Remove CoolWebSearch. Removal instructions

Known variants:

CoolWebSearch/DataNotary: earliest known variant, hijacking to datanotary.com. Drops a CSS stylesheet file in the Windows folder and sets it to be used as the user stylesheet for all web pages viewed in IE. The stylesheet includes embedded JavaScript code which tries to guess when the user is viewing porn sites.



CoolWebSearch/BootConf: drops a user CSS file in the same way as DataNotary, but pointing at www.coolwebsearch.com. Also hijacks the home page and all search settings to point to coolwebsearch, and hacks the DNS Hosts file to redirect access of MSN address-bar search to coolwebsearch.com. The site names are obfuscated using URL-encoding (%XX) to make them difficult to read. A program bootconf.exe is set up to run on every startup, resetting the hijack. Finally coolwebsearch.com is added to the Trusted Sites list, along with msn.com, whom coolwebsearch are also impersonating.



CoolWebSearch/MSInfo: another user-CSS-hijacker, this time pointed at true-counter.com, currently redirecting to global-finder.com.



CoolWebSearch/SvcHost: a Hosts file hijacker, which works in a rather unusual way (probably to avoid being detected by anti-hijacker tools). Its targeted sites (Yahoo Search, MSN Search and all countries' versions of Google) are set in the Hosts file to point to 'localhost' (127.0.0.1). Since the local host (the computer the browser is running on) is most often not running a web server, this results in an error page; it is this error page that is then hijacked to the CWS site slawsearch.com.



CoolWebSearch/PnP: a search hijacker that hides inside the 'inf' folder usually used for storing device driver information. Its hijacker file oemsyspnp.inf is run on each startup, using a slightly different install command each time. This command cycles through install sections 'RunOnce', 'AudioPnP', 'VideoPnp', 'IdePnP' and 'SysPnP', though quite why is unknown as it does the same thing regardless of which section is used, namely hijacking home page and search settings to point at www.adulthyperlinks.com and www.allhyperlinks.com. It also adds activexupdate.com to the IE 'Safe Sites' list, for unknown purpose (this is not the same as the Trusted Sites Zone).



CoolWebSearch/MSSPI: a search results hijacker implemented as a Winsock2 Layered Service Provider (a fairly low-level networking component, which is tricky to remove). Targets Google, Yahoo and Altavista, opening advertising from unipages.cc.



CoolWebSearch/DNSRelay: an address bar search hijacker implemented as an IE URL Search Hook. As well as search phrases, entering any site name into the address bar without a leading 'http://' or 'www' will result in a search aimed at activexupdate.com, a CWS site redirecting through yellow2.com to allhyperlinks.com.

coolwebsearch sucks my large penis. If I could get my strong hands around the man who made this web site I would fuck him it the ass with a fist full of hot brass. If you are out there you cock fuck, i'm here and I have a gun. I will snipe you when you sleep.

The varient muxa.cc hijacker seems to be the worst yet. The designer/company responsible should be sentenced to organ harvest - while living.

Well from the sources of Merij.org (http://www.spywareinfo.com/~merijn/faq.html) they have information about CoolWebSearch. Giving that their text is small by default I'll post what they have about it:

Coolwebsearch is a company located in Russia. From their site [being Coolwebsearch]:
Cool Web Search is a Pay-Per-Click search engine. [..] If you get a lot of visitors on your website, we will pay you 50% for each search, that your visitors make on our search engine. We also will pay you 5% of the revenues earned by every webmaster you referred to us.
Since their emergence last year they have accumulated over 1000 affiliates, all with their own site.
We know the following people are running/working for CoolWebSearch:
Louise Vitte (founder)
Alex S. Hatkinson (programming)
Serge Stepantsov (programming)
Victor (site admin)

CoolWebSearch hires webmasters to promote their website. Those are the bastards that are hijacking browsers.

Then again, I hate CoolWebSearch. If they were a little more careful with their selection process, we wouldn't have these damn hijackings.

had the shit a while back , hijacked me to some crap site [cant remember name]. use "startuplist" to see which programs are opening when you boot . good chance you'll find the offender there. it may look like a valid program, bring up the program in the find file area,but, be careful when deleting the bastards, dont take out something vital !!!! also MAKE SURE you delete temporary internet & temp files before you do this , or lo & behold it'll be back. lastly go into your registry [ if you know your way around - it's a dangerous place to play otherwise] & reset your internet settings.

They added 10 sex sites to my Favorites List and nothing I've been able to do will delete them. They are reinstalled each time I boot my computer.

Please there must be someone out there, that can track these fu*ki*g jobless crokes and kill them :) this bastard has been the bain of my life for the past 15 hours

anyone know how to stop this ever stoping me for enjoning my life again???

ur right it's horrible. Try the free cwshredder.exe. Use google to locate it. Only known solution.

Had this awful variant on my machine for couple of days. Ran cwshredder....which detected CWS and supposedly cleaned it the first time it ran...but the browser kept getting hijacked. Ran Xoftspy v3.45...in safe mode too..which detected CWS....but again the damned thing kept returning. Subsequent runs of Xoft failed to detect CWS.....but it was there. Also cleaned up the temp internet directory, deleted new installations by the CWS program from "Program Files" and ran ADD REMOVE programs to uninstal any programs installed by CWS.....no success. Finally ran Lavasoft Ad-Aware v 6.0 which detected 57 traces of the bastard program in the registery. Since then the browser homepage has been restored.. Oh yes, don't forget to remove references to CWS parasite programs from the startup control panel.....WildCat

I've ran 5 different types of Spyware/Hijacker/BHO removers...Did CoolWWWSearch SmartKiller MiniRemoval...Couldn't find the fucker...Now getting SpyHunter...If this dun work...I'mma give my pooter flying lessons off my roof...At least then I'd get SOME amusement...Anyone know where these jackasses live ?

WELL.... Perhaps its time for the hijakers to get hijacked, humm picture that a jaking hijakers

i've used all the spyware removal imaginable like cwshredder, hijack this, lavasoft ad-aware, spyware doctor, spy sweeper but this cws thingy is still coming back... i dont want to reformat my windows so can anyone tell me how to remove it? and tell me where that bastard live so that i can kill him.. its so annoying and troublesome!! and oh, i already delete my temp internet file... gosh, who ever invented this should be hang upside down with a boiling water underneath... urghhh!!!

damn..i found mupdate,toolband,winres,googlems, and leftovers. all frickin variants of coolwwwsearch. it also keeps downloading other shit to my comp like winpup,isearchtech.istsvc,dyfuca, bargains buddy.....WOULD SOMEBODY FREAKING HELP ME???!!

ad-aware - spybot and other programs detect it but do not remove it. �´ve tried almost everything.

its more than a 55$, NONE of the spy ware programs I am using can get rid of this thing, including the version this site offers as a solution.



I don't know how to get rid of this thing.

Try
http://www.softpedia.com/progDownload/CWShredder-Download-8114.html

Run first PepiMK
and than
External Mirror

Worked for me after 2 days of trying various solutions.

Symantec and McAffee both have manual procedures.

Windows hosts file is where the problem exists, caused by the virus.

coolwebsearch Dot Com is gulity I dont care what they say. There gulity as charged. Take them down!

Bob

This Virus is the worst. I have had it one before and I used system restore and everything was fixed TRY THIS IS WORKS

But now I have it on my server at work (yes I'm the administrator) and I CANT GET RID OF IT!! Use firefox peoples