How to guard from CoolWebSearch spyware and it's variants?


CoolWebSearch is a name given to a wide range of different browser hijackers. Though the code is very different between variants, they are all used to redirect users to coolwebsearch.com and other sites affiliated with its operators. More Information: http://www.doxdesk.com/parasite/CoolWebSearch.html

The most common symptoms you see are:

CoolWebSearch spyware uses the MS Java VM vulnerability [earlier than builds 3810] and installs itself while visiting some rogue websites.

PROTECT THE SYSTEM

To guard against CoolWebSearch:

Option 1: If you have MS Java VM [builds earlier than 3810] installed, visit WindowsUpdate page and download the MS Java VM Update [build 3810]

To find the build of MS Java installed in your system, type "jview" [or wjview] in the Command Prompt window to note down the version number.  Anything earlier than 3810 means your system is "Vulnerable"

Determine the MS Java Version:
http://www.microsoft.com/security/security_bulletins/ms03-011.asp

Option 2: Uninstall MS Java Virtual Machine completely and install Sun's Version of Java

Removal: How can I uninstall the Microsoft Java Virtual Machine from Windows XP?

More Information about the MS Java VM Vulnerability

MS03-011: Flaw in the Microsoft VM Could Enable System Compromise:
http://support.microsoft.com/?kbid=816093

What You Should Know About Microsoft Security Bulletin MS03-011:
http://www.microsoft.com/security/security_bulletins/ms03-011.asp

Doxdesk.com: parasite: CoolWebSearch:
http://www.doxdesk.com/parasite/CoolWebSearch.html

Merijn.org: - CoolWebSearch Chronicles:
http://www.merijn.org/cwschronicles.html

For the systems already infected by CoolWebSearch, download the CWShredder from Majorgeeks