If you’re a PC Technician then chances are you’re very familiar with the CoolWebSearch browser hijacker and how hard it can be to rid a system of. Having CWS on your system is a lesson in pain as it will fill your system with bookmarks to porn sites, adds it’s toolbar to IE without asking your permission, changes your homepage back to CoolWebSearch even if you change it to something else, plus it slows down and destabilizes your PC in general. If I had a dime for every problem system that turned out to have CWS on it I’d be pretty damned wealthy by now.
One of the most useful tools for accomplishing this has been CWShredder from Merijn Bellekom who created the program as a means of automatically removing CWS in all its variants from your system with just the click of your mouse. His little program has saved me from having to restage many a PC in the past, but now we get the bad news that Merijn is giving up the fight as it’s just too much for him to keep up with:
Bellekom has just released the latest version of his CWShredder (1.59), the only antidote to the trojan, but warns that his app won’t be updated again: “I have a few bugs to fix, but after that there’s not much left to do. I simply do not have the tools to remove the latest variants. They are too aggressive or too complicated to allow for automated removal.”
He has tracked CWS and its modifications ever since it first appeared last summer, claiming that it is “the most complex, invisible and devious hijacker” ever programmed. He is not joking: We run afoul of CWS not too long ago and the only way to remove the sucker was to replace the entire Windows Registry with a previous version. Even MSIE 6 Service Pack 2 (beta) couldn’t provide any protection.
The first modifications weren’t even identified as such, according to Bellekom. Users began to report significant slowdowns when they typed messages into text boxes. Merijn believes CoolWebSearch is part of a new strain of trojans that install through the ByteVerify exploit in the MS Java Virtual Machine.
Fighting CoolWebSearch has become a daunting task. The criminals behind it often engage in Distributed Denial of Service (DDoS) attacks against sites that host CWShredder. Some variants try to cripple CWShredder and other spyware removal tools. New versions of CWS are released almost every few weeks. Bellekom’s chronicle of variants pretty much reads like a horror story. Merijn calls the latest variants “a living hell”.
Others are already volunteering to continue work on CWShredder if Bellekom is willing to release the source code, but no word yet on if that’s going to happen. Considering how rapidly new versions of CWS appear it’ll be a dark day if CWShredder dies off and no one picks up the torch. Combine this with news of the latest IE vulnerability reported the other day, let alone all the ones from the past, and it’s clearly getting to a point that using IE for browsing the web is just plain dumb. I haven’t gotten around to installing Mozilla Firefox on Anne or Courtney’s machine, but I’m quickly running out of excuses not to.