http://images.only-virgins.com/cgi-bin/warning.cgi

TheMSsForum.com: The Microsoft Software Forum

Help. The subject item ( CoolWeb Search) is driving me
crazy. I have tried everything to remove it from IE
BRowser set up : All the more popular Spyware removers,
manually deleting, going to the Microsoft website and
down loading the particular patch for this. STILL it comes
back . How do I really get rid of this monster.
Thanks.
Top

http://images.only-virgins.com/cgi-bin/warning.cgi by anonymous

anonymous
Sat Dec 20 10:22:49 CST 2003

CoolWebSearch Chronicles & CWShredder
http://www.spywareinfo.com/~merijn/cwschronicles.html

Check your system for other "hijackware".

Dealing with Hijackware
http://mvps.org/winhelp2002/unwanted.htm
http://www.mvps.org/inetexplorer/Darnit.htm#tshoot
http://aumha.org/a/parasite.htm

HijackThis
(http://www.spywareinfo.com/~merijn/files/hijackthis.zip)
is the
preferred tool to use these days. It will help to both
identify and remove
any hijackware/spyware. **Post your files to
http://forums.spywareinfo.com/, not here.**

Also update your virus definitions and then run a full
system scan. From
now on, do both daily.

>-----Original Message-----
>Help. The subject item ( CoolWeb Search) is driving me
>crazy. I have tried everything to remove it from IE
>BRowser set up : All the more popular Spyware removers,
>manually deleting, going to the Microsoft website and
>down loading the particular patch for this. STILL it
comes
>back . How do I really get rid of this monster.
>Thanks.
>.
>
Top

Re: http://images.only-virgins.com/cgi-bin/warning.cgi by Mike

Mike
Sun Dec 21 06:07:00 CST 2003

Dom,
How to remove Coolwebsearch and affiliates
http://mvps.org/winhelp2002/unwanted.htm#Coolwebsearch

Note: this type hijack indicates an unpatched machine, that is lacking
in "Defense". Please visit Windows Update to avoid these exploits.
____________________________________________________________
Mike Burgess [MVP Windows Shell\User] http://www.mvps.org/winhelp2002/
Blocking Spyware, Adware, Parasites, Hijackers, Trojans, with a HOSTS file
http://www.mvps.org/winhelp2002/hosts.htm [updated 12-19-03]
Please post replies to this Newsgroup, email address is invalid
--

"Dom" <anonymous@discussions.microsoft.com> wrote in message
news:10ea01c3c70e$32834880$a301280a@phx.gbl...
> Help. The subject item ( CoolWeb Search) is driving me
> crazy. I have tried everything to remove it from IE
> BRowser set up : All the more popular Spyware removers,
> manually deleting, going to the Microsoft website and
> down loading the particular patch for this. STILL it comes
> back . How do I really get rid of this monster.
> Thanks.


Top

http://images.only-virgins.com/cgi-bin/warning.cgi by anonymous

anonymous
Sun Dec 21 06:49:22 CST 2003

Thans. I will try this. Dom
>-----Original Message-----
>CoolWebSearch Chronicles & CWShredder
>http://www.spywareinfo.com/~merijn/cwschronicles.html
>
>Check your system for other "hijackware".
>
>Dealing with Hijackware
>http://mvps.org/winhelp2002/unwanted.htm
>http://www.mvps.org/inetexplorer/Darnit.htm#tshoot
>http://aumha.org/a/parasite.htm
>
>HijackThis
>(http://www.spywareinfo.com/~merijn/files/hijackthis.zip)
>is the
>preferred tool to use these days. It will help to both
>identify and remove
>any hijackware/spyware. **Post your files to
>http://forums.spywareinfo.com/, not here.**
>
>Also update your virus definitions and then run a full
>system scan. From
>now on, do both daily.
>
>>-----Original Message-----
>>Help. The subject item ( CoolWeb Search) is driving me
>>crazy. I have tried everything to remove it from IE
>>BRowser set up : All the more popular Spyware removers,
>>manually deleting, going to the Microsoft website and
>>down loading the particular patch for this. STILL it
>comes
>>back . How do I really get rid of this monster.
>>Thanks.
>>.
>>
>.
>
Top

Re: http://images.only-virgins.com/cgi-bin/warning.cgi by George

George
Tue Dec 23 13:00:42 CST 2003

I know one which seems to work but I would not let it stay on your =
machine. Install it get rid of the coolweb search crap, then uninstall =
the application. It has a poor GUT, has poor support and is just poor =
all round. But it will kill the coolweb search crap until you pick it =
up again. The application I am talking about is:

PestPatrol

--=20
George Hester
__________________________________
"Dom" <anonymous@discussions.microsoft.com> wrote in message =
news:10ea01c3c70e$32834880$a301280a@phx.gbl...
> Help. The subject item ( CoolWeb Search) is driving me=20
> crazy. I have tried everything to remove it from IE=20
> BRowser set up : All the more popular Spyware removers,=20
> manually deleting, going to the Microsoft website and=20
> down loading the particular patch for this. STILL it comes=20
> back . How do I really get rid of this monster.=20
> Thanks.
Top

Re: http://images.only-virgins.com/cgi-bin/warning.cgi by George

George
Tue Dec 23 13:02:55 CST 2003

I don't think so Mike. I am as patched as I can be and the issue still =
occurs. If I had any more patches I could be mistaken for an Egyptian =
mummy. There is NOTHING more available at the Windows update site.

--=20
George Hester
__________________________________
"Mike Burgess" <winhelp2002@spamthis.com> wrote in message =
news:O2M#pr7xDHA.1764@TK2MSFTNGP10.phx.gbl...
> Dom,
> How to remove Coolwebsearch and affiliates
> http://mvps.org/winhelp2002/unwanted.htm#Coolwebsearch
>=20
> Note: this type hijack indicates an unpatched machine, that is lacking
> in "Defense". Please visit Windows Update to avoid these exploits.
> ____________________________________________________________
> Mike Burgess [MVP Windows Shell\User] =
http://www.mvps.org/winhelp2002/
> Blocking Spyware, Adware, Parasites, Hijackers, Trojans, with a HOSTS =
file
> http://www.mvps.org/winhelp2002/hosts.htm [updated 12-19-03]
> Please post replies to this Newsgroup, email address is invalid
> --
>=20
> "Dom" <anonymous@discussions.microsoft.com> wrote in message
> news:10ea01c3c70e$32834880$a301280a@phx.gbl...
> > Help. The subject item ( CoolWeb Search) is driving me
> > crazy. I have tried everything to remove it from IE
> > BRowser set up : All the more popular Spyware removers,
> > manually deleting, going to the Microsoft website and
> > down loading the particular patch for this. STILL it comes
> > back . How do I really get rid of this monster.
> > Thanks.
>=20
>
Top

Re: http://images.only-virgins.com/cgi-bin/warning.cgi by Mike

Mike
Tue Dec 23 17:37:44 CST 2003

George,
>" I am as patched as I can be and the issue still occurs."
What still occurs? Coolwebsearch uses several exploits to
install themselves, these exploits have since been patched.
[more info]
http://www.merijn.org/cwschronicles.html#byteverify

Also most major AV apps are now aware of this trojan and
the exploits used, so your AV should alert you to this.

Until MS comes out with another patch (their working on it)
I would recommend using Qwik-Fix which provides another
layer of essential security by closing off the pathways that
worms and viruses use to penetrate your PC.
http://www.qwik-fix.net/
____________________________________________________________
Mike Burgess [MVP Windows Shell\User] http://www.mvps.org/winhelp2002/
Blocking Spyware, Adware, Parasites, Hijackers, Trojans, with a HOSTS file
http://www.mvps.org/winhelp2002/hosts.htm [updated 12-19-03]
Please post replies to this Newsgroup, email address is invalid
--

"George Hester" <hesterloli@hotmail.com> wrote in message
news:OagFhdYyDHA.1524@TK2MSFTNGP10.phx.gbl...
I don't think so Mike. I am as patched as I can be and the issue still
occurs. If I had any more patches I could be mistaken for an Egyptian
mummy. There is NOTHING more available at the Windows update site.

--
George Hester
__________________________________
"Mike Burgess" <winhelp2002@spamthis.com> wrote in message
news:O2M#pr7xDHA.1764@TK2MSFTNGP10.phx.gbl...
> Dom,
> How to remove Coolwebsearch and affiliates
> http://mvps.org/winhelp2002/unwanted.htm#Coolwebsearch
>
> Note: this type hijack indicates an unpatched machine, that is lacking
> in "Defense". Please visit Windows Update to avoid these exploits.
> ____________________________________________________________
> Mike Burgess [MVP Windows Shell\User] http://www.mvps.org/winhelp2002/
> Blocking Spyware, Adware, Parasites, Hijackers, Trojans, with a HOSTS file
> http://www.mvps.org/winhelp2002/hosts.htm [updated 12-19-03]
> Please post replies to this Newsgroup, email address is invalid
> --
>
> "Dom" <anonymous@discussions.microsoft.com> wrote in message
> news:10ea01c3c70e$32834880$a301280a@phx.gbl...
> > Help. The subject item ( CoolWeb Search) is driving me
> > crazy. I have tried everything to remove it from IE
> > BRowser set up : All the more popular Spyware removers,
> > manually deleting, going to the Microsoft website and
> > down loading the particular patch for this. STILL it comes
> > back . How do I really get rid of this monster.
> > Thanks.
>
>


