1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

windowws.cc home page

Discussion in 'Virus & Other Malware Removal' started by Phoenix1, Sep 3, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. Phoenix1

    Phoenix1 Thread Starter

    Joined:
    Sep 3, 2004
    Messages:
    2
    I have been hijacked by the windowws.cc virus? My home page keeps getting set to this and pop ups keep jumping up. I have run hijack this to show you the problem. Do you have a course of action for this? Thanks

    Logfile of HijackThis v1.97.7
    Scan saved at 5:48:16 PM, on 9/03/04
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\System32\sg21f36a09uwu.exe
    C:\WINDOWS\System32\devldr32.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\highjackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://super-spider.com/sp.htm?id=191
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://super-spider.com/sp.htm?id=191
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://super-spider.com/sp.htm?id=191
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowws.cc/hp.htm?id=191
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.kaltire.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.vdcu.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://super-spider.com/sp.htm?id=191
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mybc.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by telus.net®
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = www.google.ca
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.nhl.com/
    O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E} - C:\WINDOWS\System32\21bx722aku7.dll
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
    O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
    O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
    O4 - HKLM\..\Run: [winmain] winmain.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Network Security Guard] C:\WINDOWS\System32\sg21f36a09uwu.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.mybc.com
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
    O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://www.streamaudio.com/download/ccpm_0237.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0309.cab
    O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab
    O16 - DPF: {42F2D240-B23C-11D6-8C73-70A05DC10000} - http://63.217.31.12/dial6/058439ca.exe
    O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37952.6719444444
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
     
  2. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    CoolWebSearch.control is a browser hijacker redirecting your browser to www.search2004.net, www.windowws.cc and super-spider.com. Another sign of CoolWebSearch.control running on your computer is a non-working Windows Control Panel if you are running Windows 95/98/ME. CoolWebSearch.control replaces the legitimate control panel file (%WinDir%\control.exe) with its own file.

    Detection
    Bazooka Adware and Spyware Scanner (http://www.kephyr.com/spywarescanner/index.html) detects CoolWebSearch.control. Bazooka is freeware and detects spyware, adware, foistware, trojan horses, viruses, worms and other potentially unwanted applications. Read more »

    Manual removal
    Please follow the instructions below if you would like to remove CoolWebSearch.control manually. Please notice that you must follow the instructions very carefully and delete everything that is mentioned. In most cases the removal will fail if one single item is not deleted. If CoolWebSearch.control remains on your system after stepping through the removal instructions, please double-check by stepping through them again.
    Start the registry editor. This is done by clicking Start then Run. (The Run dialog will appear.) Type regedit and click OK. (The registry editor will open.)
    Browse to the key:
    'HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run'
    In the right pane, delete the value called 'Windows Control', if it exists.
    Exit the registry editor.
    Restart your computer.
    If you are running Windows NT/2000/XP, Start Windows Explorer and delete:
    %WinDir%\control.exe
    If you are running Windows 95/98/ME, use the System File Checker Tool to recover the Windows Control Panel (%WinDir%\control.exe) from the Windows Setup CD.
    Note: %WinDir% is a variable (?). By default, this is C:\Windows (Windows 95/98/Me/XP) or C:\WINNT (Windows NT/2000).
    Start Microsoft Internet Explorer.
    In Internet Explorer, click Tools -> Internet Options.
    Click the Programs tab -> Reset Web Settings
     
  3. Phoenix1

    Phoenix1 Thread Starter

    Joined:
    Sep 3, 2004
    Messages:
    2
    Thanks Cheesball, for one second I thought that fixed it, but as soon as I was on the internet, windowws.cc was back as my home page address, there were links added in my favorites and spyware ads popped up all over. I followed your directions three times. no luck.

    Anything I still may be missing here.

    Phoneix1
     
  4. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - windowws home page
  1. ated19
    Replies:
    4
    Views:
    690
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/269903

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice