RE: Spyware becomes increasingly malicious

Michel_Py1 · July 12, 2004, 3:24am

Sean Donelan wrote:
Spyware isn't the best term for what is happening, but it
is quickly exceeding (or contributing) to all the other
problems associated with the online (not just Internet) world.

Indeed. Lately, I have not been able to clean a very annoying piece of
crud named "CoolWebSearch". Spybot will not always detect and never
remove; Ad-aware will likely detect but not remove either. None of the
other crapware removers I have tried could clean the machine either.

I have instructed helpdesk not to waste any time with it and
systematically re-image the infected PC
Fortunately, re-imaging a PC is now a matter of minutes.

Michel.

Dr_Jeffrey_Race · July 12, 2004, 4:00am

Try Bazooka spyware detector from <http://www.kephyr.com/>. This
detected for me a bunch of malware neither Spybot nor Adaware caught.

Jeffrey Race

Michael_Painter · July 12, 2004, 4:25am

You're right...it can be a sob to remove. CWShredder has worked well for me.

http://www.spywareinfo.com/~merijn/cwschronicles.html

--Michael

Rubens_Kuhl_Jr3 · July 12, 2004, 4:43am

Try booting into safe mode before running software to detect or remove
spyware; some of them fight to survive if they are running, dunno if it is
the case with CoolWebSearch.

Rubens

E.B_Dreger · July 12, 2004, 6:44am

Date: Mon, 12 Jul 2004 01:43:50 -0300
From: Rubens Kuhl Jr.

Try booting into safe mode before running software to detect
or remove spyware; some of them fight to survive if they are

Also use msconfig to disable non-critical extras. Some of us
have manually ripped out ActiveX controls and BHOs care of
regedit... but, alas, malware often has made enough registry and
other system changes that the system is left unstable or
inoperable.

CVs archives of { { system file MD5/SHA1 hashes } and { registry
dumps } }, anyone?

Eddy

William_Warren2 · July 12, 2004, 12:04pm

coolwebsearch has become more and more sneaky..so bad that development of cws shredder has been abandoned by its developer....Either serious lock down you ie(which with CWS is not going to help) or use something other than ie.

Edward B. Dreger wrote:

Gregh · July 12, 2004, 12:37pm

Are you honestly serious? I came up against it for the first time only about
3 days ago and I got rid of it in 10 minutes! I can see how it would be a
problem for a newbie but it shouldn't be anything more than 10 minutes work
for anyone here with Windows experience.

Greg.

Gregh · July 12, 2004, 12:43pm

crud named "CoolWebSearch".

Look I am not attempting to be flippant but do yourself a favour and
download HiJackThis and check out the registry entries that show up. It is
quite obvious how to remove it the moment you do that. As I said in my last
letter, it is all of 10 minutes' work if that. I cant even remember what the
damned registry entries were, now but it all comes in via SmilyeyCentral
(possibly other progs) so anyone annoyed by CoolWebSearch has to block
installation of that program.

Greg.

william_at_elan.net · July 12, 2004, 12:54pm

http://www.securityfocus.com/news/8998
"Jun 28 2004 7:38AM

US CERT (the US Computer Emergency Readiness Team), is advising people to
ditch Internet Explorer and use a different browser after the latest
security vulnerability in the software was exposed"

http://www.eweek.com/article2/0,1759,1622344,00.asp
"July 12, 2004

In the wake of last week's revelation of a security hole in Mozilla that
allows the execution of arbitrary programs on the client system a
philosophical debate has emerged: Is this a bug in Mozilla or a bug in
Windows?"