Hi,
The CoolWebSearch thing is a terrible malware program that hijacks your IE by getting inside it. There are hundreds of variants, but most people have never heard of it until they get to where you’re at. It will redirect webpages and open you up to a whole lot of other stuff. I think you will find it’s the root of your problem, because it will invite hosts of other stuff onto your system once it gets in.
To get rid of CWS, go to this page (http://www.merijn.org/downloads.html) and download CWShredder. Run that program and it should get rid of many of the variants of this malware. If CWShredder has problems loading (or Hijack this) then download the “CoolWWWSearch.Killer Removal Tool” and run it first. This should help shut down any versions of the malware that are preventing CWShredder or Hijack This from running. Then go back and try running CWShredder again.
Three notes:
1.
If you use the net you need a good firewall (like Zone Alarm) to detect when spyware or malware tries to “phone home”. However even the best firewalls will not detect CWShredder as it connects to home, as it integrates itself in Internet Explorer. It uses Java mostly, but I think it may also use Active-X.
To help protect yourself, use the program that Spybot Search and Destroy recommends, SpywareBlaster, which is specifically for Java and Active-X problems in IE and other browsers. Get it from www.javacoolsoftware.com/spywareblaster.html
I immunise my IE, but I only use it when Firefox won’t display a page properly (mostly Active-X related), and then I set my Active-X security levels high.
2.
The CWShredder software is now a bit old and not being updated. I don’t know what is taking its place, but you could try downloading the new antispyware thing from Micro$oft - go to http://www.microsoft.com/athome/security/spyware/software/default.mspx
This program will run and then delete itself (I think) and I read one report that it’s reasonably good, but I have never had the need to run it as I don’t use IE (Firefox is much better in almost all areas, not least security).
3.
If you’re at all serious about having no spyware on your system, then you need to take preventative steps before it happens next time.
I scan and immunise my system regularly using Spybot Search and Destroy, SpywareBlaster and Avast Free Home Version 4. I also use a good firewall (Nvidia’s hardware firewall built into my Motherboard, but if I didn’t have the hardware I’d go back to Zone Alarm) with the security level set high. I don’t let any program phone home without my firewall first telling me about it, and I usually only grant temporary rights to do so. The only things I let permanently access the net are Firefox, Thunderbird (email) and anything related to Avast antivirus (presently ashdisp.exe, ashmaisv.exe, ashserv.exe and ashwebsv.exe). Everything else has to ask permission every time, but in reality it’s not that often.
Also, in your browser, you need to limit some stuff. In IE, this means setting your security levels reasonably high and turning the cookies policy up high (and immunising with Spybot SD and SpywareBlaster). In Firefox thankfully you don’t have to do much beyond the immusing because it’s just more secure. I also turn off cookies, and use an extension called “Permit Cookies”, which allows me to turn on cookies only for the sites I want it for.
I have also set my ISP to get rid of a lot of the SPAM from my inbox, which reduces the risks, but Avast picked up everything email-borne before that anyway. The only difference is that my system doesn’t get as bogged down now, because my ISP’s system does the work. Because I am confident in Avast, I didn’t set the Spam filter that high on the ISP end so I don’t miss any real mail.
I hope this helps.
Rygle.