feclnogn
New member
I thought I would let you guys know about an evil trojan that is transmitted by popups and not email to your machine. I just spent the last two days trying to figure out how to get rid of it. I just got a new computer on Wednesday and two days later (friday) had it infected. Here is some info from another forum
there are now nearly 10,000 Coolwebsearch affiliates!
They do this as a "Pay-per-Click" scheme, basically getting a few cents for each user that gets hijacked to Coolwebsearch or one of it's major affiliates. Nice guys huh? Most of these affiliates are Adult related, so be careful where you surf and practice Safe Hex!
One of the newer tricks Coolwebsearch uses is to block the infected user from accessing most major anti-spyware programs and sites. Download: CWS.SmartKiller from SpyBot S&D. If you can not access Merijn.org or you get redirected, use the direct IP address instead, this bypasses the HOSTS file hijack. Download: [HijackThis] [CWShredder]
This trojan messes up your reg files in IE and sets your homepage to one of the cool web search affiliates. It also places about 50 shortcuts to websites in your favorites folder and if you delete them they come right back. This trojan also blocks you from going to websites that have the software to fix it. It opens up a window that says access denied or it just opens up a blank page.
I hooked up my old computer and went to this link
http://www.spywareinfo.com/~merijn/downloads.html
I would recomend downloading the CWS shredder app if for future use you need it. Better to have it and not need it. If you do get this trojan you will not be able to download the software.
here is some more info copy and pasted from the above line
<BLOCKQUOTE>quote:</font><HR> This is an article which details the variants of the browser hijacker known as CoolWebSearch (CWS). In the last few months, the people behind this name have succeeded in becoming (IMHO) an even bigger nuisance than the now infamous Lop.
The difficulty of removing CWS from a user's system has grown from slightly tricky in the first variant to virtually impossible for the latest few. Some of the variants even used methods of hiding and running themselves that had never been used before in any other spyware strains.
The chronological order in which the CWS variants appeared is detailed here, along with the approximate dates when they appeared online. However, since the evil programmers of CWS have released over two dozen versions of their hijacker on the advertising market in such a short time, and are crunching out new ones steadily practically every week, this document might be out of date at times.
The CWShredder tool to remove Coolwebsearch will always be up to date and is updated as fast as possible when new variants emerge.<HR></BLOCKQUOTE>
<FONT COLOR="#800080" SIZE="1">[ 01-31-2004 12:13: Message edited by: feclnogn ]</font>
there are now nearly 10,000 Coolwebsearch affiliates!
They do this as a "Pay-per-Click" scheme, basically getting a few cents for each user that gets hijacked to Coolwebsearch or one of it's major affiliates. Nice guys huh? Most of these affiliates are Adult related, so be careful where you surf and practice Safe Hex!
One of the newer tricks Coolwebsearch uses is to block the infected user from accessing most major anti-spyware programs and sites. Download: CWS.SmartKiller from SpyBot S&D. If you can not access Merijn.org or you get redirected, use the direct IP address instead, this bypasses the HOSTS file hijack. Download: [HijackThis] [CWShredder]
This trojan messes up your reg files in IE and sets your homepage to one of the cool web search affiliates. It also places about 50 shortcuts to websites in your favorites folder and if you delete them they come right back. This trojan also blocks you from going to websites that have the software to fix it. It opens up a window that says access denied or it just opens up a blank page.
I hooked up my old computer and went to this link
http://www.spywareinfo.com/~merijn/downloads.html
I would recomend downloading the CWS shredder app if for future use you need it. Better to have it and not need it. If you do get this trojan you will not be able to download the software.
here is some more info copy and pasted from the above line
<BLOCKQUOTE>quote:</font><HR> This is an article which details the variants of the browser hijacker known as CoolWebSearch (CWS). In the last few months, the people behind this name have succeeded in becoming (IMHO) an even bigger nuisance than the now infamous Lop.
The difficulty of removing CWS from a user's system has grown from slightly tricky in the first variant to virtually impossible for the latest few. Some of the variants even used methods of hiding and running themselves that had never been used before in any other spyware strains.
The chronological order in which the CWS variants appeared is detailed here, along with the approximate dates when they appeared online. However, since the evil programmers of CWS have released over two dozen versions of their hijacker on the advertising market in such a short time, and are crunching out new ones steadily practically every week, this document might be out of date at times.
The CWShredder tool to remove Coolwebsearch will always be up to date and is updated as fast as possible when new variants emerge.<HR></BLOCKQUOTE>
<FONT COLOR="#800080" SIZE="1">[ 01-31-2004 12:13: Message edited by: feclnogn ]</font>