dp
Go Steelers
Premium,MVM
join:2000-12-08
Greensburg, PA
 ·Verizon Online DSL
| CWShredder 1.46.4 Update
»www.merijn.org/files/cwshredder.zip or through the program |
|
anthrorules
Premium
join:2003-09-14
Rollinsville, CO
·Qwest.net
 ·IonSKY
| 
Trojan Alert: 3 times now | 
Program - Random Strings | |
Okay, here is what I'm doing to update the proggie:
1) Open CWShredder
2) Click on the "Check for Update" button
3) Click on the "Download and open the update"
4) WinZip opens and I extract the file over the existing the file
Now, when I delete the old version and replace it with the new version, the Trojan Alert does not appear, nor does the random string appear in the Program Information Bar.
HOWEVER, the steps I've followed above have _NOT_ been a problem in the past up until the release of 1.46.X versions.
Would the author of the program step forward and explain why this happening and why can't I simply extract the exe file over the old file???
Yes, I have sent him an email and he did not reply. Yes, I know he is busy, but this is highly annoying to say the least.
--
Earthlink/Direcway SRS - DW4000 | ver. 4.2.1.10 | Proxy/Port 83 | G4R | 970 | Dell Dimension 4550 - WinXP Pro SP1 - 768MB Ram |ZA+ 4.5 | AVG 7.0 - Resident | Bit Defender 7.1 Free - On-Demand |TDS-3 | Ad-Aware | SpyBot S&D | MailWasher Pro |
|
antiserious
The Future ain't what it used to be
Premium
join:2001-12-12
Scranton, PA
|
... when I ran into a slight problem with CWS a while ago, I got the program popup asking for an email to notify merijn of the problem, which I did - and never got a reply (still haven't) ... he/she may be busy, but don't be surprised if it takes a LONG time for him/her to reply, if at all, based on past experience ...
... good program, I guess (I have it, never needed it) ... but it must be hard for a part-time programmer to keep up with updating the program, let alone replying to users and their problems - kinda made me wonder why they would ASK for feedback if they weren't going to acknowledge or reply to it ...
... f w i w ...
--
... "I don't wanna go Uptown, baby ... all the friends I got are Downtown anyway" ... william topley |
|
John2g
Qui Tacet Consentit
Premium
join:2001-08-10
England | reply to anthrorules
Don't know if you read this.
»CWShredder Update 1.46.3
--
Better to remain silent and be thought a fool, than to speak and remove all doubt. |
|
anthrorules
Premium
join:2003-09-14
Rollinsville, CO | I did and that does _not_ answer the questions or address the problems I've experienced. Thanks for the heads up anyways. |
|
dolphins
Miami Dolphins
Premium
join:2001-08-22
Westville, NJ | reply to dp
Merijn has already stated that you must close CWShredder before you replace the .exe
You can't replace an .exe file while it is running.
--
MIAMI DOLPHINS |
|
anthrorules
Premium
join:2003-09-14
Rollinsville, CO
1 edit | And I've already done that, before extracting, I do CLOSE the CWShredder, and that damn Trojan Alert appears! 
And this has NOT been a problem with previous versions!!! |
|
dolphins
Miami Dolphins
Premium
join:2001-08-22
Westville, NJ | That's odd, I didn't have that problem this time?
--
MIAMI DOLPHINS |
|
CalamityJane
Premium,VIP,MVM
join:2002-08-27
Eustis, FL
| reply to anthrorules
said by anthrorules  :
And I've already done that, before extracting, I do CLOSE the CWShredder, and that damn Trojan Alert appears!
And this has NOT been a problem with previous versions!!!
I have a question. Why are you running this program anyway if you are not infected with a CWS trojan? And nagging the thread here constantly about something the developer has already explained?
I notice that most members here are patient and realize that this is just a glitch and really don't want to bother Merijn when there are so many other important things he is doing (like battling these guys and developing the software to do it).
In fact, most of the folks who have this program aren't infected either. We keep it around for helping folks who are and keeping up with it's development, but certainly don't feel compelled to scan with it every day. That's just not what this tool is for
Anthro could you please just relax about it?
--
It takes a disaster to make a woman out of a female
Gladiator Security Forum |
|
anthrorules
Premium
join:2003-09-14
Rollinsville, CO
·Qwest.net
·IonSKY
| Why?
Because with every new update, I run to check to make sure that I'm not infected, that's way.
And the program has gotten more glitchy in most recent releases. I'd just like the author to explain some of the glitches and how they can be resolved, that is all.
And as I mentioned I already emailed the author about this and no reply, and since the author frequents this forum, I thought he'd respond here, which he briefly did, but his response did not address my questions or concerns.
--
Earthlink/Direcway SRS - DW4000 | ver. 4.2.1.10 | Proxy/Port 83 | G4R | 970 | Dell Dimension 4550 - WinXP Pro SP1 - 768MB Ram |ZA+ 4.5 | AVG 7.0 - Resident | Bit Defender 7.1 Free - On-Demand |TDS-3 | Ad-Aware | SpyBot S&D | MailWasher Pro |
|
CalamityJane
Premium,VIP,MVM
join:2002-08-27
Eustis, FL
| concern? about what? He has already explained that popup does not mean you have an infection.
As for your questions, I would rather see Merijn concentrating on the new variant that blocks all of the major security websites.