Top

Re: http://images.only-virgins.com/cgi-bin/warning.cgi by George

George
Tue Dec 23 19:05:27 CST 2003

Hello Mike:

The issue of coolweb taking my homepage and adding crap to favorites. =
Same story as before. It doesn't matter what I do to stop it except for =
one thing. And that is don't browse the Net. I keep running into it. =
Scripting off, Java disabled, all ActiveX disabled, Sun JVM enabled,

127.0.0.1 coolwebsearch.biz
127.0.0.1 coolwebsearch.com
127.0.0.1 coolwebsearch.info
127.0.0.1 www.coolwebsearch.com

in hosts,

4 spyware catchers; HijackThis, Ad-Aware, BHODemon and SpyBot Search and =
Destroy. Each of these can clean it out but it does return upon =
browsing the Net.

PestPatrol will even find coolweb stuff after these four have done their =
duty. But I don't like PestPatrol.

My last option right now is to surf with Ad-watch 3 enabled. That I do =
not know whether it will work or not. I'm hoping. This issue did not =
occur with IE 6 but it is occurring without bound in IE 5.5 SP2. I =
cannot even find the jar in TIF that is causing it when it happens =
anymore.

--=20
George Hester
__________________________________
"Mike Burgess" <winhelp2002@spamthis.com> wrote in message =
news:#HqJE3ayDHA.2360@TK2MSFTNGP10.phx.gbl...
> George,
> >" I am as patched as I can be and the issue still occurs."
> What still occurs? Coolwebsearch uses several exploits to
> install themselves, these exploits have since been patched.
> [more info]
> http://www.merijn.org/cwschronicles.html#byteverify
>=20
> Also most major AV apps are now aware of this trojan and
> the exploits used, so your AV should alert you to this.
>=20
> Until MS comes out with another patch (their working on it)
> I would recommend using Qwik-Fix which provides another
> layer of essential security by closing off the pathways that
> worms and viruses use to penetrate your PC.
> http://www.qwik-fix.net/
> ____________________________________________________________
> Mike Burgess [MVP Windows Shell\User] =
http://www.mvps.org/winhelp2002/
> Blocking Spyware, Adware, Parasites, Hijackers, Trojans, with a HOSTS =
file
> http://www.mvps.org/winhelp2002/hosts.htm [updated 12-19-03]
> Please post replies to this Newsgroup, email address is invalid
> --
>=20
> "George Hester" <hesterloli@hotmail.com> wrote in message
> news:OagFhdYyDHA.1524@TK2MSFTNGP10.phx.gbl...
> I don't think so Mike. I am as patched as I can be and the issue =
still
> occurs. If I had any more patches I could be mistaken for an Egyptian
> mummy. There is NOTHING more available at the Windows update site.
>=20
> --=20
> George Hester
> __________________________________
> "Mike Burgess" <winhelp2002@spamthis.com> wrote in message
> news:O2M#pr7xDHA.1764@TK2MSFTNGP10.phx.gbl...
> > Dom,
> > How to remove Coolwebsearch and affiliates
> > http://mvps.org/winhelp2002/unwanted.htm#Coolwebsearch
> >
> > Note: this type hijack indicates an unpatched machine, that is =
lacking
> > in "Defense". Please visit Windows Update to avoid these exploits.
> > ____________________________________________________________
> > Mike Burgess [MVP Windows Shell\User] =
http://www.mvps.org/winhelp2002/
> > Blocking Spyware, Adware, Parasites, Hijackers, Trojans, with a =
HOSTS file
> > http://www.mvps.org/winhelp2002/hosts.htm [updated 12-19-03]
> > Please post replies to this Newsgroup, email address is invalid
> > --
> >
> > "Dom" <anonymous@discussions.microsoft.com> wrote in message
> > news:10ea01c3c70e$32834880$a301280a@phx.gbl...
> > > Help. The subject item ( CoolWeb Search) is driving me
> > > crazy. I have tried everything to remove it from IE
> > > BRowser set up : All the more popular Spyware removers,
> > > manually deleting, going to the Microsoft website and
> > > down loading the particular patch for this. STILL it comes
> > > back . How do I really get rid of this monster.
> > > Thanks.
> >
> >
>=20
>
Top

Re: http://images.only-virgins.com/cgi-bin/warning.cgi by Mike

Mike
Fri Dec 26 03:41:08 CST 2003

George,
If you are going to use a HOSTS file, you need to include at
least the whole section that includes the (coolwebsearch) major affiliates.
http://www.mvps.org/winhelp2002/hosts.htm

You could use the reg file I have for the Restricted Zone.
http://www.mvps.org/winhelp2002/restricted.htm

