I have encounter problem of Trojan on my PC. I have thereafter
installed Noadware paid package which is detecting and removing the
infected files.

These infected files are reappearing again and again. The reports
generated read as under:

CoolWebSearch C:\Windows\default.css
CoolWebSearch C:\Windows\web\win.def
SearchCounter C:\Windows\web\tips.ini
SearchCounter C:\Windows\hh.htt
DesktopSearch HKEY_CLASSES_ROOT\PROTOCOL
DesktopSearch HKEY_LOCAL_MACHINE\SOFTWARE

I also have a AVG7 Profesional Edition Anti Virus Programme which is
unable to fix the problem.

The Internet Explorer default page is getting changed to about.blank

Another error message which I continuosly get is access denied to
C:Windows\Temp\se.dll

I am having Windows Milleneum Edition of Operating System.

Please fix the problem.

---

Request for Question Clarification by livioflores-ga on 14 May 2005 07:51 PDT

Please download HijackThis and post a log here.
For a HJT tutorial see:
http://www.bleepingcomputer.com/forums/index.php?showtutorial=42

Hello,

I just cleaned a friends PC yesterday with a similar problem. Let's
try this and see if we can get somewhere :

1) Download KillBot here -
   http://www.scanwith.com/Pocket_KillBox_download.htm

2) Download and install HiJack This to your desktop -
   http://www.majorgeeks.com/download3155.html

3) A few options, but what you want to end up doing is rebooting in safe mode.
   You can either run msconfig in the Run command box area and select safemode
   on the boot tab, or press F8 to get into safe mode after a reboot. Don't
   reboot just yet.

4) Run KillBox. Copy all the files you wish to delete to the clipboard. In your
   case, you can copy this :

   C:\Windows\default.css
   C:\Windows\web\win.def
   C:\Windows\web\tips.ini
   C:\Windows\hh.htt

   In Killbox, you'll see an option that says 'Copy from Clipboard'. Do that.
   Select remove on reboot, and the click the red X. It will confirm the deletes
   on reboot. (just say OK)

5) Now reboot in safe mode. Once you are at the main screen, navigate and run
   Hijack This. Check all the boxes with references to the files you wish to 
   correct and click FIX.

6) Now - reboot in normal mode, and run another HijackThis to see if the files
   and registry entries were indeed deleted.

   If not, you may have an executable somewhere that is recreating these files,
   and that needs to be found and removed in the same method as noted above.

I hope this gives you a little push in the right direction.

SgtCory

thats easy.... download adaware... spybot, spy sweeper, and spy doctor
(run them in safe mode) after your done go to
http://security.symantec.com/sscv6/default.asp?productid=symhome&langid=ie&venid=sym
and run a norton virus check to clean up any spyware or virul
infection and you are all set

http://www.merijn.org/ has extensive info on how to remove CWS
(CoolWebSearch) spyware.