Have been hijacked by Coolsearch

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by andrewec, Nov 7, 2004.

  1. andrewec

    andrewec Private E-2

    Problem removing cws/coolwebsearch/coolsearch.biz

    Hi,

    I was working on my friend's computer and got very frustrated. The details are below so that other user's won't waste time and maybe make some progress. Note that I had no success but you might find the information below useful.

    I didn't successfully remove coolsearch.biz aka coolwebsearch aka cws spyware, however I made some progress towards removing it.

    These are the steps that I took.

    1) Ran Adaware 6.0: no effect
    2) Ran Spybot Search and Destroy: no effect
    3) Ran cwshredder version 1.591: destroyed one version of coolsearch.biz but it came back in another variant
    4) Ran cwshredder version 2.00: no effect
    5) Ran spysubtract: no effect, computer did not install spysubtract
    6) Rebooted into safe mode by pressing F8 a few times upon startup.
    7) Ran spysubtract again: This time it got installed. This is the only spyware removal tool that I have seen that actually detected (supposedly) all the registry entries for coolsearch.biz (I am aware that cwshredder is packaged into this tool).
    8) Deleted the registry keys/files that spysubtract suggested as well as some other spyware: media tickets etc.
    9) Rebooted the computer
    Coolsearch.biz came back. At this point I wanted to tear my hair out!

    Notes:
    --------

    Interesting behaviour I discovered about coolsearch.biz. If it is already loaded in a browser window, you can surf the sites that it previously redirects. If you close the browser and reopen it those sites will once again be redirected to coolsearch.biz. If you surf those sites in the same browser window as coolsearch.biz has been opened in then it won't redirect you to other sites. After a while however, it will try to redirect you to a porn site 0402 something? which is where I think coolsearch.biz got onto my friend's computer in the first place because it then tried to plant some trojan horses onto my friend's computer; several of them.

    Andrew.
     
    Last edited by a moderator: Nov 7, 2004
    andrewec, Nov 7, 2004
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Re: Problem removing cws/coolwebsearch/coolsearch.biz

    I split you off into your own thread.

    Please follow all the steps in this Sticky thread < READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal >

    Note: Your Ad-Aware is out of date. Get the proper version while doing the steps above.

    If you already have any of the programs linked in the tutorial please double check your version to make sure you have the latest one and that you have any/all updates for the programs.

    NOTE: In order to resolve the issues you are having it is very important that you at least try to perform all the steps as outlined. If you have any difficulty please post back letting us know what steps you have completed, what you found while doing the scans if anything and details about any problems you have encountered in completing the steps. The more details you can provide the better.
     
    chaslang, Nov 7, 2004
    #2

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds