Farstrider Posted January 4, 2005 Posted January 4, 2005 CoolWebSearch is one of the worst Spyware infections. The latest variants use a Hidden DLL that is installed by taking over the file system's data stream and stealthing the DLL file. Some AntiVirus programs will detect and clean it from memory but as soon as your system is rebooted and another Internet connection made, it will reinstall itself.I am trying to help someone remove this, we have tried CWShredder and a few things but nothing seems to work. Some help would be great! If this is some other place, sorry I looked and could not see. Thanks.
DigeratiPrime Posted January 4, 2005 Posted January 4, 2005 I am the Firefox Troll, you need Firefox! An ounce of prevention is worth more than a pound of cure. In other words use Firefox and you will never see spyware -including CWS- again!
Farstrider Posted January 4, 2005 Author Posted January 4, 2005 I am a Maxthon troll and do not bother with something that I consider inferior, but really, that does not solve the problem. Some constructive help here please!!!Sorry, forgot to say that I do not have a problem, it is a friend on another forum!
Martin Zugec Posted January 4, 2005 Posted January 4, 2005 Hi Farstridder, CWS is really ugly guy Did U try CWShredder (new one!!!)?I know version U R talking about - U must access infected computer from network - it is based on rootkit named Hacker Defender (by some strange accident it is originally from my country).In winnt U will find two files with same name and different extension - one of them is sys, sorry, I cant remember details...This rootkit hide some registre key, processes and one running service. More information can be found here: http://www.megasecurity.org/trojans/h/hack...fender1.00.htmlBTW common antispyware products wont help as U might notice - instead use antivirus (CWS is not problem, problem is rootkit). eTrust got this in database, I am sure about it...P.S.: 2DigeratiPrime: This is not true. Firefox is not resistent against this threat... it is combination of virus/spyware
Farstrider Posted January 4, 2005 Author Posted January 4, 2005 Thanks soulin, have tried CWShredder 2.12 December 2004 but does not work. As I said this bloke lives in the States and I live in South Africa and I am trying to help him but I am sure he is a bit of a rookie and will not manage anything that looks remotely complicated.
Drewdatrip Posted January 4, 2005 Posted January 4, 2005 Get the latest Ad-aware and Spybot Search and destroy.Make sure to get the lastest updates within the programs.Run both those apps and CWS should be gone.|Drew|
Farstrider Posted January 4, 2005 Author Posted January 4, 2005 He has tried all of these as soon as he reboots everything comes back!!"The latest variants use a Hidden DLL that is installed by taking over the file system's data stream and stealthing the DLL file. Some AntiVirus programs will detect and clean it from memory but as soon as your system is rebooted and another Internet connection made, it will reinstall itself."This seems to be the problem
DigeratiPrime Posted January 4, 2005 Posted January 4, 2005 Actually I know its not completely true what I said, since spyware can be installed through other means such as P2P and some 'sponsor-ware'. But MOST people get Spyware through some 'weak' browser namely IE, the SIMPLE answer is Firefox.Good luck with CWS I had to help someone with that once, i cannot remember how that went it was 2 years ago, ugh...Want the Best of both worlds here is my advice:1) Get Firefox (you knew that was coming). 2) If user 'resists' try changing the Firefox Theme to Luna so it looks almost identical to IE. 3) Install "IEview" extension in Firefox, so you can use IE when you need to. Set Internet Security to HIGH in Control Panel>Internet Options. 4) Enjoy the Internet as usual, but notice how free you feel since no longer get spyware on your machine and have to run adaware everyday.
Martin Zugec Posted January 4, 2005 Posted January 4, 2005 Maxthon with SP2 is enough strong against spyware... Dont see any reason why to use another browser
Farstrider Posted January 4, 2005 Author Posted January 4, 2005 Maxthon with SP2 is enough strong against spyware... Dont see any reason why to use another browserNuff said!
Zxian Posted January 4, 2005 Posted January 4, 2005 But MOST people get Spyware through some 'weak' browser namely IE, the SIMPLE answer is Firefox.I think the problem that he has is that he already has CWS on his computer and is trying to get rid of it. Simply installing Firefox won't get rid of CWS on his system since it's just a browser and not a cleaner.Once he's cleaned the computer he might go over to Firefox.I agree that Maxthon with SpywareBlaster and Spybot S&D's Immunize is good enough to block almost all spyware and is completely compatible with all websites right out of the box, no hassle to get working properly.
Farstrider Posted January 4, 2005 Author Posted January 4, 2005 But MOST people get Spyware through some 'weak' browser namely IE, the SIMPLE answer is Firefox.I think the problem that he has is that he already has CWS on his computer and is trying to get rid of it. Simply installing Firefox won't get rid of CWS on his system since it's just a browser and not a cleaner.Once he's cleaned the computer he might go over to Firefox.I agree that Maxthon with SpywareBlaster and Spybot S&D's Immunize is good enough to block almost all spyware and is completely compatible with all websites right out of the box, no hassle to get working properly. I am glad to see that there are people out there who DO see a different perspective in terms of other folks preferences. I use Maxthon and Webroot Spysweeper and go where I like on the internet and never get infected with not much more than a few cookies!
Drewdatrip Posted January 4, 2005 Posted January 4, 2005 Once again:Install Ad-aware and Spybot update them and do full system scans.The lastes patches take care of all CWS varients|Drew|
Farstrider Posted January 6, 2005 Author Posted January 6, 2005 I am the Firefox Troll, you need Firefox! An ounce of prevention is worth more than a pound of cure. In other words use Firefox and you will never see spyware -including CWS- again!Firefox phishing vulnerability discovered:A vulnerability in Firefox could make users of the open source browser more likely to fall for phishing scams. Secunia Research has discovered a vulnerability in Mozilla / Mozilla Firefox, which can be exploited to spoof the source displayed in the Download Dialog box. The problem is that long sub-domains and paths aren't displayed correctly, which therefore can be exploited to obfuscate what is being displayed in the source field of the Download Dialog box.The vulnerability has been confirmed in Mozilla 1.7.3 for Linux, Mozilla 1.7.5 for Windows, and Mozilla Firefox 1.0. Other versions may also be affected. Currently, no solution is available. However, the vendor reports that this vulnerability will be fixed in upcoming versions of the affected products.Oh dear what a pity....................................
gamehead200 Posted January 6, 2005 Posted January 6, 2005 Get HijackThis, run it, and post your log here...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now