infected with malware help with removal

Page 1 of 2 12 LastLast

  1. Posts : 83
    windows 7
       #1

    infected with malware help with removal


    man i did a 1 quickfix deep clean with glary utlities while i was watching the folders it was cleaning and scanning i noticed the words coolwebsearch is in my pc the scan was going so fast i didnt get the chance to find out where it was in my pc??i did a folder name search with glary folder search and it doesnt show coolwebsearch on my pc i know it not running because roguekiller preminum hasnt found it microsoft essentials havent picked it up what the best way to find it in my pc or remove it??autoruns and processexplorer not showing it up either any tips would be grateful
      My Computer


  2. Posts : 10,994
    Win 7 Pro 64-bit
       #2

    I'm not a security expert. Based on a Google search for "coolwebsearch" it appears to be classified as adware and/or browser hijacker and/or potentially unwanted program. Two free utilities often recommended at Seven Forums are AdwCleaner and Junkware Removal Tool.

    Downloads - AdwCleaner - ToolsLib

    Malwarebytes | Junkware Removal Tool

    Hopefully others more experienced with malware removal will jump in with other suggestions.
      My Computer


  3. Posts : 83
    windows 7
    Thread Starter
       #3

    i did a scan this morning i dont know if it a folder or registry but i can see the start of the file or folder got letters and numbers assorted any help appriated thanks
      My Computer


  4. Posts : 83
    windows 7
    Thread Starter
       #4

    found out the last words of the file folder or reg key is /homesearch but it got coolwebsearch before it any help be gratefull thanks adwcleaner and junk remover didnt shift it!
      My Computer


  5. Posts : 4,776
    Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
       #5
      My Computer


  6. Posts : 83
    windows 7
    Thread Starter
       #6

    thank you will try that first thing in the morning with my daily cleanup and defrag and system health check

    thanks Callender
      My Computer


  7. Posts : 83
    windows 7
    Thread Starter
       #7

    ~ ZHPCleaner v2017.5.12.80 by Nicolas Coolman (2017/05/12)
    ~ Run by cosmicpc (Administrator) (13/05/2017 08:43:00)
    ~ Web: Nicolas Coolman | By Nicolas Coolman...
    ~ Blog: Anti-Malware Zone - Actualité Anti-Malware
    ~ Facebook : https://www.facebook.com/nicolascoolman1
    ~ State version : Version OK
    ~ Type : Repair
    ~ Report : C:\Users\cosmicpc\Desktop\ZHPCleaner.txt
    ~ Quarantine : C:\Users\cosmicpc\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
    ~ UAC : Activate
    ~ Boot Mode : Sans échec avec prise en charge du réseau (Fail-safe with network boot)
    Windows 7 Professional, 64-bit Service Pack 1 (Build 7601)


    ---\\ Services (0)
    ~ No malicious or unnecessary items found.


    ---\\ Browser internet (0)
    ~ No malicious or unnecessary items found.


    ---\\ Hosts file (1)
    ~ The hosts file is legitimate (1)


    ---\\ Scheduled automatic tasks. (0)
    ~ No malicious or unnecessary items found.


    ---\\ Explorer ( File, Folder) (6)
    MOVED file: C:\Users\cosmicpc\AppData\Local\temp\~autoupdate.dat =>.Superfluous.Temporary.Empty
    MOVED file: C:\Users\cosmicpc\AppData\Local\temp\~gu3-ver.dat =>.Superfluous.Temporary.Empty
    MOVED folder: C:\ProgramData\InstallMate =>.Superfluous.Tarma
    MOVED folder: C:\ProgramData\Application Data\IObit\ASCDownloader =>.Superfluous.AdvanceSystemCare
    MOVED folder: C:\ProgramData\IObit\ASCDownloader =>.Superfluous.AdvanceSystemCare
    MOVED folder: C:\Users\cosmicpc\AppData\Roaming\IObit\Advanced SystemCare =>.Superfluous.AdvanceSystemCare


    ---\\ Registry ( Key, Value, Data) (1)
    DELETED data: [X64] HKLM\SOFTWARE\Classes\htmlfile\Shell\Open\Command\\Default [Bad : [html] "%1" %*] =>Broken.OpenCommand


    ---\\ Summary of the elements found (4)
    https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.Superfluous.Temporary.Empty
    https://www.nicolascoolman.com/fr/pup-tarma/ =>.Superfluous.Tarma
    https://www.anti-malware.top/2016/10/07/superfluous-advancesystemcare/ =>.Superfluous.AdvanceSystemCare
    https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/ =>Broken.OpenCommand


    ---\\ Other deletions. (1)
    ~ Registry Keys Tracing deleted (1)
    ~ Remove the old reports ZHPCleaner. (0)


    ---\\ Result of repair
    ~ Repair carried out successfully
    ~ Browser not found (Google Chrome)
    ~ Browser not found (Opera Software)


    ---\\ Statistics
    ~ Items scanned : 697
    ~ Items found : 0
    ~ Items cancelled : 0
    ~ Items repaired : 7


    ~ End of clean in 00h00mn12s
    ~====================
    ZHPCleaner-[R]-13052017-08_43_12.txt
    ZHPCleaner-[S]-13052017-08_42_24.txt

    no luck at all

    tried hijack this but it cant remove files from systemroot??
      My Computer


  8. Posts : 83
    windows 7
    Thread Starter
       #8

    Logfile of Trend Micro HijackThis v2.0.5
    Scan saved at 9:02:43 AM, on 5/13/2017
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v11.0 (11.00.9600.18666)


    Boot mode: Safe mode with network support

    Running processes:
    C:\Users\cosmicpc\Documents\saturday scan\Adaware_Installer.exe
    C:\Users\cosmicpc\Documents\saturday scan\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = MSN.com - Hotmail, Outlook, Skype, Bing, Latest News, Photos Videos
    O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: HmaOpenVpn Service (HmaOpenVpnService) - The OpenVPN Project - C:\Program Files (x86)\HMA! Pro VPN\bin\openvpnserv.exe
    O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Malwarebytes Anti-Exploit Service (MbaeSvc) - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Sandboxie Service (SbieSvc) - Sandboxie Holdings, LLC - C:\Program Files\Sandboxie\SbieSvc.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

    --
    End of file - 3394 bytes


    hijack this cant delete certain files what now??
      My Computer


  9. Posts : 4,776
    Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
       #9

    Try this dedicated removal tool then:

    CoolWWWSearch SmartKiller MiniRemoval Download
      My Computer


  10. Posts : 83
    windows 7
    Thread Starter
       #10

    no luck at all even scanned with ad ware and using registry manager home free cant find anything related to the keywords wierd
      My Computer


 
Page 1 of 2 12 LastLast

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 07:30.
Find Us