You came here to remove that annoying spyware COOLWEBSEARCH?
We are here to help you!
CoolWebSearch is a name given to a wide range of different browser hijackers. Though the code is very different between variants, they are all used to redirect users to coolwebsearch.com and other sites affiliated with its operators.
After some investigation, we decided that
SpySweeper is
best removal tool for coolwebsearch!
Download
SPYSWEEPER
And get rid of this annoying coolwebsearch !!!
Cool Web Search is a collection of
browser hijackers. They all redirect your browser to coolwebsearch.com and other
sites affiliated with its operators.
What is Cool Web Search and what exactly does it do?
CoolWebSearch is name given to a wide range of different browser hijackers. Cool
web search and their variants are very different in code, but their final result
it the same. They all redirect users to coolwebsearch.com and other sites
affiliated with its operators. CoolWebSearch exists in the following variant
forms.
DataNotary: This is the earliest known cool web search variant, hijacking to
datanotary.com. It drops a CSS stylesheet file in the Windows folder and sets it
to be used as the user stylesheet for all web pages viewed in IE. The stylesheet
includes embedded JavaScript code and tries to guess when the user is viewing
porn sites.
BootConf: This cool web search is similar to DataNotary in the sense that it
also drops a user CSS file in the same way as DataNotary. This file points at
www.coolwebsearch.com. It also hijacks the home page and all search settings to
point to coolwebsearch, and hacks the DNS Hosts file to redirect access of MSN
address-bar search to coolwebsearch.com. A program bootconf.exe is also set in
your machine to run on every startup, resetting the hijack settings. Finally
coolwebsearch.com is added to the Trusted Sites list.
MSInfo: This is another user-CSS-hijacker, but it points to true-counter.com,
which is reported to redirect to global-finder.com.
SvcHost: This cool web search variant is a hosts file hijacker, which works in a
rather unusual way. Its targeted sites (Yahoo Search, MSN Search and all
countries’ versions of Google) are set in the Hosts file to point to ‘localhost’
(127.0.0.1). Since the local host (the computer the browser is running on) is
most often not running a web server in case of user computers, this results in
an error page. It is in this error page that SvcHost does it action. It hijacks
this error page to the CoolWebSearch site slawsearch.com.
DNSRelay: This cool web search is an address bar search hijacker and is
implemented as an IE URL Search Hook. Along with search phrases, entering any
site name into the address bar without a leading ‘http://’ or ‘www’ will result
in a search aimed at activexupdate.com, which is a CoolWebSearch site
redirecting through yellow2.com to allhyperlinks.com.
PnP: This exists in the form of a search hijacker that hides inside the ‘inf’
folder usually used for storing device driver information. Its hijacker file
oemsyspnp.inf is run on each startup, using a slightly different install command
each time. This command cycles through install sections 'RunOnce', 'AudioPnP', 'VideoPnp',
'IdePnP' and 'SysPnP', but it does the same thing regardless of which section is
used, namely hijacking home page and search settings to point at
www.adulthyperlinks.com and www.allhyperlinks.com. It also adds
activexupdate.com to the IE ‘Safe Sites’ list, for unknown purposes (this is not
the same as the Trusted Sites Zone).
MSSPI: MSSPI is a search results hijacker implemented as a Winsock2 Layered
Service Provider (a fairly low-level networking component, which is tricky to
remove). It targets Google, Yahoo and Altavista, opening advertising from
unipages.cc.