Scan computer in safe mode ?

You are here: Technology Topics » Computer & Gadgets » Computer & Network Security » Scan computer in safe mode ?

Some people scan their computer in safe mode because less services are loaded and so greater chance of files not being in use, and better chance of being able to be removed.Also it used to be that many forms of malware did not load in safe mode, but the bad guys have gotten better in their coding and new methods allow spyware and viruses to boot up even when the user attempts to use safe mode, making them extremely hard to remove.

The newer variants of the CoolWebSearch, HuntBar, and VX2 infections all load even when safe mode is used. There are a few different ways of accomplishing this, the most common being that the spyware registers itself as a critical system process. This ensures that it is loaded regardless of what happens, and makes it much harder to shut down.

What is CoolWebSearch

CoolWebSearch (also known as CoolWWWSearch or abbreviated as CWS) is a well-known spyware program which installs itself on Microsoft Windows based computers.
The program can change an infected computer’s web browser homepage to coolwebsearch.com, and although originally thought to only work on Internet Explorer, recent variants affect Mozilla Firefox as well as others. It can also create pop-up ads that redirect to other websites including pornography sites, collect private information about users and slow the speed of infected computers. Coolwebsearch uses innovative techniques to evade detection and removal, and as such many common spyware removal programs fail to properly remove the software.

Some versions of CoolWebSearch can be installed through drive-by installation, in which a computer browsing a webpage automatically installs CWS. CWS itself attempts to evade others by not labelling its ads, not providing an EULA, not providing any data about itself and not having a website. Certain variants insert links on random text, leading to advertiser websites. Other attempts to access websites are redirected to pay-per-click search engines that may install more malware display ads. Some variants of CWS also add links to pornography and gambling sites to the user’s Desktop, Internet Explorer’s bookmarks and history. Certain versions attempt to edit users’ trusted sites and modify security settings as well as to hide from removal programs. Variants are often named for the effects they have such as msconfig, Msoffice, Mupdate, Msinfo and Svchost32.

Removal

Windows’ System Restore can reportedly remove some, but possibly not all, variants of CoolWebSearch. However, due to the fact that CoolWebSearch can hide in the System Restore files, this is not a recommended solution.

AdAware can remove CoolWebSearch.

What is Huntbar or Search Toolbar?

HuntBar is an Internet Explorer toolbar that provides search features. HuntBar may redirect your home page and search requests through its controlling server.
According to Huntbar’s privacy policy it collects information this way:

HUNTBAR’S TOOLBAR SERVICE COLLECTS AND STORES INFORMATION ABOUT THE WEB PAGES YOU VIEW, THE DATA YOU ENTER IN ONLINE FORMS AND SEARCH FIELDS, AND THE PRODUCTS YOU PURCHASE ONLINE WHILE USING THE TOOLBAR SERVICE. ALTHOUGH HUNTBAR DOES NOT ATTEMPT TO ANALYZE WEB USAGE DATA TO DETERMINE THE IDENTITY OF ANY HUNTBAR USER, SOME INFORMATION COLLECTED BY THE TOOLBAR SERVICE IS PERSONALLY IDENTIFIABLE. HUNTBAR AGGREGATES AND ANALYZES THE INFORMATION IT COLLECTS TO IMPROVE ITS SERVICE AND TO PREPARE REPORTS ABOUT AGGREGATE WEB USAGE AND SHOPPIN (Personal Identification Number)G HABITS.

Removal

This software can be removed through the Add/Remove Programs menu in your Microsoft Windows control panel. To uninstall your Search Toolbar, please do the following:

• Click on the Start button and select Settings and then Control Panel.
• If you are running Microsoft XP, you can go directly to the Control Panel from the Microsoft Windows Start button.
• When the Control panel window opens, double-click on the Add/Remove Programs Icon.
• When the Add/Remove Programs Properties window opens, locate the program that you would like to uninstall.
• Click once on the program to be uninstalled and then click on the Add/Remove button and follow the instructions.

If you don’t want to remove the software manual, I would advise downloading and running a security software.

What is VX2 ?

VX2 is a adware that delivers advertisements on your PC.The software goes along with the user of the software as they are surfing around the web and builds reports on the activity, monitors the click stream activity of the consumer and communicates with servers.

Removal

1. Click “Start” in the task bar, then select “Control Panel” “Control Panel” Window is opened
2. In “Control Panel” window select “ADD/REMOVE Programs” Look For “BlackStone” “BlackStone” should be found in the “ADD/REMOVE Programs”
3. If “BlackStone” is found Select it and click the “Remove” button to remove it “BlackStone” should be removed.
4. If “BlackStone” is not present in the “ADD/REMOVE Programs” close any open Web browsers. All the browsers should be closed.
5. Click “Start”, select the Search button and search for “IEHelper.dll” in the “C: drive”. “IEHelper.dll” file should be found.
6. Delete “IEHelper.dll” “IEHelper.dll” file should be deleted.
7. Click “Start”, select the Search button and search for “domlst.cch” in the “C: drive”. “domlst.cch” file should be found.
8. Delete “domlst.cch” “domlst.cch” should be deleted.
9. If the system does not permit the file to be deleted… Select “START” then select “Run”, type “regedit” and press “ok”. A new “Registry Editor” window is opened.
10. In the left side of the Registry Editor, select the key and its subkeys as follows:
    HKEY_LOCAL_MACHINE—–SOFTWARE—–Microsoft—–Windows—CurrentVersion—–Explorer—–BrowserHelperObjects\ You should find the “{00000000-5eb9-11d5-9d45-009027c14662}” key
11. Delete the key:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000000-5eb9-11d5-9d45-009027c14662} The key is deleted.
12. Reboot the computer. Click “Start”, then click “Search”. Search for “IEHelper.dll” You should able to find the “IEHelper.dll” file now.
13. Now delete IEHelper.dll The “IEHelper.dll” should be able delete now.
14. Reboot the computer now, and search again for “IEHelper.dll” You should not be able to find the “IEhelper.dll” file any where in your system.
15. Click Start button on the task bar and click the “Run…”. a Run window is opened at the down left corner of the desktop.
16. Type “regedit” in the Run window and press “ok” A new “Registry Editor” window is opened.
17. Search for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000000-5eb9-11d5-9d45-009027c14662}
    If the key if still found, proceed to the next step. You should not find the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000000-5eb9-11d5-9d45-009027c14662} key.
18. Follow from step 5 to step 10.

If you don’t want to remove the software manual, I would advise downloading and running a security software.



No Responses to “Scan computer in safe mode ?”

1. omar says:

   Very interesting article.I wait to read more about this subject
2. Ken says:

   interesting post
3. P. Silva says:

   a very good article about Scan computer in safe mode ?