Did you try the Qwik-Fix?
http://www.qwik-fix.net/

>"I cannot even find the jar in TIF that is causing it when it happens
anymore."
They use that and a modified ".class" file ...
____________________________________________________________
Mike Burgess [MVP Windows Shell\User] http://www.mvps.org/winhelp2002/
Blocking Spyware, Adware, Parasites, Hijackers, Trojans, with a HOSTS file
http://www.mvps.org/winhelp2002/hosts.htm [updated 12-19-03]
Please post replies to this Newsgroup, email address is invalid
--

"George Hester" <hesterloli@hotmail.com> wrote in message
news:eJoLGobyDHA.2148@TK2MSFTNGP12.phx.gbl...
Hello Mike:

The issue of coolweb taking my homepage and adding crap to favorites. Same
story as before. It doesn't matter what I do to stop it except for one
thing. And that is don't browse the Net. I keep running into it.
Scripting off, Java disabled, all ActiveX disabled, Sun JVM enabled,

127.0.0.1 coolwebsearch.biz
127.0.0.1 coolwebsearch.com
127.0.0.1 coolwebsearch.info
127.0.0.1 www.coolwebsearch.com

in hosts,

4 spyware catchers; HijackThis, Ad-Aware, BHODemon and SpyBot Search and
Destroy. Each of these can clean it out but it does return upon browsing
the Net.

PestPatrol will even find coolweb stuff after these four have done their
duty. But I don't like PestPatrol.

My last option right now is to surf with Ad-watch 3 enabled. That I do not
know whether it will work or not. I'm hoping. This issue did not occur
with IE 6 but it is occurring without bound in IE 5.5 SP2. I cannot even
find the jar in TIF that is causing it when it happens anymore.

--
George Hester
__________________________________
"Mike Burgess" <winhelp2002@spamthis.com> wrote in message
news:#HqJE3ayDHA.2360@TK2MSFTNGP10.phx.gbl...
> George,
> >" I am as patched as I can be and the issue still occurs."
> What still occurs? Coolwebsearch uses several exploits to
> install themselves, these exploits have since been patched.
> [more info]
> http://www.merijn.org/cwschronicles.html#byteverify
>
> Also most major AV apps are now aware of this trojan and
> the exploits used, so your AV should alert you to this.
>
> Until MS comes out with another patch (their working on it)
> I would recommend using Qwik-Fix which provides another
> layer of essential security by closing off the pathways that
> worms and viruses use to penetrate your PC.
> http://www.qwik-fix.net/
> ____________________________________________________________
> Mike Burgess [MVP Windows Shell\User] http://www.mvps.org/winhelp2002/
> Blocking Spyware, Adware, Parasites, Hijackers, Trojans, with a HOSTS file
> http://www.mvps.org/winhelp2002/hosts.htm [updated 12-19-03]
> Please post replies to this Newsgroup, email address is invalid
> --
>
> "George Hester" <hesterloli@hotmail.com> wrote in message
> news:OagFhdYyDHA.1524@TK2MSFTNGP10.phx.gbl...
> I don't think so Mike. I am as patched as I can be and the issue still
> occurs. If I had any more patches I could be mistaken for an Egyptian
> mummy. There is NOTHING more available at the Windows update site.
>
> --
> George Hester
> __________________________________
> "Mike Burgess" <winhelp2002@spamthis.com> wrote in message
> news:O2M#pr7xDHA.1764@TK2MSFTNGP10.phx.gbl...
> > Dom,
> > How to remove Coolwebsearch and affiliates
> > http://mvps.org/winhelp2002/unwanted.htm#Coolwebsearch
> >
> > Note: this type hijack indicates an unpatched machine, that is lacking
> > in "Defense". Please visit Windows Update to avoid these exploits.
> > ____________________________________________________________
> > Mike Burgess [MVP Windows Shell\User] http://www.mvps.org/winhelp2002/
> > Blocking Spyware, Adware, Parasites, Hijackers, Trojans, with a HOSTS
file
> > http://www.mvps.org/winhelp2002/hosts.htm [updated 12-19-03]
> > Please post replies to this Newsgroup, email address is invalid
> > --
> >
> > "Dom" <anonymous@discussions.microsoft.com> wrote in message
> > news:10ea01c3c70e$32834880$a301280a@phx.gbl...
> > > Help. The subject item ( CoolWeb Search) is driving me
> > > crazy. I have tried everything to remove it from IE
> > > BRowser set up : All the more popular Spyware removers,
> > > manually deleting, going to the Microsoft website and
> > > down loading the particular patch for this. STILL it comes
> > > back . How do I really get rid of this monster.
> > > Thanks.
> >
> >
>
>


Top