Main Menu
Home
Bookmark
Contact Us



 
CoolWebSearch Browser Hijacker Information

Name: CoolWebSearch
Category: Browser Hijacker
Advice: Remove
Risk: Elevated Risk Elevated threats are usually threats that fall into the range of adware in which data about a user's habits are tracked and sent back to a server for analysis without your consent or knowledge.
Description: CoolWebSearch is a name given to a wide range of different browser hijackers. Though the code is very different between variants, they are all used to redirect users to coolwebsearch.com and other sites affiliated with its operators.

CoolWebSearch is part of a strain of trojans that have recently been identified that all have one thing in common: they install through the ByteVerify exploit in the MS Java VM and change the IE homepage, search page, search bar, etc.

CoolWebSearch Symptoms:
- Hijacks to various search engines. Different variants of CoolWebSearch will redirect you to different sites.
- When a URL is mistyped in the browser, CoolWebSearch will redirect the page to affiliate websites as well as CoolWebSearch.com.
- Installs bookmarks to adult websites in the favorites menu.
- Installs toolbars into the browser.
- Slows down PC.
- Can cause reboots.
- Targets anti-spyware websites, usually vendors of spyware removal tools. Once infected with CoolWebSearch, you may be unable to visit these websites to download their products.
- Will open porn popups if it thinks the website being viewed is pornographic in nature.
- Can cause significant slowdowns when attempting to type into a browser.
- Will add CoolWebSearch.com to the trusted sites list.

CoolWebSearch has a number of variants:

CWS.Aboutblank
IE pages changed to about-blank.ws and 213.159.118.226 (1-se.com), hijack returning on system restart. This variant does everything in its powers to redirect you to a domain owned by 1-se.com. IE is hijacked to it, the hosts file is replaced to redirect about 100 porn and CWS domains to 1-se.com, and a randomly named stylesheet is dropped that redirects to 1-se.com when certain keywords appear in webpages.

CWS.Smartfinder
IE hijacked to nkvd.us and smart-finder.biz, redirections to nkvd.us and smart-finder.biz when typing incomplete URLs into address bar.

CWS.Datanotary
There only were several threads of users experiencing enormous slowdowns in IE when typin messages into text boxes. Delays of over a minute before the typed text appeared were reported. Also some redirections to www.datanotary.com were reported. The hijack installed a stylesheet that used a flaw in Internet Explorer and allowed a .css stylesheet file to execute Javascript code. The code in the file was encrypted, and spawned a popup off-screen that did the redirecting. However, this file was called on almost every action taken in IE, slowing it down - this was the most obvious when typing text.

CWS.Gonnasearch
IE hijacked to gonnasearch.com.

CWS.Xrectar
A browser helper object that changes your Home Page and open pop-up windows based on the currently visited url.

CWS.Xplugin
also known as TROJ_ESEPOR.A, TROJ_ESEPOR.B or TROJ_ESEPOR.C, operations seems to vary from opening pop-up windows, to changing search results from popular search engines.


