CWShredder 1.46.4 Update in Security

CWShredder 1.46.4 Update in Security http://www.dslreports.com/forum/r9166068 en Sat, 05 Dec 2009 16:53:11 EDT Sat, 05 Dec 2009 16:53:11 EDT Re: CWShredder 1.46.4 Update http://www.dslreports.com/forum/remark,9176648 Skipdawg : OK on one machine I did the update and got that same old alert and the other deleted the old and did a clean install and no problem.

So it is the updating process that is buggy!

spy1 I think ya caught that nail square on the head when ya hit it. ;)
--
Proud US Navy Veteran!]]> http://www.dslreports.com/forum/remark,9176648 Sat, 24 Jan 2004 14:05:05 EDT Re: CWShredder 1.46.4 Update http://www.dslreports.com/forum/remark,9175567 spy1 : It almost seems as though a newly-d/l'ed version of CWS is detecting CW in the existing version of CWS, doesn't it?

(And, before everyone starts jumping up and down over that one - I DON'T mean that there's anything hinky in CWS itself - just that the newer versions may picking up something [who knows - a plain text something? A listed address?] within an existing version that sets it off and causes it to go "Stealth").

At any rate, deleting your previous version of CWS and simply d/l'ing the newer version from the link given above works perfectly well for now. I'm sure that Merijn will address whatever needs addressed when he gets a chance.

I believe NameGame has been advocating deleting/then re-d/l'ing from the link for quite some time now - even before the current problems started.

I never actually run CWS anymore - I just do the "Scan Only":

CWShredder v1.46.5 scan only report

Windows XP (5.01.2600 SP1)
Windows dir: G:\WINDOWS
Windows system dir: G:\WINDOWS\system32
AppData folder: G:\Documents and Settings\Pete Yevchak\Application Data
Username: Pete Yevchak

Found Hosts file: G:\WINDOWS\system32\drivers\etc\hosts (752892 bytes, A)
Shell Registry value: HKLM\..\WinLogon [Shell] Explorer.exe
UserInit Registry value: HKLM\..\WinLogon [UserInit] G:\WINDOWS\system32\userinit.exe,
CWS.Oslogo (if value is 2) Registry value: Domains: *.coolwebsearch.com [*] dword:4
CWS.Oslogo (if value is 2) Registry value: Domains: *.coolwwwsearch.com [*] dword:4
CWS.Googlems.2 (if value is 2) Registry value: Domains: *.xxxtoolbar.com [*] dword:4
CWS.Googlems.4 (if value is 2) Registry value: Domains: *.teensguru.com [*] dword:4
Found Win.ini file: G:\WINDOWS\win.ini (671 bytes, A)
Found System.ini file: G:\WINDOWS\system.ini (452 bytes, A)

- END OF REPORT -

Of course, I'd run it in a heartbeat if either AA or SBS&D indicated the need to. Pete
--
Compaq Presario 7110US, 1.3GHz ThunderBird, 768MB RAM, 60.0GB HD, WinXP Pro w/SP1, TDS-3, WormGuard, Port Explorer v1.8, Process Guard v.1.150, NOD32, The Cleaner Professional 4.0, OutPost Pro, ALL javacool programs, SBS&D, SPYCOP, AA]]> http://www.dslreports.com/forum/remark,9175567 Sat, 24 Jan 2004 11:40:51 EDT Re: CWShredder 1.46.4 Update http://www.dslreports.com/forum/remark,9171319 Name Game :

said by anthrorules :
Thanks for the info...and my computer is _always_ up to date, so that is not an issue.

I'd rather that Merijn do both, focus on the new variants, but also address glitches and bugs in his programs. ;)

Hey here is another good read for ya ;)

As I am very busy with school, programming and other things, I will not have time to check each and every log you guys send in to me. Thankfully, there are numerous support forums out there that will take the time to go over your log with you. Here are a few good ones (keep in mind there are dozens of forums out there I dont even know about that help with Hijackthis logs so they may not be listed here).

»www.merijn.org/forums.html
--
Gladiator Security Forum »www.gladiator-antivirus.com/ Missing Kids »www.missingkids.com/]]> http://www.dslreports.com/forum/remark,9171319 Fri, 23 Jan 2004 21:09:15 EDT Re: CWShredder 1.46.4 Update http://www.dslreports.com/forum/remark,9170374 madirish : Hi all,I was getting the same alert the others were getting since version 1.46 .I would always run cwshredder and then check for and download a new version(when available).

