infected with malware help with removal
-
infected with malware help with removal
man i did a 1 quickfix deep clean with glary utlities while i was watching the folders it was cleaning and scanning i noticed the words coolwebsearch is in my pc the scan was going so fast i didnt get the chance to find out where it was in my pc??i did a folder name search with glary folder search and it doesnt show coolwebsearch on my pc i know it not running because roguekiller preminum hasnt found it microsoft essentials havent picked it up what the best way to find it in my pc or remove it??autoruns and processexplorer not showing it up either any tips would be grateful
-
-
I'm not a security expert. Based on a Google search for "coolwebsearch" it appears to be classified as adware and/or browser hijacker and/or potentially unwanted program. Two free utilities often recommended at Seven Forums are AdwCleaner and Junkware Removal Tool.
Downloads - AdwCleaner - ToolsLib
Malwarebytes | Junkware Removal Tool
Hopefully others more experienced with malware removal will jump in with other suggestions.
-
i did a scan this morning i dont know if it a folder or registry but i can see the start of the file or folder got letters and numbers assorted any help appriated thanks
-
-
found out the last words of the file folder or reg key is /homesearch but it got coolwebsearch before it any help be gratefull thanks adwcleaner and junk remover didnt shift it!
-
-
thank you will try that first thing in the morning with my daily cleanup and defrag and system health check
thanks Callender
-
-
~ ZHPCleaner v2017.5.12.80 by Nicolas Coolman (2017/05/12)
~ Run by cosmicpc (Administrator) (13/05/2017 08:43:00)
~ Web: Nicolas Coolman | By Nicolas Coolman...
~ Blog: Anti-Malware Zone - Actualité Anti-Malware
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Repair
~ Report : C:\Users\cosmicpc\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\cosmicpc\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
~ UAC : Activate
~ Boot Mode : Sans échec avec prise en charge du réseau (Fail-safe with network boot)
Windows 7 Professional, 64-bit Service Pack 1 (Build 7601)
---\\ Services (0)
~ No malicious or unnecessary items found.
---\\ Browser internet (0)
~ No malicious or unnecessary items found.
---\\ Hosts file (1)
~ The hosts file is legitimate (1)
---\\ Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found.
---\\ Explorer ( File, Folder) (6)
MOVED file: C:\Users\cosmicpc\AppData\Local\temp\~autoupdate.dat =>.Superfluous.Temporary.Empty
MOVED file: C:\Users\cosmicpc\AppData\Local\temp\~gu3-ver.dat =>.Superfluous.Temporary.Empty
MOVED folder: C:\ProgramData\InstallMate =>.Superfluous.Tarma
MOVED folder: C:\ProgramData\Application Data\IObit\ASCDownloader =>.Superfluous.AdvanceSystemCare
MOVED folder: C:\ProgramData\IObit\ASCDownloader =>.Superfluous.AdvanceSystemCare
MOVED folder: C:\Users\cosmicpc\AppData\Roaming\IObit\Advanced SystemCare =>.Superfluous.AdvanceSystemCare
---\\ Registry ( Key, Value, Data) (1)
DELETED data: [X64] HKLM\SOFTWARE\Classes\htmlfile\Shell\Open\Command\\Default [Bad : [html] "%1" %*] =>Broken.OpenCommand
---\\ Summary of the elements found (4)
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.Superfluous.Temporary.Empty
https://www.nicolascoolman.com/fr/pup-tarma/ =>.Superfluous.Tarma
https://www.anti-malware.top/2016/10/07/superfluous-advancesystemcare/ =>.Superfluous.AdvanceSystemCare
https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/ =>Broken.OpenCommand
---\\ Other deletions. (1)
~ Registry Keys Tracing deleted (1)
~ Remove the old reports ZHPCleaner. (0)
---\\ Result of repair
~ Repair carried out successfully
~ Browser not found (Google Chrome)
~ Browser not found (Opera Software)
---\\ Statistics
~ Items scanned : 697
~ Items found : 0
~ Items cancelled : 0
~ Items repaired : 7
~ End of clean in 00h00mn12s
~====================
ZHPCleaner-[R]-13052017-08_43_12.txt
ZHPCleaner-[S]-13052017-08_42_24.txt
no luck at all
tried hijack this but it cant remove files from systemroot??
-
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 9:02:43 AM, on 5/13/2017
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18666)
Boot mode: Safe mode with network support
Running processes:
C:\Users\cosmicpc\Documents\saturday scan\Adaware_Installer.exe
C:\Users\cosmicpc\Documents\saturday scan\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = MSN.com - Hotmail, Outlook, Skype, Bing, Latest News, Photos Videos
O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: HmaOpenVpn Service (HmaOpenVpnService) - The OpenVPN Project - C:\Program Files (x86)\HMA! Pro VPN\bin\openvpnserv.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Malwarebytes Anti-Exploit Service (MbaeSvc) - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Sandboxie Service (SbieSvc) - Sandboxie Holdings, LLC - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
--
End of file - 3394 bytes
hijack this cant delete certain files what now??
-
-
no luck at all even scanned with ad ware and using registry manager home free cant find anything related to the keywords wierd