Talk:CoolWebSearch

This article is within the scope of WikiProject Computer Security, a collaborative effort to improve the coverage of computer security on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.Computer SecurityWikipedia:WikiProject Computer SecurityTemplate:WikiProject Computer SecurityComputer Security articles

???

This article has not yet received a rating on the project's importance scale.

This article is supported by WikiProject Computing.

Things you can help WikiProject Computer Security with:

Article alerts will be generated shortly by AAlertBot. Please allow some days for processing. More information...

Answer question about Same-origin_policy
Review importance and quality of existing articles
Identify categories related to Computer Security
Tag related articles
Identify articles for creation (see also: Article requests)
Identify articles for improvement
Create the Project Navigation Box including lists of adopted articles, requested articles, reviewed articles, etc.
Find editors who have shown interest in this subject and ask them to take a look here.

Untitled[edit]

With refrerence to CoolWebSearch System Restore will not always work... It does not restore the miscellaneous non-executable files, and CWS.Hiddendll may have some hidden files with seemingly non-executable file extensions (which restore the whole hijack again).

Well, that's exactly why the article said "may work in some cases". And, in fact, it does work for some variants that can be detected with Ad-Aware, but not removed. For example, there's a variant which kidnaps search queries from some search engines, like Google or AltaVista, and which shows "iFriends" pop-ups. That variant can be removed with System Restore. Unfortunately, I don't know what the name of the variant is. That's why the different variants should be described in the article.

There's an example on Google Groups: [1]. 2004-12-29T22:45Z 18:15, 12 Jun 2005 (UTC)

OK!

When someone's got some time, have a look at this Slashdot discussion. The article needs updating

- http://it.slashdot.org/it/05/08/06/170224.shtml?tid=172&tid=158

Notes from a traveling computer technician: System Restore rarely works, in fact most of the cases I've seen you cannot remove CWS until the System Restore is deleted (via System Properties). The CWS hides in the System Restore and then re-infects the system on reboot after you delete it from the systems32 directory (or wherever on the system). System Restore is not a good option for virus removal, or for anything for that matter (maybe hardware problems?). I usually remove CWS by first turning off system restore, and then deleting temp files with CCleaner (within each user) After that, I use AVG (www.grisoft.com or free.grisoft.com), Ad-aware, hijackthis, msconfig, sometimes CWShredder, and sometimes About Buster. I'll usually have to remove some programs in Ad/remove programs as well. It's hard these days to tell what's CWS and what's other spyware/adware/viruses because CWS pulls in so much other junk. One other thing to note is that Norton does not work for this! Mcafee usually will and I think Avast does too, but Norton completely drops the ball on this one.

Untitled[edit]

Completely not able to verify this but I was a high level user at Spywareinfo and talked to the creators on IRC in 2003. They are Russian, as are the developers of most of the variants at that time.

mywebsearch[edit]

I've picked up some malware which directs me to a site called "mywebsearch" or "My Web Search" when I type a bad web address into IE. The name is ominously similar to that of coolwebsearch. Is it worthy of adding a new section?

The homepage is here [2] but I wouldn't touch it with a ten fot long bargepole.

Reply:

I don't know. I mean the virus/malware works the same way and does the same sort of things. Maybe these should all be under the catagory of browser hijackers? Anyway did you get rid of it? If not, read above for some guidance.

Another reply:

Get rid of it. It's related to CWS.

MyWebSearch Is Not Part Of CWS[edit]

Please do not accuse Mywebsearch of being "related" to CWS. MyWebSearch is owned by IAC which is part of Ask.com and Excite. The toolbar however is questionable and it is common for the the 404 pages to be handled with mywebsearch.com when you installed the toolbar. http://siteadvisor.com/sites/mywebsearch.com. However this has nothing to do with CWS and can anyway this can easirly be removed by the Add/Remove process.

FACT: It has no relation to CWS browser hijacks or malware, and it not nearly as malicious.

Thank you. CJP

Reasons for putting cleanup and inappropriate tone tags back[edit]

"You" and "Your" is inappropriate tone for encyclopedia.
None of the sources actually say that CWS is a keylogging program.
Wikipedia articles should not include instruction - advice (legal, medical, or otherwise), suggestions, or contain "how-to"s.
Very few references.

--RainR 09:20, 4 April 2006 (UTC)[reply]

That reference there isn't an appropriate reference for CWS being a keylogging program. It's just misquoting what SunbeltSoftware said. http://sunbeltblog.blogspot.com/2005/08/coolwebsearch-issues-statement.html --RainR 09:49, 4 April 2006 (UTC)[reply]

Cleaning Up[edit]

This article is strongly POV so I've tried to remove some of the biased claims about CWS. I've also removed the information about Look2Me, as L2M is considered a variant of VX2, not CWS, by all major anti-virus and anti-spyware vendors. I'm also removing the text about CWS being a keylogger. It does not log the user's keystrokes, and as such can not be considered a keylogger. The only source to support that seems to be a misquoted Sunbelt article.

IP to CWS says that it's currently in LA[edit]

66.250.74.150 That IP adress belongs to CWS, here is some more info.

IP address country: United States
IP address state: California - Los Angles
IP address city: Los Angeles - Chicago

ISP: Cogent Communications

Any of the above is not confirmed, just the IP adress is, it's very hard for some reason to know the region & the state of the IP.