After reading here and at other boards of the alert(the same as I was getting),I downloaded 1.46.4,not with cwshredder checking for new version,removed old version-folder and all-and moved the new version into d:/program files and I have not had any alert since.]]> http://www.dslreports.com/forum/remark,9170374 Fri, 23 Jan 2004 19:31:38 EDT Re: CWShredder 1.46.4 Update http://www.dslreports.com/forum/remark,9170299 dolphins : Are you replacing a shortcut to CWShredder.exe with the original .exe?

I think that would produce the results your getting?

Just a thought!
--
MIAMI DOLPHINS]]> http://www.dslreports.com/forum/remark,9170299 Fri, 23 Jan 2004 19:23:23 EDT Re: CWShredder 1.46.4 Update http://www.dslreports.com/forum/remark,9170207 Skipdawg : OK I did a clean install of CWShredder 1.46.4 Update all went well. I'll wait and see if this trojan alert problem pops up with the 1.46.5 Update.
--
Proud US Navy Veteran!]]> http://www.dslreports.com/forum/remark,9170207 Fri, 23 Jan 2004 19:14:04 EDT Re: CWShredder 1.46.4 Update http://www.dslreports.com/forum/remark,9170136 anthrorules : Thanks for the info...and my computer is _always_ up to date, so that is not an issue.

I'd rather that Merijn do both, focus on the new variants, but also address glitches and bugs in his programs. ;)]]> http://www.dslreports.com/forum/remark,9170136 Fri, 23 Jan 2004 19:06:17 EDT Re: CWShredder 1.46.4 Update http://www.dslreports.com/forum/remark,9170032 CalamityJane : concern? about what? He has already explained that popup does not mean you have an infection.

As for your questions, I would rather see Merijn concentrating on the new variant that blocks all of the major security websites.

BTW - Coolwebsearch and it's many variants most often use the byteverify exploit for which there is a patch available for Windows. If you do not have it, you should. What other measures have you taken to secure your browser? I'm wondering because you seem overly concerned about getting this particular one to be scanning with it everyday.

Here is link to help you (it has the links for the updates you should have)

The CoolWebSearch Chronicles
The story of a thousand hijacks
»www.merijn.org/cwschronicles.html
--
It takes a disaster to make a woman out of a female
Gladiator Security Forum ]]> http://www.dslreports.com/forum/remark,9170032 Fri, 23 Jan 2004 18:56:53 EDT Re: CWShredder 1.46.4 Update http://www.dslreports.com/forum/remark,9169963 anthrorules : Why?

Because with every new update, I run to check to make sure that I'm not infected, that's way.

And the program has gotten more glitchy in most recent releases. I'd just like the author to explain some of the glitches and how they can be resolved, that is all.

And as I mentioned I already emailed the author about this and no reply, and since the author frequents this forum, I thought he'd respond here, which he briefly did, but his response did not address my questions or concerns.
--
Earthlink/Direcway SRS - DW4000 | ver. 4.2.1.10 | Proxy/Port 83 | G4R | 970 | Dell Dimension 4550 - WinXP Pro SP1 - 768MB Ram |ZA+ 4.5 | AVG 7.0 - Resident | Bit Defender 7.1 Free - On-Demand |TDS-3 | Ad-Aware | SpyBot S&D | MailWasher Pro]]> http://www.dslreports.com/forum/remark,9169963 Fri, 23 Jan 2004 18:49:28 EDT Re: CWShredder 1.46.4 Update http://www.dslreports.com/forum/remark,9169872 CalamityJane :

said by anthrorules :
And I've already done that, before extracting, I do CLOSE the CWShredder, and that damn Trojan Alert appears! :(

And this has NOT been a problem with previous versions!!!

I have a question. Why are you running this program anyway if you are not infected with a CWS trojan? And nagging the thread here constantly about something the developer has already explained?

I notice that most members here are patient and realize that this is just a glitch and really don't want to bother Merijn when there are so many other important things he is doing (like battling these guys and developing the software to do it).

