Removing Spyware? (Weird IE Problems)

[RastaManMax]

I'm having some problems removing some spyware from my computer. I noticed this morning that whenever i open IE now it loads this weird search engine page and a popup saying that Windows has detected Spyware, etc, however it's just a popup. My popup blocker also no longer works. Here's what i've done so far:

1) Run Adadware, removed all the spyware it finds, however it keeps finding the same files when i run it again.
2) Run Norton 2k5 and that finds nothing.
3) Tried disabling all/some of the Addons for IE and that still doesn't work.

Anybody have any suggestions? Funny how they embed Spyware in your computer to try to promote their spyware removal software.

LEMAR

[15-20_God]

is it called PS Guard?

[RastaManMax]

Not too sure, i'm running it again just to check. Seems as though it's spreading, now there's 12 files . I thought my computer would be somewhat 'secure' with Norton 2005 fully updated at all times, windows firewall and keeping Win XP Pro updated.

It doesn't say what it is, however when i start IE it opens up a page that says

about:blank in the address bar but is really a search page. Here's a pic

[BeaverLiquor]

run hijackthis

[RastaManMax]

Thanks, just found the link on majorgeeks. Going to follow that in a bit when i finish some work first.

[BeaverLiquor]

hijackthis won't really get rid of it but it can tell you what is running on your computer. but it looks like you have a varient of "coolwebsearch"

there is a tool to get rid of that called "cwshredder" but you may have to use another browser like firefox to download it.

after you get rid of it you may want to download and install spywareblaster and spywareguard to help protect your computer in the future.

[poppa]

Also try Spybot Search and Destroy:

http://www.safer-networking.org/en/download/

Make sure to keep your definitions upto date. Also consider a second browser like Firefox.

Maybe you could take a screenshot also (ALT + Print Screen, paste into Mspaint and save)?

[RastaManMax]

Spybot S&D found nothing. Thanks for all the replies guys, i'm going to try these things shortly. I'll post back if i have more problems and if/how i resolved the issue without formatting.


EDIT: Running Spybot again after restart and it is now taking a lot longer to search, maybe i had to do a restart before running it

[NDman]

Did you try to boot it in safe mode first, and then run the spyware removers?

[RastaManMax]

Toyotaman - thanks for pointing me to Spybot S&D, i've added it to my list of apps to combat internet trash and removed Adadware.

Beaverliqor - you hit exactly what i had, ran CWshredder a few times and it got rid of my startup page and the popups that started with each new IE opened up, however i'm still getting some random popups and when i run cwshredder it keeps finding and removing a file called CWS.HiddenDLL, however it never seems to be going away after numerous restarts.

NDman - do you remember the shortcut key to start WinXP Pro in safemode? I never even knew there was a safemode for XP Pro? Maybe that's what i need to try next.

poppa - if the problem persists after all else fails, i'll snap a screen shot of the next popup that appears if that would help, however the file that i'm thinking is the problem is listed in my reply to Beaver.

Spybot S&D kept finding the problem and then prompting for a restart to remove one file that it couldn't get rid of, however it still remained. I noticed that the performance of IE has increased through all this since it got rid of other spyware on my PC.

Thanks to everyone i didn't mention.

- Will keep you posted

LEMAR

[BeaverLiquor]

yeah cws is a ***** to get rid of....my sister had it and it took me hours to get rid of it, searching the internet for answers.

but as recommended try all of the programs in safe mode again, cwshredder, s&d, adaware, etc but before you do turn off system restore and empty your temp files. reboot and do a hijackthis then an online scan and post the logs.

and you can always google the .dll that is giving you trouble....or worse comes to worse reformat.

[NDman]

Don't delete Adaware, it's a useful software. Keep both Adaware and Spybot, and watch your surfing habit, you should be alright.

Press F8 while booting will lead you to the prompt for Safe Mode. If you aren't sure, just keep pressing F8 and you'll get to the screen eventually

[cavuu]

I have had good luck running Microsoft Anti Spyware
Found a hyjack the others missed

-look in 'add/remove programs' and 'C:\program files' for anything that looks suspicious that you don't recognize.

-start->run->'msconfig'-- check the startup area.

and as mentioned run adaware and spybot in the safe mode. Be sure to get the spybot in the link provided there are a lot of companys trying to hyjack the name and in many case they are 'spyware'

[RastaManMax]

Normally i'd rather do a format, this is the biggest issue i've ever run into where i couldn't format, hence why i try to keep everything nice and secure as i didn't bring any of my installation CD's here with me to UW. Safemode and CWS-Shredder with one more run through of Spybot and everything is back to normal, no more popups.

Yeah, i have no idea how i got it, i think it could've been when i was doing some Java programming, Norton kept complaining about a worm when i ran my program a few times so i disabled that for a while and then clicking too much on links from other forums. Now i'm going to watch that a little more closely.

I never run my computer with System Restore on, if anything ever went that wrong, i'd just suck it up and do a format, however it might be a good idea considering my current situation to actually turn it on again.

Thanks for all the directions,

Lemar

[BeaverLiquor]

you should run an online scan just to make sure

http://housecall.trendmicro.com/

http://www.pandasoftware.com/products/activescan.htm

i like panda better but it doesn't get rid of your problems but i think trendmicro does.

and having spyware guard and spyware blaster will keep most things from installing on your system.