I got this pest a couple days ago. It only hijacks your homepage and cause pop up windows but it is a nightmare, I just can't get rid of it. I followed the steps to remove all (or I think most files) on the Symantec website http://securityresponse.symantec.com/avcenter/venc/data/adware.searchcounter.html First I removed the executable (fntldr.exe) which causes an error message at start up. After resetting the registry entries for IE and restarting the PC I no longer get the 'Coolsearch" homepage , however the next day all the changes I made manually in the registry are reversed and my homepage is redirected to Coolsearch again. I cleaned the cache and history so I could not go to the infected website . I ran Pest Patrol but I could not see any file that appeared related. People who design such adware are the scum of the earth, if only I could find the company details I would send them some very nasty stuff
Try spybot - free and it works. Run it every few days once you get things cleaned up: http://www.safer-networking.org/index.php?page=spybotsd
After a Google search I read posts on forums that says Spybot and Adaware did not find that pest . The Symantec instructions do not remove the program. See 6th post http://forums.us.dell.com/supportfo...message.id=1264&view=by_date_ascending&page=2
Well this is obviously something very difficult to remove even for people a lot more knowledgeable than me. None of the anti spyware program can get rid of it and I don't undersatnd the more advanced instructions given on some other forums. So maybe I should just live with it (and change my homepage at startup) or reinstall IE.6 . Do I have to uninstall it or can I just update/download the newest version on top of the one I have (which I think is the latest)? I will try the fix suggested in the thread above though.
Sorry spybot does not work for you - did you do a Google search and sift through the results? There is bound to be someone who knows how to fix the problem...
There should be some sort of recourse that could be metered out to these folks. Try CWShredder. Go here: http://www.spywareinfo.com/~merijn/cwschronicles.html#cwshredder This has been the answer for me in the past. Make sure you update (latest version) it too. Hope this helps.
I followed the instructions given by this guy on dell.com I went back to the registry and did not find what he found but found a adware.searchcounter file that wouldn't show when running a search, and also another fntldr.exe file . I deleted those. Hopefully tomorrow no hijack of my homepage anymore, and I can say Adios searchcounter f*ckers! " had the same problem with this adware too. I have spybot installed âitâs a great program- but didnât removed the adware so I did a little of registry editing by myself to remove the adware. CAUTION !!! If you are unfamiliar with regedit donât do it unless you are very very sure. Always save your registry before you make any changes. Symantec helped with the registry until one point but I didnât remove the adware. Go to http://www.symantec.com/avcenter/venc/data/adware.searchcounter.html and do excactly what they say. This is how Symantec says the adware will be removed butâ¦.. THE ADWARE STILL KEEPS COMING BACK â¦. So I did some investigation by myself and came up with this: I thought that this adware must have an .exe file somewhere and run every time I run my IE so I searched in the registry and my computer and found that it creates an .exe in the windows path like this: (maybe the value changes) 73A08744BE78_4C68_91E8_AE13955031AE.exe and it was run in the registry: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Doc Find Spec MRU a= b=tips.ini c=hh.htt d=hh.htt e=hosts f=fntr*.* g=*.exe h=73A08744BE78_4C68_91E8_AE13955031AE.exe MRUList=hgfaedcb Just delete the values. The same in HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Doc Find Spec MRU Write your .exe file which is shown in the registry find it your computer and delete it too. This worked for me and until now the adware did not come back." PLEASE BE VERY CAREFUL WITH WHAT YOU ARE DOING. I WILL BE NOT RESPONSIBLE IF YOU DO ANY DAMAGE IN YOUR COMPUTER.
This sh*t is still hijacking my homepage. All the changes in the registry were reversed again except for the .exe file that I found yesterday. That one is gone along with the adware. searchcounter file.
I found a new fntldr.exe and another fastsearch and coolsearch files in the registry HKEY\USERS\.... I thought I had deleted that , although I don't recall seeing them all at the same place.