Re: CWS/DSO Exploit

From: Trafton (
Date: 10/01/04

Date: Thu, 30 Sep 2004 16:19:47 -0700

Hi Mark,

As long as it ends with "w=3", the DSO Exploit detection is a bug.
CoolWWWSearch, on the other hand, I have not heard as a recurring false

I would recommend contacting Spybot's developers, as they know the aspects
of their program better than anyone else. It could be a false positive, and
it might not be; in either case, feel free to post back here with their
response, as I'd also be interested to know. I'd just rather see what they
think before we move on. You can contact them here:

I'd also try Ad-Aware ( for a second opinion. If
it doesn't detect CoolWWWSearch, chances are it is a false positive. It
might also be able to remove it if it isn't.

Hope this helps!

Benjamin "Trafton" Johnstone-Anderson
Microsoft MVP, Windows Security
Security Manifest:

"Mark" <> wrote in message
> Sorry if this goes through twice but I don't think it did
> the first time I tried to send it. Does anyone know how
> to get rid of this CSW thing???? I had it on my desk top
> PC about a year ago and eradicated it with a malware
> program called CWS Shredder, in conjunction with SpyBot
> and Adaware (can't even install Adaware at this time).
> SpyBot finds it and deletes it (always finds 5 incidents
> of DSO Exploit and 2 of CoolWWWSearch, and yes I am
> immunizing), but it's back within like five minutes.
> This is no only a home page hijacker but it also does not
> allow certain pages to load (can't check my Hotmail, for
> example). I did a search for CWS Shredder and it seems
> the author has given up on defeating this thing and no
> longer offers updates. Does anyone know of another
> program I might want to try to get rid of this thing? TIA
> Mark