CoolWebSearch is winning Trojan war

By Jan Libbenga
Published Tuesday 29th June 2004 09:05 GMT

Merijn Bellekom has abandoned developing software that removes one of the nastiest browser hijackers on the planet: CoolWebSearch, a trojan that converts your PC into a source of revenue for fly-by-night porn sites not capable of generating legitimate Web traffic.

The trojan installs dozens of bookmarks to foul porn sites on your desktop; it also adds a toolbar to Internet Explorer and changes your home page without asking. And it significantly slows down the performance of your PC, and introduces some modifications which cause Windows to freeze, crash or randomly reboot.

It takes a brave Dutch student, Merijn Bellekom, to remove the hijacker effectively; but CWS seems to be winning, leaving users at risk.

Bellekom has just released the latest version of his CWShredder (1.59), the only antidote to the trojan, but warns that his app won't be updated again: "I have a few bugs to fix, but after that there's not much left to do. I simply do not have the tools to remove the latest variants. They are too aggressive or too complicated to allow for automated removal."

READ FULL ARTICLE (http://www.theregister.co.uk/2004/06/29/cws_shredder/)

that sucks, I just recommended his tool to someone who had the trojan... sad to see the good guys losing.

i use this tool all the time its a shame hes giving up on it :melllow it picked up spyware that both spybot and ad-aware missed

the good guys arent losing.

using internet explorer is plain stupid these days, even CERN said not to use it and gates says set all security to high and disable javascript, active scripting and activex.

windows just isnt a good computing environment anymore, it's limiting and downright dangerous if you have any unencrypted important data.

Windows is fine. It's "Joe Consumer" who isn't interested in getting educated about security that is part of the problem.

This really sucks, my dad has CWS, I've been trying for weeks to remove it with CWS shredder, Ad-Aware, and Spybot combined. I even use tea timer to stop this from setting settings, but it still manages to get by even when I set to block all changes. I really don't want to reinstall his stuff, but he can barely use his computer.

How true Phalk, and I guess its time for me to finally dump IE for Firefox, unless you could reccommend a better option.

I wonder if that's the whole story...

Merijn seems to have given up shortly after the barrage of Ddos attacks that were hitting spyware cleaning sites - his included.

I don't blame him, especially when you read some of the snarly, snarky comments those volunteer spyware cleaners get from the people who's system they're trying to help clean. Most of the people they help don't even bother to say thank you. You have to wonder why they even bother trying to help people.

Oh well... Another soldier down. There's still the Spywareinfo.com message boards along with Tom Coyote's and Net-integration. They'll patiently plug through people's Hijackthis logs and try to clean the new variants of CWS and other scumware, as best they can.

BTW didn't Merijn also create the amazing HijackThis program.

These guys are also taking advantage of a weakness in chm help files. Since I almost never use them I've changed the default to notepad. If I want to use a chm it's easy enough to right click and open with the proper thing.