Monday, June 06, 2005
Cool Web Search
trojan horse 4.AO
virtual card for you
Hack Army Trojan
Maxserving (seems to be the source of most of these pests) If you have CoolWWW, then you may also have HomeOldSP, and Maxserving is what put all that garbage on your PC. Only GhostSurf Pro can block Maxserving.
TKBell is a valid REAL Player file and doesn't need to be deleted. If you're concerned about TKBell.exe - just delete your RE
If you see this message: "Warning - Your computer has been infected with the RPC Doom Virus." "Press HERE to disinfect", do not press anything to "disinfect". If you press the button to disinfect your computer, you are actually opening the door to your PC for all kinds of scams, redirects, homepage hijackers, and more of thetrash that's out there.
The RPC Doom Warning is just an annoying pop-up ad. You can get rid of it by opening the Windows Task Manager (ctrl+alt+delete). And doing the following:
Click once on the RPC Doom Warning in the Task Manager Window
Then click "End Task"
The "Warning" will go away.......but it will be back. Read on for ways to protect your PC.
Have you heard about MY DOOM?
You can avoid MY DOOM infection by never opening an attachment from an address you do not know, keeping anti-virus software updated, using a personal firewall and downloading the latest patches.
If you have received an email (usually from a friend), stating that they have unknowingly sent you a virus......do not search for jdbe.exe, or jdbg.exe as they ask you to do. Both of those are valid Windows files. You will find them if you look for them because they are a part of Windows. DO NOT DELETE THEM. If you've already deleted them, it probably won't matter, but if you want them back, you can always reload Windows and restore/repair the files.
There are many different ways to eliminate these pests, but there is no single way to eliminate them and KEEP THEM FROM INFESTING YOUR PC unless you follow the suggestions outlined below.
For the rest of you who have been infected, infested and bothered by CoolWWW and all of its variants listed above.....read on!I've been going to infected websites everywhere using an older Pentium PC a neighbor gave me after her husband died. I've been having fun finding ways to not only get rid of home page hijackers, but to KEEP THEM AWAY!!
Most of the software I'm going to recommend is free, and you can download it from the secure links in this post.
Two of the software programs are not free, but they are worth their price because they are so totally effective.
The system I've developed for clearing out the pests listed above is as follows:
1. I use GhostSurf Pro all of the time on the PC I'm using to write this because it CONCEALS MY IP ADDRESS and prevents spammers and viral idiots and spyware from infesting my computer.
It's not free, but I believe it is the most effective weapon against having control of your PC taken away from you. If you scroll to the bottom of this page, I've placed a secure link to the company which produces it. If you want to be finally rid of aggravation.....you will benefit from ordering it.When you get it, click on everything and see for yourself, the power it restores to you.
It also allows you to surf anonymously through "invisible" hubs, and has several handy data destroying features. Whether you are a surfer of naughty sites, or just want to have control of your own PC, GhostSurf Pro is the BEST program I've found.The only negative aspect of GhostSurf Pro that I'm aware of is that it slows internet search activity slightly, but since the other choice is having my PC altered or hijacked, I choose to use GhostSurf Pro and go a little slower.
2. Sometimes, I turn off GhostSurf Pro, because it won't let me go to sites which will infect my PC ("isn't that why I bought it???") Almost as soon as I disable ANONYMIZER, my home page gets changed, usually to CoolWWW or CoolWebSearch, Zestyfind, or Search.cc.
HomeOldSp is always found when any of those other pests appear. As soon as this happens, I reactivate GhostSurf Pro, then I click on BHO Demon, which you can download from this secure link. There's a helpful tutorial at the site to show you how to use BHO Demon. The object of BHO Demon is to disable the BHO (Browser Helper Object), which is the code which redirects your PC to the pests we're talking about here. It's FREE!!
3. The next step is to run HiJack This! You can download it securely from this link to the program's author. This step is a little tricky because you're going to have to decide which lines you should remove by placing a check mark in the box at the beginning of each line of code. My rule is that I delete ANYTHING which does not have a LEGITIMATE product name in it. If I see a line which contains MSMSGS.EXE in it, I always delete it and it has never done anything to impair any of my PC's capabilities. It seems to be an attempt to hide a nasty " .exe" file in your registry. It's actually a bit of Microsoft(MS) code which MicroSoft has decided that we need, whether or not we want to use their Instant Messaging system.
Place a check mark next to anything you want to remove and click "FIX CHECKED ITEMS".
