Thursday, November 13, 2008

CoolWebSearch Hijacker

Click here to remove CoolWebSearch malware
CoolWebSearch description:
CoolWebSearch Category:Hijacker,BHO,Toolbar,Popups
Hijackers are software programs that modify users' default browser home page,
search settings, error page settings, or desktop wallpaper without adequate notice, disclosure,
or user consent.
The BHO (Browser Helper Object) waits for the user to post personal information to a monitored website.
As this information is entered by the user, it is captured by the BHO and sent back to the attacker.
Toolbar presents itself as a helpful add-on for Internet Explorer but it is a real pest.The pop-ups generally will not be stopped by pop-up stoppers, and often are
not dependent on your having Internet Explorer open.

Detection CoolWebSearch :

CoolWebSearch Files:
[%PROGRAM_FILES_COMMON%]\svchost.exe
[%SYSTEM%]\inetsrv.exe
[%WINDOWS%]\iedll.exe
[%WINDOWS%]\svchost.exe
[%WINDOWS%]\TEMP\win1D24.tmp.exe
[%WINDOWS%]\TEMP\win28B8.tmp.exe
[%WINDOWS%]\TEMP\win35D.tmp.exe
[%WINDOWS%]\TEMP\win3842.tmp.exe
[%WINDOWS%]\TEMP\win52ED.tmp.exe
[%WINDOWS%]\TEMP\win7C0D.tmp.exe
[%WINDOWS%]\TEMP\win??.tmp.exe
[%WINDOWS%]\TEMP\winBFA5.tmp.exe
[%WINDOWS%]\TEMP\winC02.tmp.exe
[%WINDOWS%]\TEMP\winD43.tmp.exe
[%WINDOWS%]\TEMP\winD58.tmp.exe
[%WINDOWS%]\Temp\winF.tmp.exe
[%PROGRAM_FILES_COMMON%]\svchost.exe
[%SYSTEM%]\inetsrv.exe
[%WINDOWS%]\iedll.exe
[%WINDOWS%]\svchost.exe
[%WINDOWS%]\TEMP\win1D24.tmp.exe
[%WINDOWS%]\TEMP\win28B8.tmp.exe
[%WINDOWS%]\TEMP\win35D.tmp.exe
[%WINDOWS%]\TEMP\win3842.tmp.exe
[%WINDOWS%]\TEMP\win52ED.tmp.exe
[%WINDOWS%]\TEMP\win7C0D.tmp.exe
[%WINDOWS%]\TEMP\win??.tmp.exe
[%WINDOWS%]\TEMP\winBFA5.tmp.exe
[%WINDOWS%]\TEMP\winC02.tmp.exe
[%WINDOWS%]\TEMP\winD43.tmp.exe
[%WINDOWS%]\TEMP\winD58.tmp.exe
[%WINDOWS%]\Temp\winF.tmp.exe

CoolWebSearch Registry Keys:
HKEY_CLASSES_ROOT\Interface\{95B92D92-8B7D-4A19-A3F1-43113B4DBCAF}
HKEY_CLASSES_ROOT\TypeLib\{5297E905-1DFB-4A9C-9871-A4F95FD58945}
HKEY_CURRENT_USER\Software\SerG

CoolWebSearch Registry Values:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Removing CoolWebSearch:

you can run trial version of ExterminateIt, or remove CoolWebSearch manually.

To completely manually remove CoolWebSearch malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with CoolWebSearch.

Also Be Aware of the Following Threats:
Win32.Small Trojan Symptoms
INetSpeak.eBoom Adware Removal
VTLBar Adware Removal
Dubrundl Downloader Removal
CWS.MUpdate Trojan Cleaner

posted by belviacalawayrageby at 3:26 PM

0 Comments:

Post a Comment

Subscribe to Post Comments [Atom]

<< Home