

    Another useful program is StartupMonitor, which will warn you when somethings tries to sneak in:  http://www.mlin.net/StartupMonitor.shtml

    Regards,


    Corrine :rose:


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

    Offline paul barette

    • Newbie
    • *
    • Posts: 4
      • View Profile
    Re: Hijacker- 'coolweb' dial up connection???
    « Reply #4 on: August 13, 2006, 10:17:41 AM »
    Wicked. Yeah I did mean I reformatted then drive and installed the operating system. I already use speybot, adaware, avast anti virus, and windows defender. Ill add the programs you mentioned below too! Just downloading service pack 2 then its all set up for autimatic updates so I should up to date within the next couple of days! Thanks again.

    Paul

    Offline Corrine

    • The Mystical Rose
    • Administrator
    • Hero Member
    • *****
    • Posts: 20759
    • "Stronger than the past, united in our goal."
      • View Profile
      • Security Garden
    Re: Hijacker- 'coolweb' dial up connection???
    « Reply #5 on: August 13, 2006, 11:24:20 AM »
    You're welcome, Paul. 


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

    Offline Aaron Hulett

    • Administrator
    • Hero Member
    • *****
    • Posts: 1458
    • Schrödinger's cat walks into a bar... and doesn't.
      • View Profile
      • My Site
    Re: Hijacker- 'coolweb' dial up connection???
    « Reply #6 on: August 13, 2006, 08:23:24 PM »
    You may want to switch to Microsoft Update via http://update.microsoft.com/microsoftupdate.  It provides the same updates to Microsoft Windows that you already receive via Windows Update, but also updates other items, such as Microsoft Office 2003 which you appear to be running.

    Aaron

    Offline paul barette

    • Newbie
    • *
    • Posts: 4
      • View Profile
    Re: Hijacker- 'coolweb' dial up connection???
    « Reply #7 on: August 14, 2006, 07:51:38 AM »
    Hi Aaron

    Thanks for the advice- well ahead of ya tho!!!! All signed up for microsoft update!!

    Cheers
    Paul