Moontanman Posted September 1, 2010 Share Posted September 1, 2010 I seem to have picked up a spy program that McAfee cannot remove. When I do a virus scan it picks the problem up but it cannot remove it. McAfee says it disables the problem but it cannot remove it and everytime i run a scan it picks it up again as active. Here is what it says the problem is HKLM\system\currentcontrolset\enum\root\legacy_zesoft Is this a problem I need to take further steps to remove? Link to comment Share on other sites More sharing options...
timo Posted September 1, 2010 Share Posted September 1, 2010 (edited) I would try to google and follow the first link: http://forums.majorgeeks.com/showthread.php?t=179091 EDIT: Admittedly, it doesn't answer IF it is a problem; only how someone got rid of it. Point is: if you're not finding the answer to such a basic (and non-scientific) question within an hour on google, then no one here will be able to help you, either. Edited September 1, 2010 by timo Link to comment Share on other sites More sharing options...
Cap'n Refsmmat Posted September 1, 2010 Share Posted September 1, 2010 Does it say that the name of this program is CoolWebSearch? Googling indicates that's associated with the registry key you listed there. If you're running Windows XP and this is indeed CoolWebSearch (according to McAffee), look here for other known symptoms and a download that will nuke it off your computer: http://free.antivirus.com/cwshredder/ (Trend Micro is a well-known antivirus vendor) Link to comment Share on other sites More sharing options...
Moontanman Posted September 1, 2010 Author Share Posted September 1, 2010 Does it say that the name of this program is CoolWebSearch? Googling indicates that's associated with the registry key you listed there. If you're running Windows XP and this is indeed CoolWebSearch (according to McAffee), look here for other known symptoms and a download that will nuke it off your computer: http://free.antivirus.com/cwshredder/ (Trend Micro is a well-known antivirus vendor) Ok, i did the CWShredder and it said I had no problem, McAfee said it was CoolWebSearch and that it could only disable it, possibly it removed it as well. Next time it pops up I'll do the CWShredder again instead of letting McAfee disable it, thanks Cap'n Link to comment Share on other sites More sharing options...
TonyMcC Posted September 1, 2010 Share Posted September 1, 2010 You could try restoring your computer to an earlier time and scan to see if the malware program disappears. If all else fails you could do a system restore to return your computer to its state when bought but of course you lose all your programs and data - save what you can first! I have an external hard disc which I use to store a mirror image of my C drive every now and then - so far I haven't had to use it. But in your position I would try that. Link to comment Share on other sites More sharing options...
Cap'n Refsmmat Posted September 1, 2010 Share Posted September 1, 2010 The trouble with external disks and an exact copy of your disk is if the virus gets copied onto the external disk, you're screwed. Windows Vista and 7 come with Windows Backup, which handles backing up everything important and keeping versions of files, so if they're corrupted by a virus you can restore them to an earlier version. (I think it can do that. I've not had to restore anything with it yet.) Hard drives tend to fail inconveniently, so get an external disk and run Windows Backup if you can. Link to comment Share on other sites More sharing options...
TonyMcC Posted September 1, 2010 Share Posted September 1, 2010 Agreed Cap'n - I meant a disc image captured from a time before the virus was imported. I keep images monthly and have several on the hard disc. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now