Jump to content


Photo

Just a few questions


  • Please log in to reply
4 replies to this topic

#1 zachism

zachism

    Member

  • Full Member
  • Pip
  • 10 posts

Posted 30 June 2004 - 08:31 AM

Well, I finally got cws hijack crap off my computer last night and I figured I would ask a few questions.

-Which CWS variant is the one that redirects your page to res://<random>.dll/<random>.html#<random> , has the randomly named files, and installs on reboot?

-Is CWS stuff one of the bigger problems now in the way of malware and such? I noticed the majority of post were from people who have it.

-Any idea as to how it originated?

-this may sound weird, but what are these programs(cws stuff) written in?

-Is microsoft behind it all? mwhaha?

#2 Sjakie

Sjakie

    Member

  • New Member
  • Pip
  • 1 posts

Posted 30 June 2004 - 09:12 AM

heey

The only thing I know about the varaint of Coolwebsearch is how to delete him and replace the origanal files.

visit this site here is discripte it to delete and replace the origale files.

CWS varianten


mzzl

#3 ErikAlbert

ErikAlbert

    Typical User

  • Full Member
  • PipPipPipPipPip
  • 787 posts

Posted 30 June 2004 - 09:32 AM

zachism,
Maybe these websites won't answer all your questions, but they give you good info
about CoolWebSearch and all it's variants (39 in total), especially the first one.
The second one gives you instructions to remove it manually.
http://www.spywarein...html#datanotary
http://www.kephyr.co...source=appvisit

The trouble with CWS is that this malware is hard to remove COMPLETELY by a program and has to be removed MANUALLY.
That's why so many people are posting here. Not everybody is a professional or clever enough to remove CWS manually and these people need also help.

I don't know in which language CWS is written. What I do know is that the CWS-author never grew up, like most malware-authors.

Why do you suspect Microsoft ? There is no reason to.
Of course MS made it easy for malware-authors to abuse the security holes in their softwares, but MS is aware of this.
I'm confident that MS will come up sooner or later with a secure Windows, Internet Explorer, etc.
To accomplish that you need money and I don't think that Microsoft is a poor company. It's just a matter of time ;)

Edited by ErikAlbert, 30 June 2004 - 09:32 AM.

ErikAlbert
Simplicity is always brilliant.

#4 zachism

zachism

    Member

  • Full Member
  • Pip
  • 10 posts

Posted 30 June 2004 - 03:31 PM

the ms thing was just a joke :p, as much crap as they get from everybody, they are just providing a service, that we choose to buy.

Anyways, I've looked on those sites. I have already removed it... with help of course. I def. learned a lot but these were questions I had left over. the merijn(sp?) site was originally very helpful. But even he says that he was having trouble keeping up with the different variants and that his updates would eventually cease.

That's why I was asking if this variant had a name or something?
my question remains. any ideas on the origin? and whats it is written in and the size?

thanks for the answers tho!!!

#5 ErikAlbert

ErikAlbert

    Typical User

  • Full Member
  • PipPipPipPipPip
  • 787 posts

Posted 30 June 2004 - 08:47 PM

zachism
Well it isn't the first time that I don't understand a joke or a pun or a funny remark in English. I'm already glad I can understand and translate the sentence in Dutch :D

No, I can't answer your other questions, maybe Merijn can, but he seems to be very busy and I don't think he will answer your email. You can always try of course.

I'm not surprised that Merlijn's program CWShredder.exe couldn't always remove CWS. I have read and studied all the manual instructions of the Kephyr website and most of these instructions are interrupted by several shutdowns and restarts in normal and/or safe mode.
So it's very hard to combine all this in one single program and this CWS-author doesn't seem to stop to create new variants and gets better and better like most programmers.

In fact my homepage was never hijacked. I guess I was very lucky or too carefull, I really don't know. Sooner or later it will happen, I'm quite sure about that.

Personally, I'm not really interested in malware because it is such a waste of time and so negative. I'm temporarily interested, because I'm FORCED to protect my pc, like I have to lock my door when I leave home.

Consider this :
Somebody is infected with CWS and loses alot of time to remove it.
Once the CWS is gone, his pc is working properly again.
So what is the final result after the removal : ABSOLUTELY NOTHING, all that time he couldn't do anything positive or constructive, nothing but a waste of time.
That's what bothering me and I appreciate all the good work of the people in this forum, but I'm not the right person for this.
ErikAlbert

Edited by ErikAlbert, 30 June 2004 - 08:54 PM.

ErikAlbert
Simplicity is always brilliant.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button