Posted by cotojo on September 3, 2007
This is a very nasty and insidious spyware/malware program. Spyware experts are now saying that the makers are borrowing code from other malicious programs to install rootkit like features on infected machines.
More recent versions of CWS spyware now have features similar to rootkits which allow the program writers to hide their files on Windows operating systems.
These new variants can hide their settings in the registry and also hide rootkit files in alternate data streams.
The software is usually installed on a machine by visits to malicious websites or emails using various ploys to get users to download and install the script.
Once installed, CoolWebSearch will hijack browsers and redirect users to some of the several bookmarks it imports. When you attempt to change your homepage back again it constantly overwrites it, it slows down general performance and causes Windows to freeze, crash or reboot, and can also make you victin to a Denial of Service (DOS) attack.
Getting rid of it is now much easier. TrendMicro have a free CoolWebSearch removal program
Use this utility to get rid of CoolWebSearch and it’s related programs.
Also download Spybot S&D and use its TeaTimer protection, which runs in the background and alerts you to any attempted registry changes.
If you are running Windows, also use Advanced Windows Care. Both of these programs will add a large number of changes to your Registry. This is nothing to be concerned about as the changes are necessary to stop any nasties from attching themselves to your pc and making changes you really don’t want.
Keep your anti-spyware up to date and if you click on any links that prompt you to download, read the EULA first.
Check for rootkits on your machine.
As with all programs, regular updates is essential to offer you greater protection.