Who´s responsible for the Cool Web Search trojan?

Factual Questions
1

I got my PC hijacked by the cybernetic spawn of Satan known as CWS.searchx; now this is not a question of how to remove it because I´m quite determined to delete Windows and install it all over again (thanks Bill!); my question is WHO THE HELL IS RESPONSIBLE FOR THAT FRIGGIN´ PIECE OF SOFTWARE!!!???

I know there must be two parties here, the creators and the costumers for the traffic the nefarious trojan captures, who are these people and why haven´t they put in jail or banned from using a PC again?
I mean, just by browsing around it seems quite obvious that this nasty thing has caused millions of headaches and lost man-hours trying to remove it from the infected systems, it´s vandalism, nothing less; why isn´t it banned and the people behind it prosecuted?

2

I deal with crap like this every day. Your internet connection is down? No, Search Assistance, Coupon Buddy and 100 like programs can’t co-operate on your PC and they’ve broken winsock. Windows Updates causing digital signing errors? Well, half your system files have been taken over by WinTools.A, and MS isn’t expecting to update them, so…

This is a question I ask myself lots too. But remember it took a while for spammers to start getting the beats, so I keep my hope alive. :wink:
Incidentally, I once phoned the contact number for a search engine “kadoodle” that some search tool was redirecting my brother’s IE browser to (incidentally how I convinced him to use Firefox), and was told it was because of 3rd party partners, blablabla, try going to mypctuneup.com.

I don’t know why I was surprised both that they seemed unexcited at taking action against this “partner” (who’s ID was in the redirected URL), and that mypctuneup.com’s “removal tool” is said all over the Internet to install more spyware…
I eventually used the scanner at Pest Patrol and removed it manually.

3

If you ever get a good answer to this one, I would REALLY like to know who it is.

4

I don’t think that blaming costumers – or anybody in the fashion or textile industries, for that matter – is really very productive. :stuck_out_tongue:

5

It’s from Russia, so you are going to have a hard time throwing them in the clink. Plus, there are over 1200 affilliates worldwide, so you have lifetime job security. Here is a website that tracks the info of several of the more egregious variants.

6

So… have you seen the movie Jay and Silent Bob? :wink:

7

domain: coolwebsearch.com
status: production
organization: InterWeb Solutions Inc
owner: InterWeb Solutions Inc
email: admin@iweb-commerce.com
address: P.O. Box 362
address: Road Town
city: Tortola
postal-code: 65113
country: IO
admin-c: admin@iweb-commerce.com#0
tech-c: admin@iweb-commerce.com#0
billing-c: admin@iweb-commerce.com#0
nserver: ns1.maximumhost.com
nserver: ns2.rosexxxgarden.com

8

For what it’s worth, there is a procedure to close your PC’s vulnerability to the major CoolWebSearch variants. I found the procedure described under the “Protect your system against future infections” link at the end of the CWSShredder program.

(For those of you not familiar with it, CWSShredder was a program designed to detect and remove many, many variants of CoolWeb Search. The person who wrote CWSShredder finally had to give it up, defeated by the continuing release of new variants and by denial-of-service attacks perpetrated against him by the authors of CoolWebSearch.)

Basically, the procedure removes the Microsoft Java VM, and substitutes the Sun Java VM, which isn’t as vulnerable (big surprise, there). I have been including this in my standard workstation build for some time, and have yet to see CoolWebSearch show up on any treated machine.

  1. To remove the MS Java VM:

Enter the following command at the command prompt:

RunDll32 advpack.dll, LaunchINFSection java.inf, UnInstall

After the machine reboots, delete the following folders or files:

C:\WinNT\Java
C:\WinNT\Inf\java.pnf
C:\WinNT\System32\jview.exe
C:\WinNT\System32\wjview.exe

Delete the following registry subkeys:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Java VM
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet\Explorer\AdvancedOptions\JAVA_VM

  1. Download and install the Sun Java VM

Go to: http://java.com/en/download/windows_automatic.jsp

and follow the directions to download, install, and configure the Sun Java VM.

9

Can anyone tell me what the ill-effects of CWS are?

Seems like every time I run AdAware (every month or so) it picks up CoolWebSearch, but I have not noticed any performance problems with my PC - no pop-ups, no hijacked search pages, nothing. Should I still be worried?

10

AdAware cannot remove CWS (from experience). Use CWSShredder (just do a search).

CWS does a lot of things including hijacking your browser homepage and even affecting Control Panel (in XP). Very annoying. I didn’t know Sun Java is better at protecting a system so I’ll be switching my GF’s computer tonight (my computer already has been fixed but for an unrelated issue).

11

I spent an hour and a half last night getting the latest variant (the “Search For…” home page) off of my fiancee’s laptop, using a combination of CWShredder, Ad-Aware, Spybot, and RegEdit.

I would love to find the kid responsible.

Anyway, regarding the discontinuance of CWShredder, from reading the spyware message boards it seems the variants have gotten much more sophisticated recently. They believe that it is no longer some computer-savvy guys making them but that a serious Trojan writer has been enlisted.

12

Also the only browser it affects is IE. I use Mozilla Firefox now almost exclusively at home. (Still some sites that just need IE to work properly) Anyway, on IE will hijack your home page, and throw a pop up that says you have spyware on your system, directing you to buy thier cleaner.

13

Some variants are not as obious as P_T_ says. There have been some Pit threads by people who were positve that their browsers were not hijacked, but who complained that Google has more and more advertisements and bad results. In most of these cases (I suspect in all cases, but some could not be convinced) CWS was
respnsible. So you should try CWSShredder even if you don’t notice any problems.

14

Well, my printer driver went belly up and I can´t make it work after sucessive re-installation attemps, quite annoying, and Windows freezes up now and then which forces me to reboot and lose whatever job I was working on at that time, that costs me money in a very direct way. Also sometimes programs take an extremely long time to load, seems like a hiccup in the system, things freeze for almost a minute and then go on as usual.

All this since CWS has been installed without my consent on my computer, yeah, it pisses me off big time.

“Country: IO”???

That site is an offense: “Cool Web Search, the search engine you **trust[/]”
How can they keep spreading malware like that with impunity? none in power to get things done gives a flip, there are no legal basis for complaint, what gives?

15

Tortola is one of the British Virgin Islands. Dunno about “IO” though…

16

IO is the ISO County Code for British Indian Ocean Territory.

17

How exactly does one get something like CWS on a computer? I’m going to check mine out for any problems, but I was wondering what sort of behavior would make its presence more likely.

18

The biggest thing to avoid doing is using Internet Explorer, and to be careful about what ‘free’ programs you install - often they will be bundled with spyware.

19

Maybe I’m just lucky, but I find it easy to avoid these things by just clicking the X box on any questionable popup. Not Yes, not No, just X.

20

The problem is that spyware is frequently attached to programs that are highly attractive to young people: free music sharing programs, free games, free desktop utilities. When prompted to agree to the user terms, they don’t realize that they are also giving permission to install all sorts of third-party nastinesss. If they don’t agree, they can’t get the free game. Also, many free software packages won’t work anymore if you remove the spyware with Spybot or Adaware.