Jump to content


Merijin stops the develop pf CwShredder

  • Please log in to reply
4 replies to this topic

#1 NeonWizard


    Security Geek

  • Full Member
  • Pip
  • 49 posts

Posted 29 June 2004 - 01:31 PM

Merijn Bellekom has abandoned developing software that removes one of the nastiest browser hijackers on the planet: CoolWebSearch, a trojan that converts your PC into a source of revenue for fly-by-night porn sites not capable of generating legitimate Web traffic.

The trojan installs dozens of bookmarks to foul porn sites on your desktop; it also adds a toolbar to Internet Explorer and changes your home page without asking. And it significantly slows down the performance of your PC, and introduces some modifications which cause Windows to freeze, crash or randomly reboot.

It takes a brave Dutch student, Merijn Bellekom, to remove the hijacker effectively; but CWS seems to be winning, leaving users at risk.

Bellekom has just released the latest version of his CWShredder (1.59), the only antidote to the trojan, but warns that his app won't be updated again: "I have a few bugs to fix, but after that there's not much left to do. I simply do not have the tools to remove the latest variants. They are too aggressive or too complicated to allow for automated removal."

Read Article

#2 ErikAlbert


    Typical User

  • Full Member
  • PipPipPipPipPip
  • 787 posts

Posted 29 June 2004 - 03:15 PM

I can't blame Merlijn Bellekom and he did alot of good work and he probably saved alot of pc users, using CWShredder.exe in the past.
His website is a very informative source (most probably the very best) concerning CWS.

I have read and studied all the manual instructions to remove CWS at this website :
You can't remove this malware without restarting your computer several times and very often in "safe mode".

I wonder what kind of person that CWS-author is. One thing is sure, he never grew up and
has a very malicious and destructive personality if you read this :

This CWS.time variant shuts down the following anti-spyware products:
- Bazooka Spyware Scanner and
- Adaware and
- CWShredder and
- SpywareBlaster and
- Spybot and
- HijackThis
This variant will also close web browser windows viewing information from anti-spyware domains,
including www.kephyr.com.
It has also been reported to close documents containing the strings www.magicsearch.ws and wwww.magicsearch.ws.

This variant will change your
- SearchURL and
- Search Bar and
- Search Page and
- Home Page and
- Default Page URL and
- SearchAssistant and
- CustomizeSearch
pointing them to smartsearch.ws or magicsearch.ws.
The hijacker drops its files in %ProgramsDir%\Common Files\Services\ or
in %SystemDir% which will run each time a user logs in.

I guess he has alot of fun to read all that stuff about him. A big ego is typical for that kind of people.
What a waste of talent and time !!! I got better things to do.

Edited by ErikAlbert, 29 June 2004 - 03:16 PM.

Simplicity is always brilliant.

#3 Archon_Wing


    Donut Patron

  • Trusted Advisor
  • PipPipPipPip
  • 368 posts

Posted 29 June 2004 - 03:53 PM

Maybe someone else can carry the torch. I really think merijn has done his part and the newest Hijack This will be useful. :)

Edited by Archon_Wing, 29 June 2004 - 03:53 PM.

Rights are never important until you don't have them.

#4 cnm


    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 29 June 2004 - 05:57 PM

Well the Register wasn't altogether right. Perhaps there will never be a 1.60, but there is a 1.59.1.

If Merijn says no major enhancements of CWShredder are possible, I would take his word for it. Fortunately custom fixes have been/are being developed to handle the latest diabolical ones. I'm sure Merijn just means it's not possible to fully automate the fix.

As Archon_Wing implies, the additional detections in HijackThis are designed to make CWS removal easier.
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here

#5 Zero


    Advanced Member

  • Retired Staff
  • PipPipPip
  • 224 posts

Posted 29 June 2004 - 06:04 PM

I sent them a letter explaining how they are not winning the war.

Member of UNITE
Support SpywareInfo Forum - click the button