Re: My home page has changed to "CoolWWWSearch" variant

From: N. Miller (nsm_at_blackhole.aosake.net)
Date: 04/26/04 

Date: Mon, 26 Apr 2004 14:02:31 -0700

In article <ug7Gv14KEHA.3852@TK2MSFTNGP10.phx.gbl>, thejd@uk2.net says...

> WinXP SP1 fully patched with IE security settings all at default.

> I was running as administrator (silly) whilst surfing the internet.

> :::::My home page has changed to "CoolWWWSearch" variant.:::::::

> Ive tried absolutly everything in the way of adware, trojen and virus remove
> tools including CWShredder.

> I have even tried installing XP SP2-beta, but to no avail.

> Where is the resident CWS file? Every few minutes WinPatrol reports the
> changes to my IE settings, but is unable to stop them.

> I try disabling (new XP SP2 feature) the "IE Helper" but it simply returns
> in to the enabled list after a few minutes.
>
> After spending 3 days on this now, I am wondering whether their is a cure, I
> am also curious that there seems to be little open debate on the MS-Home
> site regarding the FACT that this trojan can infect a FULLY patched XP
> OS!!!!! Without me ever agreeing to a download or similar numpty activity
> (other than being logged in as admin)

Welcome to the commercial Internet, where many commercial interests believe
that they own your computer. A fully patched system won't stop them. If they
pop up sneaky windows, telling you that you should download a "small
plugin" so your browser will work on their site, and if you click "Ok", no
patches will help you. Some popups are even sneakier; they ignore your
choice of "No", and install anyway, treating the "No" button click as an
affirmation.

The authors of the Cool Web Search browser hijacker are in an arms race with
the spyware killers. They are trying to stay three steps ahead of the
spyware removers, to make it harder for you to regain control of your
computer. Remember what I said; they want to possess your computer for their
ends. Maybe, if you contact the CWS people, they have recent updates, or may
even be interested in finding out if yours is a new variant that they
haven't seen, yet.

I live in California. I wish that Sen. Liz Figueroa (D-Fremont) would drop
her proposed legislation against Google, for their "Gmail", and pursue
legislation against Cool Web Search type browser hijackers instead. Google
is up front about what they intend to do; more so than Hotmail, or Yahoo!,
which are just as significant in their privacy issues.

Cool Web Search is downright sneaky and malicious. 

-- 
Norman
~Win dain a lotica, En vai tu ri, Si lo ta
~Fin dein a loluca, En dragu a sei lain
~Vi fa-ru les shutai am, En riga-lint