YYZ
27th Oct 2004, 19:49
Hi People
I have run Bazooka on my system to find the spyware thats bothering me on my home PC, it has found it and instructed me how to remove as per below:
CoolWebSearch.xpsystem
Overview
CoolWebSearch.xpsystem is a browser hijacker redirecting your Internet Explorer browser to search.thestex.com, t.rack.cc or awebfind.biz.
Classification
Adware
Files
SERVICES.EXE, y.exe, 1.00.07.dll
Log references
Log 53
Vendor
CoolWebSearch.com whois
Privacy policy
No privacy policy available.
Detection
Bazooka Adware and Spyware Scanner detects CoolWebSearch.xpsystem. Bazooka is freeware and detects spyware, adware, foistware, trojan horses, viruses, worms and other potentially unwanted applications. Read more »
Manual removal
Please follow the instructions below if you would like to remove CoolWebSearch.xpsystem manually. Please notice that you must follow the instructions very carefully and delete everything that is mentioned. In most cases the removal will fail if one single item is not deleted. If CoolWebSearch.xpsystem remains on your system after stepping through the removal instructions, please double-check by stepping through them again.
Start your computer in safe mode.
Start the registry editor. This is done by clicking Start then Run. (The Run dialog will appear.) Type regedit and click OK. (The registry editor will open.)
Browse to the key:
'HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run'
In the right pane, delete the value called 'xpsystem', if it exists.
Browse to the key:
'HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run'
In the right pane, delete the value called 'xpsystem', if it exists.
Delete 'HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ {5321E378-FFAD-4999-8C62-03CA8155F0B3}', if it exists.
Delete 'HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Browser Helper Objects \ {5321E378-FFAD-4999-8C62-03CA8155F0B3}', if it exists.
Exit the registry editor.
Start Windows Explorer and delete:
%SySystemDir%\SERVICES\1.00.07.dll
Note: %SystemDir% is a variable (?). By default, this is C:\Windows\System (Windows 95/98/Me), C:\WINNT\System32 (Windows NT/2000), or C:\Windows\System32 (Windows stemDir%\SERVICES\SERVICES.EXE
%SystemDir%\SERVICES\Y.EXE
%X P).
Start Microsoft Internet Explorer.
In Internet Explorer, click Tools -> Internet Options.
Click the Programs tab -> Reset Web Settings.
The bit i do not get is:
Start Windows Explorer and delete:
%SySystemDir%\SERVICES\1.00.07.dll
Note: %SystemDir% is a variable (?).
By default, this is C:\Windows\System (Windows 95/98/Me), C:\WINNT\System32 (Windows NT/2000), or C:\Windows\System32 (Windows stemDir%\SERVICES\SERVICES.EXE
%SystemDir%\SERVICES\Y.EXE
%X P).
Does this meen i need to delete the entire Windows/Systen folder? (Im on 98 Version) If not then what as ido not feel happy deleating such a large folder.
Thanks
YYZ
I have run Bazooka on my system to find the spyware thats bothering me on my home PC, it has found it and instructed me how to remove as per below:
CoolWebSearch.xpsystem
Overview
CoolWebSearch.xpsystem is a browser hijacker redirecting your Internet Explorer browser to search.thestex.com, t.rack.cc or awebfind.biz.
Classification
Adware
Files
SERVICES.EXE, y.exe, 1.00.07.dll
Log references
Log 53
Vendor
CoolWebSearch.com whois
Privacy policy
No privacy policy available.
Detection
Bazooka Adware and Spyware Scanner detects CoolWebSearch.xpsystem. Bazooka is freeware and detects spyware, adware, foistware, trojan horses, viruses, worms and other potentially unwanted applications. Read more »
Manual removal
Please follow the instructions below if you would like to remove CoolWebSearch.xpsystem manually. Please notice that you must follow the instructions very carefully and delete everything that is mentioned. In most cases the removal will fail if one single item is not deleted. If CoolWebSearch.xpsystem remains on your system after stepping through the removal instructions, please double-check by stepping through them again.
Start your computer in safe mode.
Start the registry editor. This is done by clicking Start then Run. (The Run dialog will appear.) Type regedit and click OK. (The registry editor will open.)
Browse to the key:
'HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run'
In the right pane, delete the value called 'xpsystem', if it exists.
Browse to the key:
'HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run'
In the right pane, delete the value called 'xpsystem', if it exists.
Delete 'HKEY_LOCAL_MACHINE \ SOFTWARE \ Classes \ CLSID \ {5321E378-FFAD-4999-8C62-03CA8155F0B3}', if it exists.
Delete 'HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Browser Helper Objects \ {5321E378-FFAD-4999-8C62-03CA8155F0B3}', if it exists.
Exit the registry editor.
Start Windows Explorer and delete:
%SySystemDir%\SERVICES\1.00.07.dll
Note: %SystemDir% is a variable (?). By default, this is C:\Windows\System (Windows 95/98/Me), C:\WINNT\System32 (Windows NT/2000), or C:\Windows\System32 (Windows stemDir%\SERVICES\SERVICES.EXE
%SystemDir%\SERVICES\Y.EXE
%X P).
Start Microsoft Internet Explorer.
In Internet Explorer, click Tools -> Internet Options.
Click the Programs tab -> Reset Web Settings.
The bit i do not get is:
Start Windows Explorer and delete:
%SySystemDir%\SERVICES\1.00.07.dll
Note: %SystemDir% is a variable (?).
By default, this is C:\Windows\System (Windows 95/98/Me), C:\WINNT\System32 (Windows NT/2000), or C:\Windows\System32 (Windows stemDir%\SERVICES\SERVICES.EXE
%SystemDir%\SERVICES\Y.EXE
%X P).
Does this meen i need to delete the entire Windows/Systen folder? (Im on 98 Version) If not then what as ido not feel happy deleating such a large folder.
Thanks
YYZ