BTW - Coolwebsearch and it's many variants most often use the byteverify exploit for which there is a patch available for Windows. If you do not have it, you should. What other measures have you taken to secure your browser? I'm wondering because you seem overly concerned about getting this particular one to be scanning with it everyday.
Here is link to help you (it has the links for the updates you should have)
The CoolWebSearch Chronicles
The story of a thousand hijacks
»www.merijn.org/cwschronicles.html
--
It takes a disaster to make a woman out of a female
Gladiator Security Forum |
|
anthrorules
Premium
join:2003-09-14
Rollinsville, CO
·Qwest.net
·IonSKY
| Thanks for the info...and my computer is _always_ up to date, so that is not an issue.
I'd rather that Merijn do both, focus on the new variants, but also address glitches and bugs in his programs.  |
|
Skipdawg
The Original
Premium,ExMod 2001-03
join:2001-04-19
The Void
1 edit | reply to dp
OK I did a clean install of CWShredder 1.46.4 Update all went well. I'll wait and see if this trojan alert problem pops up with the 1.46.5 Update.
--
Proud US Navy Veteran! |
|
dolphins
Miami Dolphins
Premium
join:2001-08-22
Westville, NJ | reply to anthrorules
Are you replacing a shortcut to CWShredder.exe with the original .exe?
I think that would produce the results your getting?
Just a thought!
--
MIAMI DOLPHINS |
|
madirish
Premium
join:2003-08-04
Cleveland, OH
| reply to dp
Hi all,I was getting the same alert the others were getting since version 1.46 .I would always run cwshredder and then check for and download a new version(when available).
After reading here and at other boards of the alert(the same as I was getting),I downloaded 1.46.4,not with cwshredder checking for new version,removed old version-folder and all-and moved the new version into d:/program files and I have not had any alert since. |
|
Name Game
Premium
join:2002-07-07
North Myrtle Beach, SC
| reply to anthrorules
said by anthrorules :
Thanks for the info...and my computer is _always_ up to date, so that is not an issue.
I'd rather that Merijn do both, focus on the new variants, but also address glitches and bugs in his programs.
Hey here is another good read for ya
As I am very busy with school, programming and other things, I will not have time to check each and every log you guys send in to me. Thankfully, there are numerous support forums out there that will take the time to go over your log with you. Here are a few good ones (keep in mind there are dozens of forums out there I dont even know about that help with Hijackthis logs so they may not be listed here).
»www.merijn.org/forums.html
--
Gladiator Security Forum »www.gladiator-antivirus.com/ Missing Kidshttp://www.missingkids.com/ |
|
spy1
Welcome to Amerika
Premium
join:2002-06-24
Charlotte, NC
| reply to madirish
It almost seems as though a newly-d/l'ed version of CWS is detecting CW in the existing version of CWS, doesn't it?
(And, before everyone starts jumping up and down over that one - I DON'T mean that there's anything hinky in CWS itself - just that the newer versions may picking up something [who knows - a plain text something? A listed address?] within an existing version that sets it off and causes it to go "Stealth").
At any rate, deleting your previous version of CWS and simply d/l'ing the newer version from the link given above works perfectly well for now. I'm sure that Merijn will address whatever needs addressed when he gets a chance.
I believe NameGame has been advocating deleting/then re-d/l'ing from the link for quite some time now - even before the current problems started.
I never actually run CWS anymore - I just do the "Scan Only":
CWShredder v1.46.5 scan only report
Windows XP (5.01.2600 SP1)
Windows dir: G:\WINDOWS
Windows system dir: G:\WINDOWS\system32
AppData folder: G:\Documents and Settings\Pete Yevchak\Application Data
Username: Pete Yevchak
Found Hosts file: G:\WINDOWS\system32\drivers\etc\hosts (752892 bytes, A)
Shell Registry value: HKLM\..\WinLogon [Shell] Explorer.exe
UserInit Registry value: HKLM\..\WinLogon [UserInit] G:\WINDOWS\system32\userinit.exe,
CWS.Oslogo (if value is 2) Registry value: Domains: *.coolwebsearch.com [*] dword:4
CWS.Oslogo (if value is 2) Registry value: Domains: *.coolwwwsearch.com [*] dword:4
CWS.Googlems.2 (if value is 2) Registry value: Domains: *.xxxtoolbar.com [*] dword:4
CWS.Googlems.4 (if value is 2) Registry value: Domains: *.teensguru.com [*] dword:4
Found Win.ini file: G:\WINDOWS\win.ini (671 bytes, A)
Found System.ini file: G:\WINDOWS\system.ini (452 bytes, A)
- END OF REPORT -
Of course, I'd run it in a heartbeat if either AA or SBS&D indicated the need to. Pete
--
Compaq Presario 7110US, 1.3GHz ThunderBird, 768MB RAM, 60.0GB HD, WinXP Pro w/SP1, TDS-3, WormGuard, Port Explorer v1.8, Process Guard v.1.150, NOD32, The Cleaner Professional 4.0, OutPost Pro, ALL javacool programs, SBS&D, SPYCOP, AA |
|
Skipdawg
The Original
Premium,ExMod 2001-03
join:2001-04-19
The Void
 ·surpasshosting
| reply to dp
OK on one machine I did the update and got that same old alert and the other deleted the old and did a clean install and no problem.
So it is the updating process that is buggy!
spy1 I think ya caught that nail square on the head when ya hit it.
--
Proud US Navy Veteran! |
|
