Just a few questions
Posted 30 June 2004 - 08:31 AM
-Which CWS variant is the one that redirects your page to res://<random>.dll/<random>.html#<random> , has the randomly named files, and installs on reboot?
-Is CWS stuff one of the bigger problems now in the way of malware and such? I noticed the majority of post were from people who have it.
-Any idea as to how it originated?
-this may sound weird, but what are these programs(cws stuff) written in?
-Is microsoft behind it all? mwhaha?
Posted 30 June 2004 - 09:32 AM
Maybe these websites won't answer all your questions, but they give you good info
about CoolWebSearch and all it's variants (39 in total), especially the first one.
The second one gives you instructions to remove it manually.
The trouble with CWS is that this malware is hard to remove COMPLETELY by a program and has to be removed MANUALLY.
That's why so many people are posting here. Not everybody is a professional or clever enough to remove CWS manually and these people need also help.
I don't know in which language CWS is written. What I do know is that the CWS-author never grew up, like most malware-authors.
Why do you suspect Microsoft ? There is no reason to.
Of course MS made it easy for malware-authors to abuse the security holes in their softwares, but MS is aware of this.
I'm confident that MS will come up sooner or later with a secure Windows, Internet Explorer, etc.
To accomplish that you need money and I don't think that Microsoft is a poor company. It's just a matter of time
Edited by ErikAlbert, 30 June 2004 - 09:32 AM.
Simplicity is always brilliant.
Posted 30 June 2004 - 03:31 PM
Anyways, I've looked on those sites. I have already removed it... with help of course. I def. learned a lot but these were questions I had left over. the merijn(sp?) site was originally very helpful. But even he says that he was having trouble keeping up with the different variants and that his updates would eventually cease.
That's why I was asking if this variant had a name or something?
my question remains. any ideas on the origin? and whats it is written in and the size?
thanks for the answers tho!!!
Posted 30 June 2004 - 08:47 PM
Well it isn't the first time that I don't understand a joke or a pun or a funny remark in English. I'm already glad I can understand and translate the sentence in Dutch
No, I can't answer your other questions, maybe Merijn can, but he seems to be very busy and I don't think he will answer your email. You can always try of course.
I'm not surprised that Merlijn's program CWShredder.exe couldn't always remove CWS. I have read and studied all the manual instructions of the Kephyr website and most of these instructions are interrupted by several shutdowns and restarts in normal and/or safe mode.
So it's very hard to combine all this in one single program and this CWS-author doesn't seem to stop to create new variants and gets better and better like most programmers.
In fact my homepage was never hijacked. I guess I was very lucky or too carefull, I really don't know. Sooner or later it will happen, I'm quite sure about that.
Personally, I'm not really interested in malware because it is such a waste of time and so negative. I'm temporarily interested, because I'm FORCED to protect my pc, like I have to lock my door when I leave home.
Consider this :
Somebody is infected with CWS and loses alot of time to remove it.
Once the CWS is gone, his pc is working properly again.
So what is the final result after the removal : ABSOLUTELY NOTHING, all that time he couldn't do anything positive or constructive, nothing but a waste of time.
That's what bothering me and I appreciate all the good work of the people in this forum, but I'm not the right person for this.
Edited by ErikAlbert, 30 June 2004 - 08:54 PM.
Simplicity is always brilliant.
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users