Signatures: process: svc.exe: MD5 Hash: ... process: iedll.exe: MD5 Hash: ... process: loader.exe: MD5 Hash: ... process: SNDBDRV3104.EXE: MD5 Hash: ... process: systeminit.exe: MD5 Hash: ... process: WINPROC32.EXE: MD5 Hash: ... process: y.exe: MD5 Hash: ... process: olehelp.exe: MD5 Hash: ... process: quicken.exe: MD5 Hash: ... process: editpad.exe: MD5 Hash: ... process: qttasks.exe: MD5 Hash: ... process: quicken.exe: MD5 Hash: 7eff0177688b9e6d003... process: quicken.exe: MD5 Hash: 629f051759edec6a8a2... process: msupdate.exe: MD5 Hash: ddc50d3f88bc7dc3dd9... process: ADDCLASS.EXE: MD5 Hash: ... process: addclass.exe: MD5 Hash: c470774b3885df27723... process: svcinit.exe: MD5 Hash: ... process: svcinit.exe: MD5 Hash: ... process: mssys.exe: MD5 Hash: ... process: info32.exe: MD5 Hash: ... process: ctfmon32.exe: MD5 Hash: ... process: msinfo.exe: MD5 Hash: ... process: msinfo.exe: MD5 Hash: 387196ac17e040b9845... process: svchost32.exe: MD5 Hash: 3a488b868cad71faaf9... process: qttasks.exe: MD5 Hash: 42915d88dac8e5cf16e... process: directx.exe: MD5 Hash: 94c37a07eacd011fc9f... process: msupdate.exe: MD5 Hash: 30a552ce381376e5b5b... process: msupdate.exe: MD5 Hash: d6a83ac5d83ba6615b0... process: notepad32.exe: MD5 Hash: ... process: notepad32.exe: MD5 Hash: ... process: sdkif.exe: MD5 Hash: ... process: winlgn.exe: MD5 Hash: 6c96d774347b2ee484e... process: msupdate.exe: MD5 Hash: 5f5b184e9834a4b8a1b... process: hostv1.exe: MD5 Hash: 219bd1bd1c81c83a66f... process: ntnc32.exe: MD5 Hash: 048ad50781862008049... process: d15.exe: MD5 Hash: 240503672ee856cac52... process: efve.exe: MD5 Hash: f7682775685b3d3cabb... process: gx9fzj83m9.exe: MD5 Hash: 573a07eae1d8af7512a... process: HLInstaller3.exe: MD5 Hash: f1e2f1eedd5a15c432b... process: HyperLinker3.exe: MD5 Hash: dd7e29173836653dada... process: InstaFinder_inst.exe: MD5 Hash: 8c117a88faa84e13731... process: oyqsnell.exe: MD5 Hash: 9c32fbccf9644b01296... process: suka.exe: MD5 Hash: 4b3b740ae9aeeb31a84... process: suicidetb.exe: MD5 Hash: 17959b8c4e9f0a29a3b... process: tibs5.exe: MD5 Hash: 081741557fb25f69ec4... process: Xhrmy.exe.bak: MD5 Hash: 58e15f7301e37924ba2... process: kdczsrv.exe: MD5 Hash: 786f139add9e48c87e5... process: pzplpq.exe: MD5 Hash: bd7acf2b49878aa9274... process: actalert.exe: MD5 Hash: e4c6a22c692d8455eec... process: auf0.exe: MD5 Hash: 53cbce799bfa4c9f0f2... process: bundle.exe: MD5 Hash: 61a956c596e887ada4c... process: djtopr1150.exe: MD5 Hash: c9fb2dea9d9237b6d50... process: emusic.exe: MD5 Hash: baedb6491f046c41bc5... process: esyndicateinst.exe: MD5 Hash: 0debf728545ad706fe3... process: exploit.exe: MD5 Hash: 2af246a945f48942f3c... process: f10213.exe: MD5 Hash: 89580e1e71a485a6231... process: f33095.exe: MD5 Hash: ce6147cb2f18daf3354... process: feat2.exe: MD5 Hash: 1a436479eeaf1d52f21... process: feat.exe: MD5 Hash: f96ef1d4d3aa1e5dce3... process: file[1].exe: MD5 Hash: cc488685a238e336d66... process: Fingerprint.exe: MD5 Hash: de7ee6af147f5baa1de... process: grkyrtc.exe: MD5 Hash: 7785220631cb9fe6b59... process: htH0.exe: MD5 Hash: 0ab80f2d66449106a73... process: iecust.exe: MD5 Hash: 5a97e1a9fcd78e3f7c7... process: iecust.exe: MD5 Hash: cb729a7596dd01df44a... process: iinstall.exe: MD5 Hash: 0f3c75fa0c9bbf31a3c... process: jkill.exe: MD5 Hash: 3ebfd187e43df9b4527... process: kspnaaaa.exe: MD5 Hash: bd2f04118f1caac7353... process: ipvcx6.exe: MD5 Hash: 10b15f0b170d34f7ad9... process: nbtrstat.exe: MD5 Hash: 7e36e821a9ffc236b35... process: netupd32.exe: MD5 Hash: fe9e72f1e32cb077307... process: wowdbe.exe: MD5 Hash: c741de1b247d6a8ed0f... process: msupdate.exe: MD5 Hash: 5ffb606ea5c67359b19... process: ipwd.exe: MD5 Hash: d166981e5b0040acdf4... process: irleprfg.exe: MD5 Hash: 9fd5d96733cfa272b9a... process: ctfmon32.exe: MD5 Hash: 76549f6207ea7c69ae7... process: services.exe: MD5 Hash: 49899e502b6bc791cba..
Type: Browser Hijacker - Browser hijackers are malicious programs that change a user's web browser settings, usually altering designated default start and search pages. In addition a browser hijacker can modify nearly every aspect of a web browser including adding bookmarks, and redirecting search traffic to alternative sites.



Top Browser Hijacker Visited Pages:
SuperSpider - Alias: Network Security Guard, Melcosoft - 570 visits
Tubby - Alias: MakeMeSearch, CoolWebSearch.Tubby, Spyware.Arau, Trojan.Win32.StartPage.ih, Trojan.StartPage-FJ - 211 visits
Spyass.com - 123 visits
SecurityToolbar.DesktopScam - 122 visits
EUniverse Updater - Alias: WUpdate, eUniverse Flowgo toolbar, eUniverse SirSearch, SearchUpgrader, Search Upgrader - 120 visits
CoolWebSearch - Alias: CWS, Cool Web Serach, CoolWwwSearch - 115 visits
CrackSpider - Alias: Troj/Favadd-D - 106 visits
Trojan.StartPage - Alias: SearchCentral - 86 visits
Paytime - 84 visits
IEHijacker.Q - 80 visits

Random Browser Hijacker Pages:
Trojan.StartPage - Alias: SearchCentral
SP32 HomePage
SCBar - Alias: SearchEnhancement, WindowEnhancer, SearchExe
SearchV
IST.XXXToolBar
AdBlock
WishBone Toolbar
Msvrl Winsock Hijack
NetSource101
Adpowerzone.BHO


 


2006-2008 spyware32.com - Privacy Policy