I'm not sure if this subject has already been discussed. If it has, I'd appreciate it if someone can direct me to the thread.

My browser keeps getting hijacked by this super-spider or something that keeps re-directing me to CoolWebserver homepage everytime I try opening up Yahoo!Mail.

I've tried spyware removal like HijackThis and CWShredder but to no avail. They keep coming back the next time I go on-line. I've even tried regedit them damn things from the registry but they still come back.

I'm desperate. Can anyone help?

are you using IE?

have you tried adaware?

Yes, I've tried adaware 6.0. It came back the next couple of times I logged on. I think whoever came up with this super-spider already found a way to disarm these anti-spywares. I tried preventive measures as recommended by CWShredder and I got hijacked while trying download to those measures.

If only i can delete them permanently from my registry....

Find a different computer, download them there, and then copy them onto your computer?

If you were to output a log from HijackThis it would aid in Identifying where you hae gone wrong.

Also make sure that the hijack is not running a program in the background that will reinsert Regkeys if they are removed.

stryder, how can i make sure the hijacker is not running a program in the background?

I've just tried a combination of CWShredder, Adaware 6.0 and HijackThis. It's my second attempt. Following is the log after scanning and fixing. Hopefully someone can tell me where I've missed out:

Logfile of HijackThis v1.97.7
Scan saved at 10:22:52 AM, on 8/15/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP4 (5.00.2920.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc.exe
C:\WINDOWS\system32\MSTask.exe
C:\WINDOWS\System32\WBEM\WinMgmt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\SthVCD\Vcdmotor.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\Program Files\Microsoft Office\Office\OSA9.EXE
C:\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E} - C:\WINDOWS\system32\cpptt8c01ubsh.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: VCD AudoPlay Monitor.lnk = C:\SthVCD\VCDMOTOR.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html

It seems your problem is backWeb-7288971.exe

It seems that backWeb is a program that has been generated to autoupdate software, however it seems it's exploitable. So I would suggest removing all the Kodak entries.

If you have Kodak software, you can always reinstall it, but make sure you remove backWeb.

http://www.liutilities.com/products/wintaskspro/processlibrary/backweb-8876480/
Although it says it's "safe" check the little grey process box for "backWeb"

i find the google toolbar hold its own security weaknesses, you better off switching to firefox its far better and nearly idendical, i did and i havnt had any issues since!
(dont be so non-micro$oftaphonic)

Buy a new computer. Problem solved. :)

Thanks for the analysis, Stryder.

dmcm01, I've just installed firefox and you're right. These guys takes security much more seriously. I'm dumping IE.

Naomi, how old are you?

If the problem continues. Because you still have the crap on your comp. You can re-inishalize (not sure on the spelling sry). And also if your work/go to porn try to stick to a linux and mozilla computer so you don't have these problems. ^^ For your first linux i suggest Fedora 2 it's the closest to other type of OS (mac and pc) that i have found. also incase you don't know linux is free wOOt =P www.redhat.com is the site

good, iv never had a problem with it, ever.
1119, congrats, your the first person iv ever managed to convert!!
im guessing she's 6 years old and doesnt understand the value of money?
i use firefox on a fedora core 1 distro, even less problems then! with linux you can also save in .doc formant and transfere it accross to your windows partition if you realy realy must use windows!

dmcmo1 u know there is fedora 2 right???

yes, i do, and fedora 3 test 1. but its a case of updateing with a 56k modem :(

oh LOL that sux, but hey atleast you have fedora 1. you might leave it going over a few day. =_ ^^

CWS is impossible to cure as of now....u must reformat to get rid of it. period.