Cool Web Search "Shredder" Update 03/12/03

[siljaline]

<snip>
A small utility for removing CoolWebSearch
(aka CoolWwwSearch, YouFindAll, White-Pages.ws and a dozen other names).
Spybot S&D tends to forget essential parts of the hijack, so until it updates,
you can just this to completely remove the hijack.
Updated to remove the new variants once they come out.
</snip>

The utility >
(http://www.spywareinfo.com/~merijn/files/cwshredder.zip)

Unzip - close *all* instances of IE & OE, hit the executable and follow
the prompts.

MS-MVP used and approved tool - you are encouraged to run it.
Check for updates frequently, use the Update Feature in the Tool.

Please feel free to post this information to groups not listed here.

Regards,



--
siljaline

MS - MVP Windows IE/OE
______________________

(Reply to group, as return address
is invalid - that we may all benefit)

 

[john]

Not for me, thanks.
Do a Google search for it and check out a few of the forum discussions.
It appears it's prone to damaging the Registry badly enough to the point of
no-boot.

 

[PA Bear]

Bah/Phooey/Horse-hockey! CoolWebSearch *itself* is far more troublesome.
--
HTH...Please post back to this thread

~Robear Dyer (aka PA Bear)
MS MVP-Windows (IE/OE), AH-VSOP

Protect Your PC
http://www.microsoft.com/security/protect/default.asp

 

[Mad Max]

"john":
No wonder you need CW Shredder, you've been to Google.
My last visit to Google netted me two viruses , a Trojan Horse and a
Homepage Hijacker, not to mention assorted adware crapola.
If you find anything better than CW Shredder to clean your machine , please
let everyone know what it is.
Mad Max

 

[Mike M]

Rubbish! You would prefer CoolWebSearch and all the troubles that that
entails?

 

[HillBillyBuddhist]

"john":
No wonder you need CW Shredder, you've been to Google.
My last visit to Google netted me two viruses , a Trojan Horse and a
Homepage Hijacker, not to mention assorted adware crapola.

For the record visiting Google did not infect your or anyone else's
computers. Foolish and unsafe computing practices following a visit to
Google may well have. The result and ramifications of such practices lie
solely on the head of the user and have nothing whatsoever to do with having
visited Google.

--
D

I'm not an MVP a VIP nor do I have ESP.
I was just trying to help.
Please use your own best judgment before implementing any suggestions or
advice herein.
No warranty is expressed or implied.
Your mileage may vary.
See store for details.

Remove shoes to E-mail.

 

[Burt]

To All,
I have not had any problems with Shredder. Great program.
Also, I have NEVER picked up any problems from GOOGLE.
What type stuff are you looking for on Google?? Hmmmmmmm
--
Burt
The Old Alaskan
MVP's listed on TECKPAGE
http://www.cvinternet.net/~smokydog
http://www.cvinternet.net/~smokydog/teckpage.htm

Rubbish! You would prefer CoolWebSearch and all the troubles that that
entails?

 

[purplehaz]

You didn't get any of those things from going to or using google. You got
them because your not practicing safe internet practices. Google is the best
search engine on the internet and one of the top tools on the internet.
Every good IT professional uses google as well as millions of other
professionals. If your trying to help people out in newsgroups and you're
not using google, then you have no business helping and your not a good tech
either. Google is a valuable tool and should be the very first place you go
when looking for any information on the internet. 90% of the problems in
here can be solved by doing a simple google search.

 

[john]

If you're concerned about CoolWebSearch, run either or preferably both
AdAware & Spybot - both non-volatile & both will find CoolWebSearch.

 

[john]

ROFL. Get your facts right. Google will not infect you, the virus uses
"pseudo-Google" addresses.

Or to be more explicit, it adds several google addresses (google.de,
google.ch, google.ca, etc) search.yahoo.com, and search.msn.com to the HOSTS
file, telling windows that the IP addresses for those sites is 127.0.0.1,
and that's where it's webserver is listening.

As mentioned elsewhere in the thread, always run AdAware & Spybot instead.
Both will find that virus and its variants, but MOST importantly, with those
two progs YOU have full control over what is done about it.

 

[John John]

My last visit to Google netted me two viruses , a Trojan Horse and a
Homepage Hijacker...

Baloney! Learn how to use the Internet instead of blaming Google.
Google does not surreptitiously install toolbars and BHO's. You had to
download and install them on your own will and accord. You probably did
the same with the other stuff...

John

 

[PA Bear]

Kinda/sorta/maybe... The spy/hijackware experts have been finding new CWS
variants every single day lately. Even a fully updated Ad-Aware or Spybot
can't be relied on to find these new variants 24/7. HijackThis, maybe...

For example, the following CWS variants have been identified (using
HijackThis) in the past 3 days:

C:\Documents and Settings\Fisto\Application
Data\Microsoft\Office\Excel10.dll
[ cf.
http://forums.spywareinfo.com/index.php?showtopic=19526&st=0&#entry117178 ]

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL =
http://www.therealsearch.com/sp.php

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://www.therealsearch.com/sp.php

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://www.therealsearch.com/sp.php

O4 - HKCU\..\Run: [quicken] C:\WINDOWS\QUICKEN.EXE

O4 - HKCU\..\Run: [editpad] C:\WINDOWS\editpad.exe
--
~Robear Dyer (PA Bear)
MS MVP-Windows (IE/OE)
AH-VSOP

 

[siljaline]

If you're concerned about CoolWebSearch, run either or preferably both
AdAware & Spybot - both non-volatile & both will find CoolWebSearch.

