CoolWebSearch: How It Works and How to Remove It
CoolWebSearch is one of the most well known pieces of malware for hijacking your browser. It is a browser hijacker that comes in a variety of different versions which all use different techniques. Although the code is different depending upon the version of CoolWebSearch, all versions send sensitive data back to the CoolWebSearch site and all of the other sites that are associated with CoolWebSearch.
How CoolWebSearch Works
Originally, CoolWebSearch only worked with Internet Explorer but now it contains versions that work with Mozilla Firefox.
Some of the different versions perform the following malicious activity:
- Data Notary: This version of CoolWebSearch is designed with a code that attempts to determine when the PC user is viewing pornographic sites by dropping a file into the Windows folder which is set to track all of the websites you visit.
- Boot Conf: This file helps to get CoolWebSearch listed with your antivirus program as a trusted website by dropping a file into your PC that points toward the CoolWebSearch website. It will also hijack your home page and reset all of your search settings to direct your information to its website.
- MSInfo: This works the same way as the Boot Conf file except that it points towards sites that are associated with CoolWebSearch such as true-counter.com and global-finder.com
- Svc Host: This version of CoolWebSearch hijacks your Host file and targets search sites such as Yahoo, Google, and MSN Search which all point to your local hosts file. Your computer acts as the local host for running the browser on these sites and the result of the insertion of the CoolWebSearch file is to create an error page which is hijacked to one of the sites associated with CoolWebSearch.
- Winres: CoolWebSearch/Winres inserts a .dll file which changes your Start page to about-blank which resembles a page in a search engine. The file will change the Start page frequently while adding other sites into your trusted sites and downloading adware such as 2020search.
- PnP: This CoolWebSearch file performs some of the same functions as the Boot Conf file except that it points everything toward a pornographic website
The problem with this type of browser hijacking malware is that it is very tricky to remove depending upon the version that has been installed on your PC. The best route to take with this type of malware is to install a very reputable anti-spyware tool that is designed to get rid of CoolWebSearch files.
Keep in mind that the malware is created by affiliates of CoolWebSearch that abuse the program by redirecting you to information that you did not request.