Cool Web Search Trojan

“My home computer has this thing.
I ran adaware and spybot but that didn't fix the problem.
Now my home system will not do anything internetwise. IE locks up and does nothing.

I truly wish a horrible punishment on the writer of this hijacker.”

“Check out Merijn.org”

“Get a copy of cwshredder. That'll take care of it.”

“Look on the spyware thread...There's something called cwshredder you can get to defeat this trojan.”

“Where is a safe site to download it from?
I'll have to do it from work and I sure as he11 don't want to get my work network infected by anything else.”

“SS
I just had this "trojan" deal last week. Norton quaranteened it, but there was a ton of adcrap on there.. My cousin took my computer and got rid of it somehow.... he added a software similar to a norton that scans and told me to do it as often as possible... I think it's called "adware" I will check tonight when I get home.... seems to be working fine so far....

Except when I try to sign into the bank, paypal, and a few other it keeps tell it is unable to sign on....”

“Try this site.

http://www.spywareinfo.com/~merijn/downloads.html”

“That's the site I downloaded cwshredder from. It was recommended by pc world magazine and worked fine on both of my machines.

They said it comes from some pop-ups on porn sites. Naughty boy.”

“I sincerely hope that one day?.. it's a CRIME to send down trojans and adware..

Ticks me off.. especially when they are so well written that you don't even get a warning that it is downloading.”

“Fight On! Go SC!”

“Oh gawd, I think I'm gonna puke....”

“I couldn't resist. Alumni thing. Sorry.”

“Ban pixie!

:-)”

“Noooooooooooooooooooooooooo!”

“I think I have it removed.
At least I can websurf again.”

“I didn't get it off my home machine.
Damn thing came back when I rebooted.
I can't get into my yahoo mail account. It redirected me to a page selling anti-spyware!!!!

Found some programs and tools I'll try this afternoon to fix the problem.

Found some good info on the scumware this is here.

Operating Systems Affected:
Windows 95, Windows 98, Windows NT, Windows 2000, Windows XP, Windows Me. CoolWebSearch and its variants will not affect Windows 3.x, Macintosh, OS/2, UNIX, or Linux .

Description:


CoolWebSearch is a particularly virulent scumware program, that commonly hijacks the browser and redirects a visitor to either CoolWebSearch or any of its affiliates. It is considered to be a 'crossbred' strain of scumware because it has the characteristics of both scumware and a trojan virus. Although it appears to be a scumware program, effectively disguising its true nature it is technically coded as a trojan. This makes detection of this particular program extremely difficult at times. McAfee Security provides a good definition of a Trojan:

"A Trojan horse program is a malicious program that pretends to be a benign application; a Trojan horse program purposefully does something the user does not expect. Trojans are not viruses since they do not replicate, but Trojan horse programs can be just as destructive. Many people use the term to refer only to non-replicating malicious programs, thus making a distinction between Trojans and viruses."

The difficulty in removing CoolWebSearch has increased with each release of the latest strain.

Common variants and updates:



One of the most common variants of the CWS trojan is one that directs users to the smartsearch.ws homepage. On February 2, 2004 the smartsearch.ws domain name was shut down and re-directions to that site turned up blank pages. Relief was shortlived - On February 8,2004 that name was changed to MagicSearch.ws and the scumbags happily contined to distribute this trojan.
During the period of February 11 - 14, 2004 the Merijn site as well as a few other anti-spyware sites were unacessible due to a massive DDOs attack. Updates for CoolWebShredder and other general functions of the site were unavailable. The site has since moved to new hosting to prevent a re-occurance of the problem. All old links should work unless directly referenced by an IP address.”

“Did anti-spam laws stop spam?

I don't think this will work either”

“TownDog - I read that Utah had passed a law making spyware illegal but a judge blocked its implementation.

There is a bill in Congress H.R.2929, that would ban spyware (call or write in support).”

“Ha ha! 44 seconds...”

“Missed it by that much.”

“I'm a bass turd, I know...”

“Once again. This isn't something we can legislate away no matter how much we would all like to.

Most of these guys are offshore or are operating through offshore shells.”

“This is a description of what the "trojan" can do. This could get somebody fired from their job! Very uncool:

"Problems with Adult Content:
Redirections to a variety of adult sites, telephone dialers etc.
Bookmarks to porn sites added to the favorites list (including potential child porn links)
Adult sites appearing incomplete in Internet Explorer
Redirections with mistyped URL's to adult sites
Targets of hyperlinks on websites changed to porn sites"”

“HPM: I realize that. It's like trying to stop ANY undesireable behaviour.. there are ways to get around it.

My sentiment is the same tho. The folks that write this stuff, need to treated like the international terrorists they are!”

“It changed my homepage to a page selling 'anti-spyware' programs, it will not let me get into my yahoo mail account (redirects me back to the new 'homepage'), and did add naughty links to my favs.”

“heh.. do I hear a VANILLA reboot coming?”

“Once you get CWS off your system, install a program called SpywareGuard. You can find it at wilderssecurity.com. It won't allow your homepage to be reset without your permission. Stops alot of the other stuff before it starts, as well. Of course as usual, get Spybot S&D and AdAware and run those regularly. Keep them updated.”

“are you using windows xp?”

“Win98 2nd ed”

“cwshredder program did not fix it.

Main bad thing it's doing so far is blocking me from yahoo mail.”

“bummer. windows xp has a system restore feature that will allow you to restore your system to how it was a few days (weeks?) ago. i don't know if 98 has that. in xp, it is located in programs, accessories, system tools. it is called system restore.

i'm suprised cwshredder didn't work for you. did you download it or run it from their site? try it both ways. if you run it from their site, it will probably be the most up-to-date version.”

“it might take a combination of things. cwshredder, spybot, etc. Also, go into your IE and delete cookies. sometimes that helps. You might need to reinstall IE. or if you haven't, upgrade to 6.whatever.”