CWS.SmartSearch infected my pc..

Hijacker Spyware Information: CWS.SmartSearch :cry:

This is a hijacker application. Hijackers take control of your web browser’s settings, and usually change your homepage, search page or other default pages to point to web sites owned by the hijacker. Since the hijackers can make money based on the number of visits to their web sites, they benefit from forcing you to view their web sites each time your web browser opens.

Hijackers don’t normally damage your computer or steal your personal information.


I notice that my explorer does not load by itself and I have to run thru Task Manager…Sometimes when I’m using alt+tab there is a program running called AutoIt v3 eventhough I did not install it or anything then it does not appear also in Add/Remove Programs. I already ran Spybot Search & Destroy, CWShredder… It erases the CWS.SmartSearch but after restarting it comes back again.

Avast Home detected also the winlogon.exe and I tried to move it to chest but It can’t move and also cannot be deleted, it keeps coming back. :frowning:

Also at the start an error appears about “search”


Here is an attached log file of HijackThis on my pc.

Have you tried cleanig the computer with

Malwarebytes Anti-Malware 1.41 http://filehippo.com/download_malwarebytes_anti_malware/

SuperAntiSpyware 4.29.1002 http://filehippo.com/download_superantispyware/

a-squared Free 4.5.0.11 http://filehippo.com/download_asquared/

come back and post scan logs here

OBS: you are using WinXP SP2, update to SP3, SP3 have lots of scurity fixes

Not yet but I’ll try them… Thanks!!

about updating my OS… how do I update when my OS is not genuine?? T_T

You Don’t

Don’t what Marc?

You asked how, Marc said you don’t.

Meaning you can’t legitimately update an OS that isn’t genuine. There may or may not be a way round this, but we couldn’t advise on that on the Official avast forums.

A total of 1,174 fixes have been included in SP3, when it was released in 2008 + all the later updates

http://en.wikipedia.org/wiki/Windows_XP

Ok thanks anyway :frowning:

Thanks Pondus for MalwareBytes!! This software rocks and deleted some malware that cause my pc to become fast now… the only problem is explorer won’t still boot on desktop… I still have to run it thru Windows Task manager

False Alarm, The CWS.SmartSearch.2 is still in my pc :cry:

I need a tool to remove this crap.

get cwshredder and run : http://www.filehippo.com/download_cwshredder/download/147cbfdb79e40355b9956d6252f6f717/

come back.

nmb

close your browser before running the tool.

after the tool removes cws, run this : http://go.microsoft.com/?linkid=9646978

Also, try running a Boottime scan of Avast, so that Avast can catch and quarantine the virus files before they can load into your system and prevent you from deleting them.

I would Also just buy a legit OS. downloading a pirate doesnt help you, the city, the country, it only helps the maker. I can guarentee you 99% of all pirated things are infected with some sort of thing. You may think you not paying for anything, but in the end, malware can make you pay everything

Hi crozbone12,

If you are young or a student there are possibilities to get a special scheme for buying a legit XP version that would not cost you a fortune. And you can also run it with virtually all free software. Study what is written in this link: http://www.searchlores.org/bangla.htm
N.B. Click the chimp to get its approval…
Another approach could be to put a free distro on your computer and go linux,

polonus

@polonus and John2009: I just borrowed it from my mate and later on I find out that it was not genuine and I’m hesitating to change it with a genuine OS because there are many important files already in my pc so If I change the OS my files would be deleted T_T

@Icedrake: already did but MalwareBytes deleted the CWS.SmartSearch and I’m hoping it won’t get back. Only problem now is explorer won’t load by itself and I have to run it via Windows task manager always.

@nmb: already scanned with MalwareBytes then deleted it. Then using CWShredder then found nothing already. The FixIt is not compatible with my version It says. I’m running Windows XP SP2

Only problem now is explorer won’t load by itself and I have to run it via Windows task manager always.

Here is a log file of MBAM that detects the four registry keys

and the CWShredder won’t detect the cws.smartsearch already…

How do I completely remove this crap out of my computer?

CWShredder Tutorial
How to remove CoolWebSearch with CWShredder

http://www.bleepingcomputer.com/tutorials/tutorial47.html

could you upload these files to virustotal.com (vt) and post the links respectively:

E:\WINDOWS\Explore.exe
E:\WINDOWS\winlogon.exe
E:\WINDOWS\system32\drivers\System.exe

nmb

E:\WINDOWS\winlogon.exe → http://www.virustotal.com/analisis/affd0973cd3128083417d407f62bc4a635fc25b65dbf52e91d3ab4ae2f9c1b4a-1255000535

E:\WINDOWS\Explore.exe → I can’t find the said application in the folder, I used search then IEXPLORER from Internet explorer is just the one that is shown.

E:\WINDOWS\system32\drivers\System.exe → Nothing also except SYSTEM.EXE-3B0F6ABB (PF File)

mbam log says that it has detected explorer.exe file as virus. but it isn’t. go to mbam quarantine and restore explorer.exe. you will get back your explorer.exe.

same thing applies to system.exe . but extract it to some other folder and upload it virustotal.com and post link here. mbam guys have some problem with trojan.agent detection. so first give us the link and will let you know what to do next.

you said that you have to start explorer manually from task manager. how do you do that. which executable will you execute through task manager. in which is folder is it? answer all.

nmb