Jump to content

CoolWebSearch

From Wikipedia, the free encyclopedia
This is an old revision of this page, as edited by Cage with no bars. (talk | contribs) at 13:13, 15 April 2008. The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

CoolWebSearch (also known as CoolWWWSearch or abbreviated as CWS) first appeared in May 2003 and is well known as a spyware program which installs itself on Windows based computers.

Effects

CoolWebSearch has numerous effects when it is successfully installed on a user's computer. The program can change an infected computer's web browser homepage to coolwebsearch.com, and although originally thought to only work on Internet Explorer, recent variants affect Mozilla Firefox as well as others. It can also create pop-up ads that redirect to other websites including pornography sites, collect private information about users and slow the speed of infected computers. Coolwebsearch uses innovative techniques to evade detection and removal, and as such many common spyware removal programs fail to properly remove the software.


Some versions of CoolWebSearch can be installed through drive-by installation, in which a computer browsing a webpage automatically installs CWS. CWS itself attempts to evade others by not labelling its ads, not providing an EULA, not providing any data about itself and not having a website. Certain variants insert links on random text, leading to advertiser websites. Other attempts to access websites are redirected to pay-per-click search engines that may install more malware display ads. Some variants of CWS also add links to pornography and gambling sites to the user's Desktop, Internet Explorer's bookmarks and history. Certain versions attempt to edit users' trusted sites and modify security settings as well as to hide from removal programs. Variants are often named for the effects they have such as msconfig, Msoffice, Mupdate, Msinfo and Svchost32.

Possible creators

The website claims that they are not responsible for the browser hijacking. They are though.[citation needed] They run an affiliate program which pays affiliates to direct others to their site which has paid advertising links. Coolwebsearch.com's terms of service use the laws of Quebec, whilst their DNS registration lists an address in the British Virgin Islands, and their web server appears to be run by HyperCommunications in Massachusetts. CoolWebSearch is also linked to CoolWebSearch.org and appears to be related to webcoolsearch.com. The names of the creators currently remain unknown.

Removal

There are programs such as CWShredder and McAfee's Beta Command-Line Scanner which can be used to remove the vast majority of CoolWebSearch variants from infected computers. Windows' System Restore can reportedly remove some, but possibly not all, variants of CoolWebSearch. However, due to the fact that CoolWebSearch can hide in the System Restore files, this is not a recommended solution, and it is probably wiser to clear System Restore than to use it.

"About:blank" is the generic name for different variants (CWS.Hiddendll, se.dll, CWS.Homesearch) which hijack the browser, cause pop-ups and reduce computer speed. These are some of the most common but hardest variants to remove. [1]

Variants

  1. CWS.Aboutblank
  2. CWS.Addclass
  3. CWS.Alfasearch
  4. CWS.Bootconf
  5. CWS.CameUp
  6. CWS.Cassandra
  7. CWS.Control
  8. CWS.Ctfmon32
  9. CWS.Datanotary
  10. CWS.Dnsrelay
  11. CWS.Dreplace
  12. CWS.Gonnasearch
  13. CWS.Googlems
  14. CWS.Hiddendll
  15. CWS.Homesearch
  16. CWS.Loadbat
  17. CWS.Msconfd
  18. CWS.Msconfig
  19. CWS.Msinfo
  20. CWS.Msoffice
  21. CWS.Msspi
  22. CWS.Mupdate
  23. CWS.Oemsyspnp
  24. CWS.Olehelp
  25. CWS.Oslogo
  26. CWS.Qttasks
  27. CWS.Q-url3
  28. CWS.Realyellowpage
  29. CWS.Searchx
  30. CWS.Smartfinder
  31. CWS.Smartsearch
  32. CWS.Sounddrv
  33. CWS.Svchost32
  34. CWS.Svcinit
  35. CWS.Systeminit
  36. CWS.Systime
  37. CWS.Tapicfg
  38. CWS.Therealsearch
  39. CWS.Vrape
  40. CWS.Xmlmimefilter
  41. CWS.Xplugin
  42. CWS.Xxxvideo
  43. CWS.Yexe
  44. CWS.Winproc32
  45. CWS.Winres
  46. CWS.Xmlmimefilter
  47. CWS.Aboutblank
  48. CWS.Systeminit
  49. CWS.Sounddrv
  50. CWS.Searchx
  51. CWS.Realyellowpage
  52. CWS.SysTime
  53. CWS.HomeSearch
  54. CWS.Look2Me
  55. CWS.MSFind
  56. CWS.Cassandra

Affiliate variants

  1. CWS.Aff.iedll
  2. CWS.Aff.Madfinder
  3. CWS.Aff.Tooncomics
  4. CWS.Aff.Winshow

References

  1. ^ The term about:blank when presented as a web address (URL) is interpreted by most modern web browsers as a command to render a blank HTML page.
Retrieved from "https://en.wikipedia.org/w/index.php?title=CoolWebSearch&oldid=205778976"