cool-search.com

  futaba 09:16 10 Dec 03
Locked

Hi.
This is driving me crazy, have downloaded and run "cwshedder" which seems to clense my system, trouble is every time I visit just about any website my homepage is set back to cool-search or something similar, my prefered homepage is blank, This is with IE6, WXP pro. Does anybody have any ideas how I can stop being infected every time I go online, have to say messing in the registry worries me somewhat.
Cheers.

  Jester2K II 09:25 10 Dec 03

Download latest version of CWS.

Close ALL IE windows.

Run CWS again.

  Stuartli 09:26 10 Dec 03

Try going to click here or similar AV website and keying in the details of what appears to be a virus or similar into the Search box.

You should then be given details of how to remove it.

Another alternative is to install the free version of AVG, update it and then run it to scan your system.

  Jester2K II 09:26 10 Dec 03

Latest version is 1.39.2

  futaba 10:23 10 Dec 03

Hi Guys.
Have run AVG (latest) and CWS 1.39.2, both find the virus and cure it, however go back on line and it returns again.
Cheers

  Jester2K II 11:45 10 Dec 03

Also try SpyBot click here and AdAware click here

  Jester2K II 11:45 10 Dec 03

What does the AVG and CWS call this virus?

  Gaz 25 12:28 10 Dec 03

Sounds like an RPC virus, such as Gaobot...

  Gaz 25 12:36 10 Dec 03

Actually it is RANDEX.


"Microsoft Runtime"="CfgDll32.exe"

or

Services.exe - is also a Randex Variation.


The .R variation is supposed to Hijack your hompage.

You need to install the Microoft patch if you run 2000/XP, and install a firewall.


This is randex.BF -


Randex.BF is a Trojan worm with characteristics that spreads across networks and enterprises quickly. It generates IP addresses at random and attempts to connect to them, using passwords that are typical or easy to guess, in other words as its own password cracker. If successful, it copies itself in the computers it has gained access to. Similar to the spread of the Blaster worm and Nachia worm.

Randex.BF joins the channel #goep in the IRC server at 'opqleure.qopmafia.net' in order to receive remote control commands, from a remote hacker. In this variant of the randex worm, it runs an NTSCAN, in order to crack passwords, and a SYSINFO to obtain users system information.

The virus has no visible symptoms such as messages or any effect on the computers display.

The virus copies to files: GMT16.EXE, MS00.EXE, and it is 71Kb.

Extended information will be added as soon as we can provide extra news. If you think you are infected: click here


Regards,
Flamewall Security Response

  futaba 20:39 10 Dec 03

Hi Everyone.
Spybot seems to have fixed my prob.
Thanks for your help.

This thread is now locked and can not be replied to.

How to get Windows 10 for free | How to install Windows 10: There is still a way to avoid paying…

1995-2015: How technology has changed the world in 20 years

Alex Chinneck’s giant ice cube Christmas tree at Kings Cross

Apple rumours & predictions 2017: The iPhone 8, new iPads, and everything else you should expect fr7…