http://wired.com/news/infostructure/0,1377,63280,00.html?tw=wn_techhead_2
Nasty Malware Fouls PCs With Porn
By Michelle Delio
02:00 AM Apr. 30, 2004 PT
Last Sunday, Maria DelGiorno gave up. She unplugged her laptop PC and carefully placed it underneath a statue of the Virgin Mary.
"It was the only thing I could think of doing," said the 67-year-old great-grandmother. "The computer was filled with filthy things. It was embarrassing. My grandchildren kept asking me why I was looking at so much pornography."
On Tuesday, DelGiorno's grandson retrieved the computer and examined it. With some help from a computer-savvy friend, Joe DelGiorno discovered that a browser-hijacking program called CoolWebSearch, also known as CWS, had turned his grandmother's mild-mannered computer into a XXX-rated adventure.
"She had dozens of bookmarks for really foul porn sites," said Joe DelGiorno. "And ads for porn were popping up every few minutes. Her homepage had been switched to some weird Web page. She was all upset and crying; she's a religious woman. She shouldn't have to deal with this garbage. If I find the people who did this to her I will make them suffer."
Judging by the many postings in newsgroups and on PC help sites, plenty of people would be happy to join Joe DelGiorno in his quest to find the programmers behind CWS, the latest and most malicious of several browser hijackers that are making some Internet users miserable.
Browser hijackers are malicious small programs that change browser settings, usually altering designated default start and search pages. But CWS is far uglier than other infamous browser hijackers such as Xupiter and Lop.
According to Merijn Bellekom, who has been tracking CWS and its many variants -- more than two dozen since CWS first appeared last summer -- CWS is "the most complex, invisible and devious hijacker" ever programmed.
CWS-infected computers are often plagued with a constant barrage of pornography pop-up ads. A hundred or more bookmarks, some for extremely hard-core pornography websites, are often added by CWS to Internet Explorer's Favorites folder.
Almost all versions of CWS significantly slow the performance of infected computers, and some can cause the system to freeze, crash or randomly reboot. CWS also collects and transfers personal information from the infected PC. A few versions of CWS can add websites to Internet Explorer's "trusted sites" zone, which allows those websites to install new programs on the infected PC without the computer owner's knowledge or permission. Several CWS variants are capable of automatically self-updating their programming code.
A few versions of CWS block a user's access to more than two dozen websites that offer advice on how to detect and delete spyware. Some CWS versions also disable firewall programs.
People who are familiar with computers will often check host processes information to find out what applications are running in the background on their computers. One version of CWS can be active in the system but does not appear in host processes, according to Bellekom and other sources.
Signs that one of CWS' two dozen variants is present in a computer include home and search pages that have been reset to one of the 80 or so domains that appear to have an affiliation with CoolWebSearch.com. Any URLs that are entered without "www" will be redirected to porn, search or other sites apparently affiliated with CoolWebSearch.com.
Full Article: http://wired.com/news/infostructure/...=wn_techhead_2
My grandchildren kept asking me why I was looking at so much pornography."
Thats the best quote ever....Sorry it's just funny.... thats odd though because im sure everyone has seen cool web search at least once before and thats never happened to me...Her grandchildren were probably using her computer as a spank factory... I mean its free porn poping up every 2 seconds... great stuff this Cool Web search...
P2P is cool....But P3P.. Oh boy!!
"The computer was filled with filthy things" Whose isn't? lol
Just in case anyone has gotten this Here's a fix: http://www.majorgeeks.com/download4086.html
This page has some good info: http://www.spywareinfo.com/~merijn/downloads.html
Oh damn I did not know what I was looking at on my computers went to yours lol my bad :P
-NEVER ARGUE WITH A FOOL; HE WILL SOON BEAT YOU WITH EXPERIENCE
-EAT AND SLEEP. YOU MIGHT THINK THAT'S A GIVEN BUT NO-IT'S NOT. EAT AND SLEEP. IDIOT.
ROFL ! But to be serious, I'm glad I haven't met this CWS yet..Originally Posted by johnsmatrix
:fire
I past by version of this and clean it up. You need to remove the file name that runs at windows startup so it wouldn't be in memory when you restart. Do a restart and clean up the reg of this trash, do a search for "search". Remove any that has "Cool Web Search" and run ad-aware and spybot search & destroy. If you have Norton 2004 then make sure it up to date and run that. Never leave script, Java, plugin on including activeX plugin in unless you know the web site doesn't use spyware, mailware, and/or adware but use scripts, etc. I never got anything major on my computer that cause this much problem. I think I might had a hacker from time to time but that all. I like Windows 98 because when Windows restarts my Temp, Tempary Internet, Newsgroup files that where download and the recycle bin all get cleared including the content.ie5 folder.
It lots of work but I do keep it clean.
:hole
Posting Permissions
Reply With Quote
Bookmarks