Can anyone advise me with a list of system files over-written by the CWS browser hijack?

Seems one of my brain surgeon programmers was using his compilation/development PC for internet browsing and he was hijacked.

Before he's flogged, I'd like to give him an opportunity at redemption.

Thanks!

Neal

We need a HiJackThis log to tell one CWS from the other. You can get it here: http://www.mjc1.com/mirror/hjt/


And warm up your flogging arm. There is a partcularly nasty vresion of CWS out there that does all sorts of strange things with a hidden DLL that is difficult to remove. But we can do it!

It's the v2 variant.

As requested before, we need a HJT log to clean or to advise any further.

Very few, if any system files are overwritten, and that dpeends on the exact CWS infection you have. Most common has been wmplayer.exe. Ther ehave b ee nsome reports of winlogon.exe being overwritten but I am not positive that is as a result of CWS.

If you R* entries have a link that is shown as (obsfucated), you have the 'about:blank' version, which is the real nasty.