Jump to content

CoolWebSearch, how to remove?

Farstrider

By Farstrider
in Networks and the Internet

 Share

Recommended Posts

Farstrider

Farstrider

Posted
Posted

CoolWebSearch is one of the worst Spyware infections. The latest variants use a Hidden DLL that is installed by taking over the file system's data stream and stealthing the DLL file. Some AntiVirus programs will detect and clean it from memory but as soon as your system is rebooted and another Internet connection made, it will reinstall itself.

I am trying to help someone remove this, we have tried CWShredder and a few things but nothing seems to work. Some help would be great! If this is some other place, sorry I looked and could not see. Thanks.

Link to comment
Share on other sites

Farstrider

Farstrider

Posted
  • Author
Posted

I am a Maxthon troll and do not bother with something that I consider inferior, but really, that does not solve the problem. Some constructive help here please!!!

Sorry, forgot to say that I do not have a problem, it is a friend on another forum!

Link to comment
Share on other sites
Martin Zugec

Martin Zugec

Posted
Posted

Hi Farstridder, CWS is really ugly guy :) Did U try CWShredder (new one!!!)?

I know version U R talking about - U must access infected computer from network - it is based on rootkit named Hacker Defender (by some strange accident it is originally from my country).

In winnt U will find two files with same name and different extension - one of them is sys, sorry, I cant remember details...

This rootkit hide some registre key, processes and one running service.

More information can be found here: http://www.megasecurity.org/trojans/h/hack...fender1.00.html

BTW common antispyware products wont help as U might notice - instead use antivirus (CWS is not problem, problem is rootkit). eTrust got this in database, I am sure about it...

P.S.: 2DigeratiPrime: This is not true. Firefox is not resistent against this threat... it is combination of virus/spyware

Link to comment
Share on other sites
Farstrider

Farstrider

Posted
  • Author
Posted

Thanks soulin, have tried CWShredder 2.12 December 2004 but does not work. As I said this bloke lives in the States and I live in South Africa and I am trying to help him but I am sure he is a bit of a rookie and will not manage anything that looks remotely complicated. ;)

Link to comment
Share on other sites
Farstrider

Farstrider

Posted
  • Author
Posted

He has tried all of these as soon as he reboots everything comes back!!

"The latest variants use a Hidden DLL that is installed by taking over the file system's data stream and stealthing the DLL file. Some AntiVirus programs will detect and clean it from memory but as soon as your system is rebooted and another Internet connection made, it will reinstall itself."

This seems to be the problem :}

Link to comment
Share on other sites
DigeratiPrime

DigeratiPrime

Posted
Posted

Actually I know its not completely true what I said, since spyware can be installed through other means such as P2P and some 'sponsor-ware'. But MOST people get Spyware through some 'weak' browser namely IE, the SIMPLE answer is Firefox.

Good luck with CWS I had to help someone with that once, i cannot remember how that went it was 2 years ago, ugh...

Want the Best of both worlds here is my advice:

1) Get Firefox (you knew that was coming). ;)

2) If user 'resists' try changing the Firefox Theme to Luna so it looks almost identical to IE. :angel

3) Install "IEview" extension in Firefox, so you can use IE when you need to. Set Internet Security to HIGH in Control Panel>Internet Options.

4) Enjoy the Internet as usual, but notice how free you feel since no longer get spyware on your machine and have to run adaware everyday. :thumbup

Link to comment
Share on other sites
Zxian

Zxian

Posted
Posted
But MOST people get Spyware through some 'weak' browser namely IE, the SIMPLE answer is Firefox.

I think the problem that he has is that he already has CWS on his computer and is trying to get rid of it. Simply installing Firefox won't get rid of CWS on his system since it's just a browser and not a cleaner.

Once he's cleaned the computer he might go over to Firefox.

I agree that Maxthon with SpywareBlaster and Spybot S&D's Immunize is good enough to block almost all spyware and is completely compatible with all websites right out of the box, no hassle to get working properly.

Link to comment
Share on other sites
Farstrider

Farstrider

Posted
  • Author
Posted
But MOST people get Spyware through some 'weak' browser namely IE, the SIMPLE answer is Firefox.

I think the problem that he has is that he already has CWS on his computer and is trying to get rid of it. Simply installing Firefox won't get rid of CWS on his system since it's just a browser and not a cleaner.

Once he's cleaned the computer he might go over to Firefox.

I agree that Maxthon with SpywareBlaster and Spybot S&D's Immunize is good enough to block almost all spyware and is completely compatible with all websites right out of the box, no hassle to get working properly.

I am glad to see that there are people out there who DO see a different perspective in terms of other folks preferences. I use Maxthon and Webroot Spysweeper and go where I like on the internet and never get infected with not much more than a few cookies!

Link to comment
Share on other sites
Farstrider

Farstrider

Posted
  • Author
Posted
I am the Firefox Troll, you need Firefox!  :yes:

An ounce of prevention is worth more than a pound of cure. 

In other words use Firefox and you will never see spyware -including CWS- again!

Firefox phishing vulnerability discovered:

A vulnerability in Firefox could make users of the open source browser more likely to fall for phishing scams. Secunia Research has discovered a vulnerability in Mozilla / Mozilla Firefox, which can be exploited to spoof the source displayed in the Download Dialog box. The problem is that long sub-domains and paths aren't displayed correctly, which therefore can be exploited to obfuscate what is being displayed in the source field of the Download Dialog box.

The vulnerability has been confirmed in Mozilla 1.7.3 for Linux, Mozilla 1.7.5 for Windows, and Mozilla Firefox 1.0. Other versions may also be affected. Currently, no solution is available. However, the vendor reports that this vulnerability will be fixed in upcoming versions of the affected products.

Oh dear what a pity.................................... :whistle:

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...