In fact, most of the folks who have this program aren't infected either. We keep it around for helping folks who are and keeping up with it's development, but certainly don't feel compelled to scan with it every day. That's just not what this tool is for

Anthro could you please just relax about it?
--
It takes a disaster to make a woman out of a female
Gladiator Security Forum ]]> http://www.dslreports.com/forum/remark,9169872 Fri, 23 Jan 2004 18:40:22 EDT Re: CWShredder 1.46.4 Update http://www.dslreports.com/forum/remark,9169827 dolphins : That's odd, I didn't have that problem this time?
--
MIAMI DOLPHINS]]> http://www.dslreports.com/forum/remark,9169827 Fri, 23 Jan 2004 18:34:06 EDT Re: CWShredder 1.46.4 Update http://www.dslreports.com/forum/remark,9169801 anthrorules : And I've already done that, before extracting, I do CLOSE the CWShredder, and that damn Trojan Alert appears! :(

And this has NOT been a problem with previous versions!!!]]> http://www.dslreports.com/forum/remark,9169801 Fri, 23 Jan 2004 18:30:54 EDT Re: CWShredder 1.46.4 Update http://www.dslreports.com/forum/remark,9169788 dolphins : Merijn has already stated that you must close CWShredder before you replace the .exe

You can't replace an .exe file while it is running.
--
MIAMI DOLPHINS]]> http://www.dslreports.com/forum/remark,9169788 Fri, 23 Jan 2004 18:29:40 EDT Re: CWShredder 1.46.4 Update http://www.dslreports.com/forum/remark,9169500 anthrorules : I did and that does _not_ answer the questions or address the problems I've experienced. Thanks for the heads up anyways.]]> http://www.dslreports.com/forum/remark,9169500 Fri, 23 Jan 2004 18:01:58 EDT Re: CWShredder 1.46.4 Update http://www.dslreports.com/forum/remark,9166394 John2g : Don't know if you read this.

»CWShredder Update 1.46.3
--
Better to remain silent and be thought a fool, than to speak and remove all doubt. ]]> http://www.dslreports.com/forum/remark,9166394 Fri, 23 Jan 2004 12:09:02 EDT Re: CWShredder 1.46.4 Update http://www.dslreports.com/forum/remark,9166310 antiserious :
... when I ran into a slight problem with CWS a while ago, I got the program popup asking for an email to notify merijn of the problem, which I did - and never got a reply (still haven't) ... he/she may be busy, but don't be surprised if it takes a LONG time for him/her to reply, if at all, based on past experience ...

... good program, I guess (I have it, never needed it) ... but it must be hard for a part-time programmer to keep up with updating the program, let alone replying to users and their problems - kinda made me wonder why they would ASK for feedback if they weren't going to acknowledge or reply to it ...

... f w i w ...
--
... "I don't wanna go Uptown, baby ... all the friends I got are Downtown anyway" ... william topley]]> http://www.dslreports.com/forum/remark,9166310 Fri, 23 Jan 2004 11:55:32 EDT Re: CWShredder 1.46.4 Update http://www.dslreports.com/forum/remark,9166150 anthrorules : Again, the Trojan Alert!!!

Okay, here is what I'm doing to update the proggie:

1) Open CWShredder
2) Click on the "Check for Update" button
3) Click on the "Download and open the update"
4) WinZip opens and I extract the file over the existing the file

Now, when I delete the old version and replace it with the new version, the Trojan Alert does not appear, nor does the random string appear in the Program Information Bar.

HOWEVER, the steps I've followed above have _NOT_ been a problem in the past up until the release of 1.46.X versions.

Would the author of the program step forward and explain why this happening and why can't I simply extract the exe file over the old file???

Yes, I have sent him an email and he did not reply. Yes, I know he is busy, but this is highly annoying to say the least.
--
Earthlink/Direcway SRS - DW4000 | ver. 4.2.1.10 | Proxy/Port 83 | G4R | 970 | Dell Dimension 4550 - WinXP Pro SP1 - 768MB Ram |ZA+ 4.5 | AVG 7.0 - Resident | Bit Defender 7.1 Free - On-Demand |TDS-3 | Ad-Aware | SpyBot S&D | MailWasher Pro

Trojan Alert: 3 times now
Program - Random Strings

]]> http://www.dslreports.com/forum/remark,9166150 Fri, 23 Jan 2004 11:34:15 EDT CWShredder 1.46.4 Update http://www.dslreports.com/forum/remark,9166068 dp : »www.merijn.org/files/cwshredder.zip or through the program

]]> http://www.dslreports.com/forum/remark,9166068 Fri, 23 Jan 2004 11:22:45 EDT