Bienvenido! - Willkommen! - Welcome!

Bitácora Técnica de Tux&Cía., Santa Cruz de la Sierra, BO
Bitácora Central: Tux&Cía.
Bitácora de Información Avanzada: Tux&Cía.-Información
May the source be with you!

Friday, October 10, 2008

CoolWebSearch trojan & CWShredder

Source
Several variants of the CoolWebSearch trojan are overwriting Windows system files
with copies of the trojan itself, reinstalling it whenever this infected file is called by Windows.
----------------------
Trend Micro™ CWShredder™ is the premier tool to find and remove traces of CoolWebSearch – the name for a wide range of insidious browser hijackers– from your PC.

CWShredder removes these browser hijackers.

CoolWebSearch installs dozens of bookmarks–mostly to porn Web sites–on your desktop, changes your home page without asking, and continually changes it back if you attempt to correct it. Furthermore, it significantly slows down the performance of your PC, and introduces modifications which cause Microsoft Windows™ to freeze, crash or randomly reboot.

Release Date
CWShredder is regularly updated to address variants as they emerge. * Current Release: November 2005.Version 2.19Supported Operating Systems
Microsoft™ Windows™ XP/2000/Me/98 SE

Remove-cws

CWShredder detects and removes these infected copies. You can download the files replaced by the trojan here, if the version for your Windows version is available. Note that these are all for US-English Windows versions.

If the file is not available for your Windows version, you can always restore it from your Windows Setup CD!

A mirror of the files on this page is available at:OfficeFive.org.uk

Note: The files available for download on this page are taken from US English versions of Windows (unless noted otherwise). If you have a Windows version in any other language, you should not use these files.

Contents Files available:
Note: if you have a version of the file not listed here, please be so kind as to send it to me. Thanks!
Windows XP:
Download the copy for your Windows version and unzip it first into the folder C:\WINDOWS\System32\dllcache(overwriting any existing copy), then into the folder it needs to go for your Windows version.

sdhelper.dll

Located in:
C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
(depending on where Spybot S&D is installed)
Deleted by: Iefeadsl browser hijacker strain.
Purpose: Spybot S&D resident IE protection, bad download blocker (BHO).
Symptoms: Spybot S&D IE protection not working properly.

Get the file:

No comments: