Home Forums General Discussion Nasty Trojan: CoolWebSearch

Welcome to our forums. These forums were active from 2003-2014. We have now decided to close them down, but will leave them here as an archive.

Remember you can send us feedback, news, jobs and content ideas by clicking here.

If you're really stuck for time, email news@gamedevelopers.ie.

You can also follow us on Twitter @gamedev_ie 

 

 

This topic contains 9 replies, has 6 voices, and was last updated by  boadle 12 years, 9 months ago.

  • Author
    Posts
  • #3529

    boadle
    Participant

    Hi guys,

    Apologies for the non-gaming related thread. Iinterested I’m suffering from a very nasty Trojan called ‘CoolWebSearch’.

    It’s managed to install itself on my PC, and although it’s not destructive or replicating, it’s very troublesome as it:

    – renames your home page, and tries to download an .exe
    – adds adult pages to your favourites
    – open numerous pop-ups
    – hijacks some links
    – tries to kick off it’s own dialers#
    – re-installs itself on re-boot

    I’ve run CoolWebShredder, AdAware, Smyantec, SpyBot, BHO Demon, and all have tried some of the manual fixes online. These all seem to do the trick until I reboot, and – WHAM – it’s back.

    The problem seems to be that there are numerous variants of this (one guy claims a new iteration is made every week), and it’s very hard to diagnose which version you have. Coupled with some nasty and ingenious registry editting, this is one b*tch of a Trojan.

    Just got broadband installed last week, and this has certainly soured the bandwidth!

    I’d be interested to hear from anyone who has personal experience of this thing.

    Lewis

  • #15156

    Max Marshall
    Participant

    Check out Spy Sweeper. Its like the Dirty Harry of Spyware removal.

    http://www.spysweeper.com/spyware-remover-download.html

    Its only a free trial but I found loads of stuff on my computer with this program and it exterminated the lot of them.

    Have a go of it and see how it works out for you, Let me know how you get on.

  • #15158

    boadle
    Participant

    If AdAware and Symantec can’t keep up with the iterations, I remain sceptical about this working.

    Neverthless, I thank you Max, and will be sure to try it…

    Lewis

  • #15163

    kyotokid
    Keymaster

    Disconnect your PC from the net (pull out the cable), then run the programs

    I found this to be good (in addition to hand deleting folders and files from my PC):

    http://www.spywareinfo.com/~merijn/files/hijackthis.zip

    (It may be similar to BHO demon?)

    And spybot ofcourse :)

  • #15166

    ian_hannigan
    Participant

    Thanks Max!

    Spysweeper really IS the terminator of spyware removal ;)

  • #15172

    Jamie McCormick
    Keymaster

    Hi guys,

    I’ve a bit of a personal crusade against spyware so the first thing is if you’ve got XP get SP2, it protects against a bucketload of stuff like this.

    The best approach to this is a fairly broad one. Unfortunately, no single application will get rid of everything so you’ll have to use a combination of tools to get rid of it.

    Firstly, get CWShredder (http://www.spywareinfo.com/~merijn/files/CWShredder.exe) or if the link isn’t working google the filename. This is a program specifically designed to get rid of Cool Web Search. Once you’ve done that, then get yourself a copy of SpySweeper, SpyBot Search & Destroy and Ad Aware (all available free on download.com ) and run them. Once you’ve done that, and if you’re using XP download the SP2 AFTER you’ve cleared your system out.

    This should work, and keep them on your system if you get reinfected in the future.

    Jamie

  • #15176

    boadle
    Participant

    Thankyou all.

    I did download (and install) the SP2, CWShredder (he’s stopped updating it as he can’t keep up with the Trojan), HiJackThis, Spybot S&D and I already use AdAware.

    I have not tried SpySweeper (seeing as it is both the Terminator AND Dirty Harry – “Ha la Vista, Punk!”), but will do so tonight, then reinstall SP2. I have a feeling though, I’m going to have to go into the SystemReg manually. Something, as a non-techie, I am loathe to do.

    Thanks again for your assistance with this one. I understand your crusade Jamie: They really are malicious, aren’t they? This one is apparently coded by a bunch of Russians who get paid for eyeballs on ads the pop-ups force you to see. Next time, I’ll avert my eyes so they don’t get paid!

    L.

  • #15186

    Mick
    Participant

    Yeah there’s probably more to it than Cool Web Search that Adaware has. The main computer in work hasd had this for couple of months and I still can’t get rid of it. The trailware of Norton 2005 found 229 threats of adware on the computer! Regedit isn’t that bad, I didn’t like the thought of it either because it can wreck everything but so long as you only delete the right things your ok. Be careful of the pop ups it gives. One of them is for an adware remover. I think someone in work has downloaded and run it, which probably just gave us more adware than we previously had. Going to have to try to fix it again this weekend so I’ll let you know if I beat it. What I know so far: changes homepage, change this to whatever you want and it changes it back when explorer is closed. Changes registry, I started in safe mode and removed the 10 reg files that adaware found, but there was a file that it found that I couldn’t find or remove. Antivirus deletes one or two files, but doesn’t touch adware. Basically it has the beating of me, and it’s the computer with the Clocking Card, payroll + personal info software on it so really needs to be cleaned without system restore.

    But like I said if I get it fixed this weekend in work I’ll let you know how. Must try the stuff mentioned above.

  • #15187

    kyotokid
    Keymaster

    Check out Spy Sweeper. Its like the Dirty Harry of Spyware removal.

    http://www.spysweeper.com/spyware-remover-download.html

    Its only a free trial but I found loads of stuff on my computer with this program and it exterminated the lot of them.

    Have a go of it and see how it works out for you, Let me know how you get on. [/quote:b7e5eab8ae]

    This one seemed to find loads of stuff – 3 trojans???

  • #15309

    boadle
    Participant

    Thanks to all your advice, this is now sorted. Tried a combination of all the techniques recommended.

    Thankyou all, once again.

    Now, all set for GTA:SA, if I can just tear myself away from WWIIOnline.

    Lewis

The forum ‘General Discussion’ is closed to new topics and replies.