How to guard from CoolWebSearch spyware and it's variants?

CoolWebSearch is a name given to a wide range of different browser hijackers. Though the code is very different between variants, they are all used to redirect users to and other sites affiliated with its operators. More Information:

The most common symptoms you see are:

CoolWebSearch spyware uses the MS Java VM vulnerability [earlier than builds 3810] and installs itself while visiting some rogue websites.


To guard against CoolWebSearch:

Option 1: If you have MS Java VM [builds earlier than 3810] installed, visit WindowsUpdate page and download the MS Java VM Update [build 3810]

To find the build of MS Java installed in your system, type "jview" [or wjview] in the Command Prompt window to note down the version number.  Anything earlier than 3810 means your system is "Vulnerable"

Determine the MS Java Version:

Option 2: Uninstall MS Java Virtual Machine completely and install Sun's Version of Java

Removal: How can I uninstall the Microsoft Java Virtual Machine from Windows XP?

More Information about the MS Java VM Vulnerability

MS03-011: Flaw in the Microsoft VM Could Enable System Compromise:

What You Should Know About Microsoft Security Bulletin MS03-011: parasite: CoolWebSearch: - CoolWebSearch Chronicles:

For the systems already infected by CoolWebSearch, download the CWShredder from Majorgeeks