Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: infected with malware help with removal

11 May 2017   #1
cosmicanddavid

 
 
infected with malware help with removal

man i did a 1 quickfix deep clean with glary utlities while i was watching the folders it was cleaning and scanning i noticed the words coolwebsearch is in my pc the scan was going so fast i didnt get the chance to find out where it was in my pc??i did a folder name search with glary folder search and it doesnt show coolwebsearch on my pc i know it not running because roguekiller preminum hasnt found it microsoft essentials havent picked it up what the best way to find it in my pc or remove it??autoruns and processexplorer not showing it up either any tips would be grateful


My System SpecsSystem Spec
.
11 May 2017   #2
marsmimar

Microsoft Community Contributor Award Recipient

 
 

I'm not a security expert. Based on a Google search for "coolwebsearch" it appears to be classified as adware and/or browser hijacker and/or potentially unwanted program. Two free utilities often recommended at Seven Forums are AdwCleaner and Junkware Removal Tool.

Downloads - AdwCleaner - ToolsLib

Malwarebytes | Junkware Removal Tool

Hopefully others more experienced with malware removal will jump in with other suggestions.
My System SpecsSystem Spec
12 May 2017   #3
cosmicanddavid

 
 

i did a scan this morning i dont know if it a folder or registry but i can see the start of the file or folder got letters and numbers assorted any help appriated thanks
My System SpecsSystem Spec
.

12 May 2017   #4
cosmicanddavid

 
 

found out the last words of the file folder or reg key is /homesearch but it got coolwebsearch before it any help be gratefull thanks adwcleaner and junk remover didnt shift it!
My System SpecsSystem Spec
12 May 2017   #5
Callender

Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
 
 

My System SpecsSystem Spec
12 May 2017   #6
cosmicanddavid

 
 

thank you will try that first thing in the morning with my daily cleanup and defrag and system health check

thanks Callender
My System SpecsSystem Spec
13 May 2017   #7
cosmicanddavid

 
 

~ ZHPCleaner v2017.5.12.80 by Nicolas Coolman (2017/05/12)
~ Run by cosmicpc (Administrator) (13/05/2017 08:43:00)
~ Web: Nicolas Coolman | By Nicolas Coolman...
~ Blog: Anti-Malware Zone - Actualité Anti-Malware
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Repair
~ Report : C:\Users\cosmicpc\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\cosmicpc\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
~ UAC : Activate
~ Boot Mode : Sans échec avec prise en charge du réseau (Fail-safe with network boot)
Windows 7 Professional, 64-bit Service Pack 1 (Build 7601)


---\\ Services (0)
~ No malicious or unnecessary items found.


---\\ Browser internet (0)
~ No malicious or unnecessary items found.


---\\ Hosts file (1)
~ The hosts file is legitimate (1)


---\\ Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found.


---\\ Explorer ( File, Folder) (6)
MOVED file: C:\Users\cosmicpc\AppData\Local\temp\~autoupdate.dat =>.Superfluous.Temporary.Empty
MOVED file: C:\Users\cosmicpc\AppData\Local\temp\~gu3-ver.dat =>.Superfluous.Temporary.Empty
MOVED folder: C:\ProgramData\InstallMate =>.Superfluous.Tarma
MOVED folder: C:\ProgramData\Application Data\IObit\ASCDownloader =>.Superfluous.AdvanceSystemCare
MOVED folder: C:\ProgramData\IObit\ASCDownloader =>.Superfluous.AdvanceSystemCare
MOVED folder: C:\Users\cosmicpc\AppData\Roaming\IObit\Advanced SystemCare =>.Superfluous.AdvanceSystemCare


---\\ Registry ( Key, Value, Data) (1)
DELETED data: [X64] HKLM\SOFTWARE\Classes\htmlfile\Shell\Open\Command\\Default [Bad : [html] "%1" %*] =>Broken.OpenCommand


---\\ Summary of the elements found (4)
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.Superfluous.Temporary.Empty
https://www.nicolascoolman.com/fr/pup-tarma/ =>.Superfluous.Tarma
https://www.anti-malware.top/2016/10/07/superfluous-advancesystemcare/ =>.Superfluous.AdvanceSystemCare
https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/ =>Broken.OpenCommand


---\\ Other deletions. (1)
~ Registry Keys Tracing deleted (1)
~ Remove the old reports ZHPCleaner. (0)


---\\ Result of repair
~ Repair carried out successfully
~ Browser not found (Google Chrome)
~ Browser not found (Opera Software)


---\\ Statistics
~ Items scanned : 697
~ Items found : 0
~ Items cancelled : 0
~ Items repaired : 7


~ End of clean in 00h00mn12s
~====================
ZHPCleaner-[R]-13052017-08_43_12.txt
ZHPCleaner-[S]-13052017-08_42_24.txt

no luck at all

tried hijack this but it cant remove files from systemroot??
My System SpecsSystem Spec
13 May 2017   #8
cosmicanddavid

 
 

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 9:02:43 AM, on 5/13/2017
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18666)


Boot mode: Safe mode with network support

Running processes:
C:\Users\cosmicpc\Documents\saturday scan\Adaware_Installer.exe
C:\Users\cosmicpc\Documents\saturday scan\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = MSN.com - Hotmail, Outlook, Skype, Bing, Latest News, Photos Videos
O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: HmaOpenVpn Service (HmaOpenVpnService) - The OpenVPN Project - C:\Program Files (x86)\HMA! Pro VPN\bin\openvpnserv.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Malwarebytes Anti-Exploit Service (MbaeSvc) - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Sandboxie Service (SbieSvc) - Sandboxie Holdings, LLC - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 3394 bytes


hijack this cant delete certain files what now??
My System SpecsSystem Spec
13 May 2017   #9
Callender

Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
 
 

Try this dedicated removal tool then:

CoolWWWSearch SmartKiller MiniRemoval Download
My System SpecsSystem Spec
13 May 2017   #10
cosmicanddavid

 
 

no luck at all even scanned with ad ware and using registry manager home free cant find anything related to the keywords wierd
My System SpecsSystem Spec
Reply

 infected with malware help with removal




Thread Tools




Similar help and support threads
Thread Forum
Malware Removal Guide 2011: How to Get Rid of All The Latest Malware
Read more at: Maximum PC | Malware Removal Guide 2011: How to Get Rid of All The Latest Malware
Security Basics
Is my computer infected with Malware? Or is this just an error?
I joined this forum a couple minutes ago because I have a serious problem with my computer. And please, if you want to explain how to fix this problem do it so that I can understand :). I am not very experienced with computers. All I know is some basic stuff like how to run games, installing stuff,...
General Discussion


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 22:22.
Twitter Facebook Google+ Seven Forums iOS App Seven Forums Android App