Ad-aware and SpyBot only pick up a few of the "several hundred" <known>
variants thus the *need* for the tool.

--
siljaline

MS - MVP Windows IE/OE
______________________

(Reply to group, as return address
is invalid - that we may all benefit)

 

[john]

Is that through your own personal experience?
What I mean is, have you run the above which showed a clean PC, then which
prog did you run which found variants that were missed.

BTW, I'm not concerned about CoolWebSearch, just replying to the post - but
I AM concerned about many so-called Reg-cleaners which are extremely
destructive if used blindly - mainly because they don't explain in plain
english exactly what they've found and the possible impact it may have if
you delete/quarantine some entries.

 

[PA Bear]

I'm not Siljaline, but yes, both CWShredder and HijackThis have identified
things which a fully up-to-date Ad-Aware and Spybot have missed.

No one is suggesting everyone should use CWShredder like they'd use
Ad-Aware, Spybot and their ilk (though IMHO doing so wouldn't harm
anything). Running CWShredder is advised when a CWS hijacking is apparent
or suspected.

IMHO, no one should use *any* "regcleaner", at least not without first
creating a backup of the Registry/Restore Point.

All of the above = RTFM.[/QUOTE]

 

[Mad Max]

HillBillly:
Stick this in your corncob pipe and smoke it. Do not judge , lest ye be
judged. Like so many claiming to be what your handle claims, you are narrow
minded , judgmental and about as far as one that claims to be a Christian
,can be. Don't flaunt it if you aint got it.
For your uninformed information --I did nothing to bring those problems upon
myself. You simply have a canned answer for what ever you are too
uninformed to understand.
I went to Google looking for a tutorial on my new XP machine. After locating
several likely sites on Google that claimed to be tutorials , I was taken to
a porno site. Trying to work my way out only resulted in my being taken to
one porno site after another. I did not download anything , did not click on
anything and did not moon the hillbillies. Get your facts straight before
you start making wild accusations . I would also note that this is not the
first time I have witnessed you do just that to numerous others. And by the
way , you can climb off me just as you climbed on. Either that , or you know
what you can kiss.
I understand the problem that Google has, its the same as we all have , and
there is little or nothing we can do about it, for now.
That said, your wild accusations, unfounded condemnations and uninformed
rhetoric do not help anyone. If indeed that is why you so often offer
useless advice.

MAD MAX

 

[Mad Max]

John John:
On this NG one can find good advice and bad advice. If you think you cannot
get infected without downloading it ,
Why don't I just make a blanket statement for everyone who believes that.
You don't know what you are talking about!

 

[Mad Max]

Rubbish indeed !
That is exactly where and when my machine was infected with "cool web
search" and everything else I mentioned. And NO, I did not download anything
, agree to anything ,or sign my name.
Hello People , Get a grip. I'm not blaming Google. Period ! End of Argument.
Anyone would think you people own stock in google the way you defend it . It
is a tool , nothing more. Not a religion!

 

[Mad Max]

Hello john:
Read your statement. Did I go to Google. Yes. Did I click on a URL that
Google offered as a tutorial site for XP ? Yes! So I'm to blame in your eyes
? Apparently so. Just exactly what kind of unsafe web practices is that ?
Come on now , you have all said I did something to bring it on myself. BE
SPECIFIC ! Exactly how many of you were sitting on my lap when I went to
Google? Well, you must have at least been in the room watching what I did.
Okay , fess up . None of you were here, now were you?
I confess, I killed the Golden Goose.

 

[john]

HillBillly:

Stick this in your corncob pipe and smoke it. Do not judge , lest ye be
judged. Like so many claiming to be what your handle claims, you are
narrow minded , judgmental and about as far as one that claims to be a
Christian ,can be. Don't flaunt it if you aint got it.
For your uninformed information --I did nothing to bring those problems
upon myself. You simply have a canned answer for what ever you are too
uninformed to understand.

I went to Google looking for a tutorial on my new XP machine. After

locating several likely sites on Google that claimed to be tutorials , I was
taken to a porno site. Trying to work my way out only resulted in my being
taken to one porno site after another. I did not download anything , did not
click on anything and did not moon the hillbillies.

Get your facts straight before you start making wild accusations . I would

also note that this is not the first time I have witnessed you do just that
to numerous others. And by the way , you can climb off me just as you
climbed on. Either that , or you know what you can kiss.

I understand the problem that Google has, its the same as we all have ,

and there is little or nothing we can do about it, for now.

Rubbish! Google has no problem, it's the link Google found based on YOUR
search criterea and which you elected to access.
Install Pop-up Stopper Pro, then you won't get into the endless loop of
multiplying porn pages - simply shut the first one down.

"wild accusations, unfounded condemnations and uninformed rhetoric" applies
more to your form of 'logic'

john