I haven't had a good look at your log, but from a quick scan, I think you have a possible browser hijacker called Toolbar CC, for more information go to Doxdesk, this is a useful site for parasite information, whether it is spyware, browser hijackers etc. It is often better to use one of the very good freeware spyware removers AdAware or Spybot Search and Destroy to find spyware. Once found, if it is straightforward tracking cookies or registry entries, then you can use those programs to remove them, but if it is some of the more insidious stuff, then it is better to use Add/Remove Programs or if not available, follow specific removal instructions from sites such as Doxdesk. You also seem to have MSBlast.exe running, which is the Blaster worm. This will prevent you from connecting to the Windows update site and updating the security patches. First you need to press Ctrl-Alt-Delete to bring up the Task Manager and then click on running processes and end MSBlast.exe. Then you need to Go to Windows Update and download the RPCSS patch (you should find it if you search Windows Update). Once you have done this you will need to download and run one of the Blaster removal tools, you will find one on the Symantec site or run the Stinger tool. Once you have removed the threat, shut down System Restore to remove it from the restore volume, then restart it again. I would recommend that you visit the Windows Update site after this, as if you are missing the RPCSS patch, there will be others you have missed. Also make sure that you have antivirus software installed and the definitions are up to date. There is free AV software available at www.grisoft.com if you don't have any installed, but don't install more than one.
I will reply with a detailed removal instructions using the hijackthis program at approx 13:30 GMT - sorry at work at present.
At present we only have one or two people able to give these detailed removal instructions, others are being trained. Any interested in learning, please read my post in the forum feedback board, I would like another 3 or 4 of our regualars to join the classroom at tomcoyotes site.
You have a CWS infection which spybot and ad-aware will not be able to remove.
Download cwshedder (Link on my site under malware section - link to my site below). This is a special program that has been written just to remove the hundereds of types of infections that CWS inflict on users.
Reboot and then post back with a fresh log as a reply to this thread.
richarw
3 Posts
0
December 3rd, 2003 21:00
richarw
3 Posts
0
December 3rd, 2003 21:00
richarw
3 Posts
0
December 3rd, 2003 21:00
I haven't had a good look at your log, but from a quick scan, I think you have a possible browser hijacker called Toolbar CC, for more information go to Doxdesk, this is a useful site for parasite information, whether it is spyware, browser hijackers etc. It is often better to use one of the very good freeware spyware removers AdAware or Spybot Search and Destroy to find spyware. Once found, if it is straightforward tracking cookies or registry entries, then you can use those programs to remove them, but if it is some of the more insidious stuff, then it is better to use Add/Remove Programs or if not available, follow specific removal instructions from sites such as Doxdesk.
You also seem to have MSBlast.exe running, which is the Blaster worm. This will prevent you from connecting to the Windows update site and updating the security patches. First you need to press Ctrl-Alt-Delete to bring up the Task Manager and then click on running processes and end MSBlast.exe. Then you need to Go to Windows Update and download the RPCSS patch (you should find it if you search Windows Update). Once you have done this you will need to download and run one of the Blaster removal tools, you will find one on the Symantec site or run the Stinger tool. Once you have removed the threat, shut down System Restore to remove it from the restore volume, then restart it again. I would recommend that you visit the Windows Update site after this, as if you are missing the RPCSS patch, there will be others you have missed. Also make sure that you have antivirus software installed and the definitions are up to date. There is free AV software available at www.grisoft.com if you don't have any installed, but don't install more than one.
ChrisRLG
3.9K Posts
0
December 4th, 2003 07:00
I will reply with a detailed removal instructions using the hijackthis program at approx 13:30 GMT - sorry at work at present.
At present we only have one or two people able to give these detailed removal instructions, others are being trained. Any interested in learning, please read my post in the forum feedback board, I would like another 3 or 4 of our regualars to join the classroom at tomcoyotes site.
ChrisRLG
3.9K Posts
0
December 4th, 2003 10:00
Hi
You have a CWS infection which spybot and ad-aware will not be able to remove.
Download cwshedder (Link on my site under malware section - link to my site below). This is a special program that has been written just to remove the hundereds of types of infections that CWS inflict on users.
Reboot and then post back with a fresh log as a reply to this thread.