Jump to content

CoolWebSearch, how to remove?

Farstrider

By Farstrider
in Networks and the Internet

 Share

Recommended Posts

Farstrider

Farstrider

Posted
  • Author
Posted

Thanks gamehead200, appreciate your response, but this is me trying to help another friend on a forum that I will not mention here for fear of retribution, (joke) :rolleyes: I think it sounds as if he has a CoolWebSearch.qttasks variant of the CoolWebSearch bug on his PC. He does not appear to be more than a rookie when it comes to software and repair problems. Someone suggested that he format the box and do a clean install and his response was to say that, no way was he going to lose his (sic) music collection! He obviousely has nerver heard of a back-up! I have tried a few ideas but he can not seem to remove the various components of this thing and has not posted a (HijackThis)log yet. Thanks again!

Link to comment
Share on other sites

gamehead200

gamehead200

Posted
Posted
Thanks gamehead200, appreciate your response, but this is me trying to help another friend on a forum that I will not mention here for fear of retribution, (joke) :rolleyes: I think it sounds as if he has a CoolWebSearch.qttasks variant of the CoolWebSearch bug on his PC. He does not appear to be more than a rookie when it comes to software and repair problems. Someone suggested that he format the box and do a clean install and his response was to say that, no way was he going to lose his (sic) music collection! He obviousely has nerver heard of a back-up! I have tried a few ideas but he can not seem to remove the various components of this thing and has not posted a (HijackThis)log yet. Thanks again!

Ask your friend to do what I said... I clean computers infected with all this crap and mainly use Ad-Aware, Spybot S&D, and HijackThis... Always does the job! :)

Link to comment
Share on other sites
enuffsaid

enuffsaid

Posted
Posted

As far as I know, none of the suggestions with regard to CoolWebSearch will help. Spybot S&D, Adaware with the (VX2 plugin), and CWShredder will NOT remove all "strands" of CWS.

CWS is almost virus like, it actively checks its existence in memory, and if a process is shutdown, it will restart it.

Try this... Check your HOSTS file (windows\system32\drivers\etc). Its most likely plasterd with entries that don't belong there. Remove all entries except the 127.0.0.1 localmachine. Close notepad, reopen it, and voila... all entries are back.

CWS has evolved into the nastiest of all ad-ware, and just like with virus scanners, if a particular strand is not know to the virus database, it will not be found by the virus scanner.

Honestly, I've found 2 machines from customers where ALL anti-spyware tools did NOT help... I've tried ALL tools mentioned here PLUS more. Even some extensive snooping of the registry myself. You can wait till CWShredder (which is your best chance) is updated to find and clean your strand of CWS infection, but if you want my advice, ...

format and reinstall with that handy unattended CD you probably have laying around. You'll be up and running again in a few hours and THEN you may consider Firefox. ;)

Good luck mate, CWS is HELL!

Check out this interesting read:

http://www.spywareinfo.com/~merijn/cwschronicles.html

EDIT: Please note that I'm not saying the usual anti-spyware tools can not delete CWS at all, I'm just saying if you're unlucky, you're infected with a new strand that cannot yet be removed.

Link to comment
Share on other sites
enuffsaid

enuffsaid

Posted
Posted

Well, I find 30 bucks a bit on the steep side when it come to removing things I've never even asked for or installed myself. :(

Also I see they reviewed the commercial version of Ad-Aware and note that it has 1 year support for updates. However, the FREE version of Ad-Aware is EXACTLY the same, but comes without Ad-Watch. And I've had free updates for over a year now.

Also, I'd like to see how often each of those programs tested update their definition files. I find that an important factor in spyware protection.

I feel safe with the freeware alternatives, including Firefox. :D

Link to comment
Share on other sites
epic

epic

Posted
Posted

Should always disconnect an internet connection, reboot then run your antivirus program with NO connection to the net. Reboot, the clean again at the boot prompt.

If that doesnt work... consider doing a low format and reinstall windows.

Link to comment
Share on other sites
LoLo

LoLo

Posted
Posted
As far as I know, none of the suggestions with regard to CoolWebSearch will help. Spybot S&D, Adaware with the (VX2 plugin), and CWShredder will NOT remove all "strands" of CWS.

CWS is almost virus like, it actively checks its existence in memory, and if a process is shutdown, it will restart it.

Try this... Check your HOSTS file (windows\system32\drivers\etc). Its most likely plasterd with entries that don't belong there. Remove all entries except the 127.0.0.1 localmachine. Close notepad, reopen it, and voila... all entries are back.

CWS has evolved into the nastiest of all ad-ware, and just like with virus scanners, if a particular strand is not know to the virus database, it will not be found by the virus scanner.

Honestly, I've found 2 machines from customers where ALL anti-spyware tools did NOT help... I've tried ALL tools mentioned here PLUS more. Even some extensive snooping of the registry myself. You can wait till CWShredder (which is your best chance) is updated to find and clean your strand of CWS infection, but if you want my advice, ...

format and reinstall with that handy unattended CD you probably have laying around. You'll be up and running again in a few hours and THEN you may consider Firefox. ;)

Good luck mate, CWS is HELL!

Check out this interesting read:

http://www.spywareinfo.com/~merijn/cwschronicles.html

EDIT: Please note that I'm not saying the usual anti-spyware tools can not delete CWS at all, I'm just saying if you're unlucky, you're infected with a new strand that cannot yet be removed.

Nice post. CWS is true crap.

It is officially known as a trojan now.

It has some versions that NOTHING short of a format and reinstall will cure. I know, I work as a assistant at Tom Coyote a help site tied in with SpyBot and the network hosting the spybot forums. Am still going to Tom Coyote Collage of spyware they teach. A unreal eye opener into the world of creapy software.... You need a invite to go and then are required to help on the forums. I figgured it would be a good way to learn more about the stuff and find better ways to remove it. Little did I know the severity of the thing.

Some of its Attributes are...

ability to re-name itself.

ability to detect spyware removers.

ability to re-locate to a differnt directory after deletion.

ability to mimic file attributes of other files.

and thats just a short list.

It's like someone went to the top software engineers in the world and asked them to design the most frustrating, difficult to remove software they could imagaine themn give it to a money hungry ad company.... :realmad:

*note, theres a off shoot off cws called XS2 and a few similar names that is trying to take the top #1 rank from cws.

Also FireFox isnt the answer as many forms of nasty are able to bypass it and do its thing. I have proof of it in screenshots where the offending software was in FF's cache. Also FF has many bugs. far more than IE. I use both IE and FF. IE for its compatabilitie and FF for some of its awesome extensions, but if it wernt for the addon abilities I wouldnt even consider FF.... Incompatable with nearly half the web and not able to update your OS isnt what I call a advantage. Give it 10 years and it may well be the #1 browser, until then IE is king and properly setup it's as safe as any.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...