Whew! I'm delighted to hear that things went so well. As I said
earlier, CWShredder once helped me to kill a really tenacious
hijacker. I was very hopeful that it would work for you, too, when I
saw the mention of "searchmeup" in the documentation on the Merijn
site (Merijn is the creator of CWShredder.)
In case you wonder how you may have acquired this unwelcome visitor,
here's some interesting info:
" We are pretty sure now CoolWebSearch is part of a new strain of
trojans that have recently been identified that all have one thing in
common: they install through the ByteVerify exploit in the MS Java VM
and change the IE homepage, search page, search bar, etc. Take a look
at this snippet from the description of the Java.Shinwow trojan:
'This is a growing family of trojans that exploits the
ByteCodeVerifier vulnerability in the Microsoft Virtual Machine to
execute unauthorized code on an affected machine. The variants of this
trojan that we have seen in the wild have been functionally diverse;
the common factor amongst them has been the use of the ByteVerify
exploit to achieve their goals. Some variants may do little more than
change the user's default Internet Explorer home page and/or search
page via modifications to the registry.'
We strongly recommend you install the patch, available from this MS
security bulletin.
Microsoft Technet
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-011.asp
If you have Windows XP with Service Pack 1a, your system has no MS
Java VM. Information on removing the MS Java VM completely and
replacing it with the newer, safer Sun Java VM can be found here.
An a side note, some of the affiliates (Search-Meta has been verified)
use another Java exploit to install their malware. It's classified as
the JS.Exception.Exploit,
Symantec AntiVirus Center
http://www.symantec.com/avcenter/venc/data/js.exception.exploit.html
and a patch can be downloaded from this MS security bulletin.
Microsoft Technet
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms00-075.asp
"
Merijn.com: The CoolWebSearch Chronicles
http://www.merijn.org/cwschronicles.html
Much, much more information on Cool Web Search and its variants
(probably more than you want!) may be found by searching Google using
these keyword strings:
Google Web Seach: "cool web search: + "hijack"
://www.google.com/search?hl=en&ie=UTF-8&oe=UTF-8&q=%22cool+web+search%22+hijack
Google Web Seach: "cool web search: + "variants"
://www.google.com/search?hl=en&ie=UTF-8&oe=UTF-8&q=%22cool+web+search%22+variants
If anything is unclear, or if a link does not function, please request
clarification; I'll be glad to offer further assistance before you
rate my answer.
Best wishes,
pinkfreud |