Coolwebsearch/Hijacked/Spyware.......

[Eric]

Someone else asked this question (I just cut and paste it
below). I've done the exact same stuff. Does anyone have
an answer?
Eric

What is the deal with CWS? It's to the point that I run
shredder several times a day! Also, I run the following:
CWShredder
Hijackthis
Spybot
Ad-aware
....and I've tried several others. I always update these
ever day, but it doesn't seem to have any impact other
than a few minutes reprieve. Sometimes, I can't even get
into some Microsoft sites as I'm re-directed by this
insidious spyware!

To top it all off, if I run a search on Microsoft's web
site for "CWS" or "Coolwebsearch" - I get no matches or
hits! Is Microsoft hoping if they don't acknowledge this
problem, we'll all assume it's not that big a deal? It's
to the point now that I have to use Opera or Netscape, IE
barely works and, when it does, the pop-ups never stop
and my system grinds to a halt.

Has anyone ever removed this completely, totally, from
their system????

Thanks!
- Rob

 

[KAS]

I have used the following process on numerous machines
where I work to completely remove all aspects of any piece
of spyware/malware.

Disconnect your compter from the net if you have a
high-speed connection such as cable or dsl.

1) Go to Add/Remove Programs and look for programs that
shouldn't be there. Things such as Hotbar Toolbar, Gator,
etc. These programs should stand out in your mind as ones
that you did not install.

Write down the names of these programs then go ahead and
use Add/Remove to remove them. This WILL NOT completely
remove the program but begins the process.

2) Go onto your hard drive and look for folders which have
the same or similar names to the programs you just wrote
down. Look under C:\Program Files for these folders.

Delete these folders. In some cases you may not be able to
remove the entire folder or parts of their contents. That
is ok. Just be sure that what you are removing is what you
want to remove. If in doubt, leave it in.

3) Go to Start | Run and type in 'regedit' (no quotes).
When your registry comes up do Ctrl-F (Find) and type in
part of the name of one of the programs you are looking
for. For instance, if you have the Hotbar Toolbar you
could simply type in 'hotbar' (no quotes). Click Find Next
and the search begins. When it stops on an entry look at
it closely. Does it have the name of one of the programs
you are looking for? If so, delete that key. Hit F3 to
continue the search.

When you get the message that you are at the end of the
registry do Ctrl-F and repeat the process for the next
piece of spyware/malware. Repeat as necessary.

4) Reboot your machine. When you come back in see if you
can reset your homepage or access the net. Hopefully at
this point you can. If your homepage still won't reset you
need to go back into the registry and search for whatever
page you are being redirected to. Again, just part of the
name is fine. Also recheck your C: to see if there are any
leftover folders which you can remove. If so remove them
and reboot again.