\n\n
\nFirst, gather the proper tools:\n\n
\n\n\n
\nNow, you’re going to run the listed tools. Each one performs a different function (although several of them are similar).
\n\n\n
\nIf you run into any problems with this process, visit any of the forums listed at the Alliance of Security Analysis Professionals<\/a>. \nThe first tool to run is McAfee’s Stinger<\/span> utility. Stinger is a stand-alone antivirus scanner that is regularly updated by McAfee that will catch and clean the most current viruses and worms. Simply double-click the S-T-I-N-G-E-R.EXE<\/span> file, then click the Scan Now<\/span> icon. Let the scanner run to completion. \nAs a checkpoint, now run HijackThis<\/span>. It’s also a stand-alone utility that will scan for certain anomolies and make a list that can be analyzed. Double-click the HijackThis.exe<\/span> icon, the click the Scan<\/span> button. When the scan finishes, click the same button (now labeled Save Log<\/span>) and save the file somewhere you can find it. Then you can exit the HijackThis utility. The third step is to install and run Lavasoft’s Ad-Aware<\/span>. Double-click the aawpersonal.exe<\/span> file and click Next<\/span> four times, then Finish<\/span>. The installation program will put an icon on your desktop. \nClose all open windows, especially any Explorer and Internet Explorer windows. Double-click the icon, then click on the Check for updates now<\/span> link. In the update window, click the Connect<\/span> button, then click OK<\/span> to update the signature file. (Keep in mind the dates in this program are in European format, DAY.MO.YEAR.) After the update is done, click Finish<\/span>, then Start<\/span> and Next<\/span>. When the scan finishes, click Next<\/span> twice and say OK<\/span> when prompted. After that, you can close Ad-Aware. \nStep four: Spybot Search & Destroy<\/span>. Double-click the spybotsd14.exe<\/span> icon. click Next<\/span>, Read and accept the license agreement and click Next<\/span> twice. On the “Select Components” screen, uncheck everything except the “Main Files” component, then click Next<\/span> twice. On the “Select Additional Tasks” screen, uncheck the “Create a Quick Launch icon”, then Next<\/span> and Finish<\/span>. \nDouble-click the Spybot – Search & Destroy<\/span> icon. Select the language (English is the white flag with the red cross). On the next two dialog boxes, read the warnings and click OK<\/span>. Then, click the Search for updates<\/span> button. Install any updates found; the program will restart on it’s own. After it restarts, click \nLast, run HijackThis<\/span> again, and save the second log file with a new name (“hijack2.log” for example”). Then, if you have any questions or concerns about anything else installed on your computer, post the contents of the second log file to one of the ASAP<\/a> member forums. \nThe last four tools, CWShredder<\/span> is designed to clean up a specific strain of spyware, known under the name “Cool Web Search”. BHODemon<\/span>, Startup Control Panel<\/span> and MyTop<\/span> are not specifically spyware or virus removal tools, but are useful for diagnostics. \n\n\n Cleaning up Spyware and Viruses First, gather the proper tools: McAfee Associates’ Stinger Anti-Virus scanner Lavasoft’s Ad-Aware PepiMK’s Spybot Search & Destroy Merijn’s (SpywareInfo.com) Hijack This and CWShredder (note that CWShredder was sold to InterMute, which has now been bought by Trend Micro.) DefinitiveSolutions.Com’sBHODemon Mike Lin’s Startup Control Panel (This really should have come with […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-42","post","type-post","status-publish","format-standard","hentry","category-computers"],"_links":{"self":[{"href":"http:\/\/www.noidea.us\/wordpress\/wp-json\/wp\/v2\/posts\/42","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.noidea.us\/wordpress\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.noidea.us\/wordpress\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.noidea.us\/wordpress\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/www.noidea.us\/wordpress\/wp-json\/wp\/v2\/comments?post=42"}],"version-history":[{"count":0,"href":"http:\/\/www.noidea.us\/wordpress\/wp-json\/wp\/v2\/posts\/42\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.noidea.us\/wordpress\/wp-json\/wp\/v2\/media?parent=42"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.noidea.us\/wordpress\/wp-json\/wp\/v2\/categories?post=42"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.noidea.us\/wordpress\/wp-json\/wp\/v2\/tags?post=42"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
\n\n\n
\n\n\n
\n\n\n
\n\n\n
\n\n\n
\n\n\n
\nCheck for problems<\/span>.
\nWhen the scan finishes, click Fix selected problems<\/span> and remove everything selected by default.
\n\n\n
\n\n\n
\n\n\n\n\n\n
\n\n\n
\nRead my article with documentation on Coolwebsearch here<\/a>.”
From Intermute<\/a>: “CWShredder\ufffd finds and destroys traces of CoolWebSearch. CoolWebSearch is a name given to a wide range of different browser hijackers. Though the code is very different between variants, they are all used to redirect users to coolwebsearch.com and other sites affiliated with its operators.”
\n<\/dd>\n\n
\n\n\n
\n\n\n
\n<\/dd>\n\n
\n\n\n
\n\n\n
\n<\/dd>\n\n
\n\n\n
\n\n\n
\n<\/dd>\n\n
\n\n\n
\n\n\n
\n\n\n
\n\n\n
\n\n\n
\n<\/dl>\n\n\n\n\n<\/div>\n\n
\n]]><\/p>\n","protected":false},"excerpt":{"rendered":"