You'll get a warning that you're about to remove a BHO. Do it! That's the point of this exercise! If you accidentally remove something you need, you can always reload the program and restore anything you shouldn't have removed. After a few tries, you'll begin to recognize the code and the tricks used to camouflage the pests.
Be alert and pay close attention to your TYPING SKILLS. There is a malicious site named " merijin.org ". The legitimate site is " merijn.org ", and it is the creator of HiJack This! software. Look again at the spelling of the site names.........be careful!HiJack This! is FREE!!
4. The next step on the path to cleaning your PC and regaining control of it is to use one of my long-time favorites. Ad-aware is made by Lavasoft, a Swedish company and in my opinion, it is one of the very best pieces of FREE pest removal software that's available. The "secret" to using Ad-aware (and all other pest removal programs)is to update it at least once a week. I check for updates every day! You can download Ad-aware from this secure link to Lavasoft.Click on the Ad-aware box at the left of the Lavasoft home page and you'll be taken to the free download site.
5. Finally, my absolute favorite for cleaning up everything left behind by the other programs is Pest Patrol. It is your final guarantee that there is NOTHING left on your PC after you've taken the steps described above. It is not free, but like ANONYMIZER, it is worth its price because it assures you that you are in control of your PC. PestPatrol." You can order Pest Patrol it from the company which produces it by clicking this secure link.
As with Ad-aware, it is of the utmost importance that you update it daily, or at least weekly.
DO NOT DOWNLOAD ANY PROGRAMS FROM ANY SITE YOU ARE NOT 100% CERTAIN OF, NO MATTER HOW LEGITIMATE IT MAY APPEAR.
Many sites offer free downloads of Cool Web Shredder. Many of those sites are frauds, and are merely conduits for Cool WWW and Cool Web Search.
If you have been alarmed by the RPC Doom Virus Detected Pop-up "Warning", DO NOT CLICK THE "DISINFECT" TAB!! Instead, press Ctrl-Alt-Del and highlight the warning in the Windows task manager. Click "End Task". If you've already clicked "Disinfect" you've almost surely downloaded something nasty, so read on and you'll learn how to get rid of it - forever!
If you have any concerns about the health of your PC, go to this link and download AVG.
You can download a trial version for free! It's THE BEST anti-virus software in the world. After your trial has expired, I recommend that you purchase the product and enjoy the peace of mind of knowing that your system is safe from viruses, and safe from Norton, and safe from McAfee.
It's an EXCELLENT, COMPREHENSIVE anti-virus tool which does not screw up Windows like Norton or McAfee do. It's also FREE. If you keep AVG updated daily, you should not have any more trouble with infections. AGAIN.....do not download it from any site other than Grisoft's site. There is a secure link at
If you do, you are inviting TROUBLE!!. Another secure, comprehensive virus scan of your computer can be made by clicking this link to Trend Micro, which has a highly respected FREE product called Housecall. At this time, I don't recommend using any of the other free utilities.
The steps I've outlined above will restore control of your PC to you!
Microsoft can't get rid of Cool WWW and the other Home Page Hijackers!!
Norton can't get rid of Cool WWW and the other Home Page Hijackers!!
MacAfee can't get rid of Cool WWW and the other Home Page Hijackers!!
My personal experience has shown that MacAfee and Norton cause far more problems than they solve. I cut up my Norton and McAfee discs and mailed them to the shareholders of their respective manufacturers.
Their customer service is non-existant, and if you use their software, you will quickly be forced to pay more money for the right to speak with someone in India who will thank you profusely for calling (after you've been on hold for 30 minutes to 4 hours), and then will read nonsense from a book and thank you a few dozen more times.
After all of that- - - - you're still infected, your operating system has been irreversibly altered by Norton or McAfee - - - and they will ask for more money to undo the damage their software continues to do.
By using the techniques I've described here, I have been able to see every attempt made by sites to Hijack my home page, and I've been able to see every site which attempts to place a tracking cookie on my computer, and I've been able to block them before they can do their dirty work. I've also been able to keep sites from placing images and popups on my computer. I've set ANONYMIZER so that it automatically blocks all new attempts to gather ANY information from my computer, or change my homepage. It also wipes out all traces of my private online surfing. No one can build a profile of me from my personal online browsing, and I like that feature of ANONYMIZER very much! IF you decide to purchase ANONYMIZER, order it ONLY from an authorized ANONYMIZER link, such as the one at the bottom of this page. Any other source of ANONYMIZER may be a copy containing the trojans and spyware you are trying to eliminate****