Cool Web Search making IE un-usable?
#1
Cool Web Search making IE un-usable?
I had a varient of this on my machine for weeks:
http://www.spywareinfo.com/articles/cws/
I did a fair amount of reserach and it looked like I had a new varient because I couldn't shift it with all the advice I found, apparently this is because it updates. First of all it did what most CWS varients do, it overtook IE, opened pop ups, made websites come up with fake links, and wouldn't let me go to windows update. Then it started to come up with a 'virus detected - access blocked' sign, with links to places to download spyware. LOL, the irony, bit like a cop stopping you to tell you have broken lights and breaking them for you.
Adware, spybot, and CWS shreader could find the reg edits, and the symptoms but as soon as they were removed they reinstalled.
'Hi Jack this' found these and indentified what version it was, BHO exploit and some other Java based nasties. More research gave detailed instructions to stop things loading at start up through tweaking the reg, and removing crafty URL's hidden all over the place in different fils, followed by running HT and it still hung around.
I ended up reformating and doing a fresh install with updates, quite nice to start fresh. But the website above suggests that you should stop using IE? That's not too much of a problem as I use Firefox 1 anyway, but there are still some sites that haven't been coded for FF!
Anyone else had this problem? It's annoying cause I haven't had a virus I have had to nuke the drive for in years.
http://www.spywareinfo.com/articles/cws/
I did a fair amount of reserach and it looked like I had a new varient because I couldn't shift it with all the advice I found, apparently this is because it updates. First of all it did what most CWS varients do, it overtook IE, opened pop ups, made websites come up with fake links, and wouldn't let me go to windows update. Then it started to come up with a 'virus detected - access blocked' sign, with links to places to download spyware. LOL, the irony, bit like a cop stopping you to tell you have broken lights and breaking them for you.
Adware, spybot, and CWS shreader could find the reg edits, and the symptoms but as soon as they were removed they reinstalled.
'Hi Jack this' found these and indentified what version it was, BHO exploit and some other Java based nasties. More research gave detailed instructions to stop things loading at start up through tweaking the reg, and removing crafty URL's hidden all over the place in different fils, followed by running HT and it still hung around.
I ended up reformating and doing a fresh install with updates, quite nice to start fresh. But the website above suggests that you should stop using IE? That's not too much of a problem as I use Firefox 1 anyway, but there are still some sites that haven't been coded for FF!
Anyone else had this problem? It's annoying cause I haven't had a virus I have had to nuke the drive for in years.
#2
Best thing to do is go into IE preferences -> Advanced and untick the following
- Enable Install On Demand (IE)
- Enable Install On Demand (Other)
- Enable Third-Party Browser Extensions (requires restart)
You could also block the Cool Web Search URLs via the Security tab Click the "no entry" icon (Restricted Sites) and then click the "Add Sites" button.
Finally, if you're on XP, make sure the account you use regularly is a Limited Account and not an Administrator. Most spyware needs admin rights to install so this will stop it in its tracks. Only use the Admin account when you need to install software or make configuration changes.
- Enable Install On Demand (IE)
- Enable Install On Demand (Other)
- Enable Third-Party Browser Extensions (requires restart)
You could also block the Cool Web Search URLs via the Security tab Click the "no entry" icon (Restricted Sites) and then click the "Add Sites" button.
Finally, if you're on XP, make sure the account you use regularly is a Limited Account and not an Administrator. Most spyware needs admin rights to install so this will stop it in its tracks. Only use the Admin account when you need to install software or make configuration changes.
#3
Cheers Class_A that's some good avice, I have already done the three IE bits listed, but I didn't know about the admin stuff.
It's a real little buggar, I have had some serious viruses on my system before, but never have I had to format. Scumbags.
It's a real little buggar, I have had some serious viruses on my system before, but never have I had to format. Scumbags.
#4
Or do it the easy way and use cool websearch shredder (CWS)
http://www.softpedia.com/public/cat/...0-17-150.shtml
http://www.softpedia.com/public/cat/...0-17-150.shtml
#5
I can remember this one being a bit tricky. My solution was to search for all *.dll;*.htm;*.html;*.url;*.lnk;*.exe files added/modified within the last day. Delete the dodgy ones if possible (not possible with some exe's or dll's). Remove any hijacking attempts in the registry (ad-aware will do this). Reboot using a system floppy and manually delete the exe+dll files.
Hope that helps.
Hope that helps.
#6
Originally Posted by bob269
Or do it the easy way and use cool websearch shredder (CWS)
http://www.softpedia.com/public/cat/...0-17-150.shtml
http://www.softpedia.com/public/cat/...0-17-150.shtml
Thread
Thread Starter
Forum
Replies
Last Post
Sam Witwicky
Engine Management and ECU Remapping
17
13 November 2015 10:49 AM