I ran a free antispyware scan with XoftSpy from www.paretologic.com and it listed that my notebook is infected with CWS.Oslogo (type: registry value; threat level: Severe risk;object: software\microsoft\internet explorer\styles\user stylesheet ) .
For removing this registry entry I was asked to purchase the XoftSpy program.
What are the ways/instructions to MANUALLY & SAFELY edit the Windows registry in order to get rid of this malicious registry entry?
CWS is one of a group of browser hijackers and Browser Helper Objects (BHOs) that have become famous for their prevalence and global influence. It exploits security holes in a Web browser (often Internet Explorer and its Java Virtual Machine) to install itself and direct all browser default pages, address bar searches and search engine searches to other web search pages. Oslogo slows down Internet Explorer considerably and periodically changes the homepage and search page to other websites.
2007-12-14 07:37:35 · 4 answers · asked by giorgio777 1 in Computers & Internet ➔ Software
Sounds like you have the latest TrojanWin32 hijacker. This malicious virus is designed to interrupt browsing and give you some minor connection problems in the hop that the site currently dispensing it will get you to pay for their removal software.
YOU DO NOT NEED TO DOWNLOAD THEIR VIRUS SOFTWARE TO REMOVE THIS!
I spent almost four hours over the phone last night walking my friend (who is almost completely computer illiterate) through this.
I think you will have a much easier time.
First off messing with the registry is always a bad idea and not necessary in this case.
Sounds like it is doing the same thing to you that it is doing to everyone else.
The simple fix to this is;
Step #1) to go to http://www.download.com
and download yourself a copy of AVG free edition 7.5.503.
This softwre is absolutely free and one of the highest rated anti virus systems out there (reseach it yourself).
If the hijacker pops up right before the last second of verifying the download, restart your computer and see if it's in there (AVG).
It should be, but in the remote case it is not repeat step one.
Step#2) Once you have AVG free loaded, run a scan and the anti virus should capture the TrojanWin32 and quarantine it. Afterward you can delete it from th virus vault.
In the remote chance this does not work and you are running Windows Vista you can simply do a system restore to alleviate the problem. This is done as follows:
1)go to start
2)Control panel
3)Click the icon marked backup and restore center
4)Click the option marked “Use System restore to fix problems and undo changes to Windows”
5)The system will give you a recommended restore point. If the date on the recommended restore point is prior to the date that the virus was downloaded choose that. If not, or you are uncertain of the date that the Trojan was first was downloaded, choose an earlier (different) restore point.
6)Remember that any other programs that were downloaded after that date (restore point) will ot be present after the system resets itself, however files and documents saved, or created from that point, will not be affected.
Good luck.
2007-12-14 07:52:13 · answer #1 · answered by Dolfy 3 · 0⤊ 0⤋
aight, your gonna want to do this only if you are certain that the machine you are running on won't crash under pretty intensive cpu activity.
delete the following keys from the registry:
1.there should be a couple of folders throughout the registry that are literally named "no information". search for these, and delete them.
2: delete the following ONLY if the key and value are both EXACTLY like the ones below.
Key: software\microsoft\internet explorerinternet0%\Styles
Value: User Stylesheet
• Key: software\microsoft\internet explorerinternet0%\Main
Value: Default_Page_URL
• Key: software\microsoft\internet explorerinternet0%\Main
Value: Default_Search_URL
• Key: software\microsoft\internet explorerinternet0%\Main
Value: Start Page
they look like valid windows keys, but that is because the program attempts to imitate existing windows keys that are good and wont harm your system.
Even with this list of things to delete, i definitely dont recommend toying around with the registry, you would be far better off getting some sort of program. also, make sure that a process with the same name as the virus is running in the process list that you can bring up with CTRL ALT DEL. if the process isnt running, and you didnt start it, it doesnt exist on your machine and the whole thing is probly a scam.
2007-12-14 07:51:07 · answer #2 · answered by shadow_dude_guy 1 · 0⤊ 0⤋
It's a scam. Don't buy XsoftSpy. If you are talking about Cool Web Search (CWS), use Trend Micro's CWShredder which is absolutely free. Trend Micro is a well established maker of security software. Once you have downloaded the program, just double click it to start the scan. There is no need for installation. If it finds something, you can use it to remove any malicious files.
CWShredder link (http://us.trendmicro.com/us/products/personal/CWShredder/index.html)
2007-12-14 07:47:16 · answer #3 · answered by What the...?!? 6 · 0⤊ 0⤋
Hijack.regedit
2016-11-04 23:43:50 · answer #4 · answered by ? 4 · 0⤊ 0⤋