"CoolWebSearch" is Evil...

Discussion in 'Windows Desktop Systems' started by melon, Jan 5, 2005.

  1. melon

    melon MS-DOS 2.0 Political User

    Messages:
    854
    Location:
    Ásgarðr
    Yes, I would say that this adware/spyware is certifiably evil. It mutates faster than the spyware removal programs can keep up with, and, even then, it does a hell of a job of thwarting them.

    In case any of you happen to run into this, here's a good removal guide:

    http://www.msd2d.com/newsletter_tip.aspx?id=f05ca724-a6d1-4725-ada5-04667ae8d5fe&section=Server

    Even then, this guide isn't perfect. My CWS variant had mutated into something else, mimicking "winlogon.exe" in a different "inet*" folder. The manual removal process, though, works, if you can figure it out.

    This is what I get for using my brother's computer for a few days. I end up spending a day installing all the Windows Updates (including SP2), updating all the antivirus software, and installing anti-spyware programs. I wish I had a laptop!

    Melon
     
    NetRyder likes this.
  2. NetRyder

    NetRyder Tech Junkie Folding Team

    Messages:
    13,256
    Location:
    New York City
    How did you acquire it? :s
     
  3. melon

    melon MS-DOS 2.0 Political User

    Messages:
    854
    Location:
    Ásgarðr
    Well, it was my brother's computer, not mine. He left his system completely unpatched for months, and who knows what kind of sites he visited!

    My own PC, thankfully, has been spyware/virus free for a very long time.

    Melon
     
  4. NetRyder

    NetRyder Tech Junkie Folding Team

    Messages:
    13,256
    Location:
    New York City
    That's too bad. :ermm:
    Thanks for posting the link to the removal guide. Might come in handy for anyone else who faces a similar problem.

    (I agree with your comment about the death penalty for malware creators, by the way :p)
     
  5. j79zlr

    j79zlr Glaanies script monkey Political User

    Messages:
    2,725
    Location:
    Chicago
    CWShredder will kill most CWS infections, but some need to be done manually like the infection here: http://castlecops.com/postp418784.html

    The main thing to do to avoid CWS infections is to use Sun's Java which doesn't have the JAva Byte Verify exploit that CWS uses to infect. It has been known to infect a fully updated MSJVM.

    Of course not using IE is the best defense against spyware.
     
  6. Kr0m

    Kr0m Moderator

    Messages:
    1,390
    Location:
    Turtle Island
    Yeah, I've had to clean a few machines for some 'n00b' friends of this thing. I ended up just hosing the drives since all 3 people had their PCs so full of virii and spyware that I figure'd it'd be easier in the long run.
    [rant]people just don't learn, 2/3 are repeat 'customers' and refuse to listen to anything I advise them, ie: simple as keeping their AV up-to-date). Ah well, more money for me! The first cleaning I'll do as a favor/free but after that it's $ time.[/rant]
     
  7. VenomXt

    VenomXt Blame me for the RAZR's Folding Team

    Messages:
    3,453
    Location:
    Houston, Texas
    all i do is clean comp sometimes. **** i come over to a friends house to watch a movie and somehow i end up fixing crap lol. i needto figure out how to charge money.
     
  8. Kr0m

    Kr0m Moderator

    Messages:
    1,390
    Location:
    Turtle Island
    Hmm, those smileys in the ad at the time of writing this sure are tempting... ugh, must resist.... oh wait, mywebsearch stuff, isn't that spyware? even though in it's TOS it claims it isn't? or is this just some technical bs...