No, once you are infected, changing browsers will not fix the problems you are having; changing browsers will only prevent infection, not cure it. You are the lucky recipient of a new generation of CWS variants that cannot be removed with HijackThis or CWShredder alone. In fact, Merijn (the guy that wrote CWShredder) has thrown in the towel and will not be updating that tool any longer, in part due to the virulent nature of the new CWS variants:
The procedure to remove this variant is complicated, and you would have the best results if you posted your HJT log over at the forums at SpywareInfo. They have posted a procedure for removing this variant in this thread, but people are having varying results. Try it, and be careful to follow the instructions precisely; YMMV.
Once you have identified what file or files is causing homepage hijacks:
Note down the file name, and the directory it’s located in.
Run REGEDIT and use Control-F to search for that filename (omit the extension; it sometimes shows up as a reference without extension). Delete it when found. Be sure to continue the search until you get a “Not Found” response – it may be in there two or three times. (Easiest way to run REGEDIT is Start/Run/type in REGEDIT and click on OK.)
Then, using Windows Explorer or such other directory displayer as may float your boat, delete the file from the directory it’s in. You need to get it out of the registry first, or it either won’t delete or will immediately reload.
The files in question have somehow been altered so they do not show up in Windows Explorer, or under a Windows search. This is not related to folder options (Hidden Files or Show Extensions). Very sneaky, they.
Because there is no such thing as the Internet Police, with world-wide powers necessary to enforce such a law. What are you going to do against companies in South Africa or Indonesia?
Bad news, CoolWebSearch has won the battle, the writer of CWShredder is calling it quits. He just doesn’t have the time to continually update shredder to kill an increasingly hostile and devious bit of spyware. The article linked to suggests the only way to be rid of it is to revert to a previous copy of your registry.
We will never be rid of spyware until browsers make it impossible for applications to be installed without the user being fully aware that they are trying to install themselves and what they will do once they are there. This isn’t an easy task, but the architecture of Internet Explorer makes it very, very, very difficult to achieve. Particularly when it’s full of bugs that can be exploited. It’s hard to believe, but Microsoft approached the development of an internet browser without considering the possibility of internet sites being fraudulent and internet users being computer novices. Bingo, you have a situation ripe for an internet site being able to wrestle control of a computer off the legitimate owner, without them even being aware its happened.
Switching to Firefox won’t rid you of the spyware once you’ve got it (although it may not be quite so visible and intrusive) but it will go a long way to ensuring you don’t get any more. Plus, as has repeatedly been pointed out :), Firefox is simply a better product. It’s not perfect, has a few rough edges, but still leaves IE standing.
Except for the security issues, I disagree. There a few things that Firefox can’t do that IE handles just fine. I have to revert to IE when I run across them.
That doesn’t mean I won’t use Firefox as my primary browser, but my experience does not support the proposition that it leaves IE standing in the dust.
The latest definitions for Ad-Aware (June 27 or later) will clean the about:blank variant of “CWS.”
It’s not easy – you have to configure Ad-Aware properly to get it done (instructions are here, and it’s a good idea to do it in safe mode, but it looks like Ad-Aware does the job.
