A CoolWebSearch Sunday

I've been lucky when it comes to computer hygiene. Until yesterday I was happily unaware of the nasty little internet explorer trojan called CoolWebSearch. All this changed when a friend of mine called in a panic saying that he couldn't log onto the internet. He already had spent hours on the phone with both MS and his cable company but had not succeeded in fixing the problem. He said he hated to bother me but wondered if I could take a stab at it. I figured why not.


So I arrive at around 4:00pm Sunday afternoon and am shown the patient, a Dell system running XP. The symptom that was keeping him from accessing the internet was that IE kept crashing as it loaded. I verified that his connection was infact good, and it was, so I figured he must have a corrupt copy of IE. Time for a reinstall I thought. I fired up the control panel and removed IE, rebooted, went back to the control panel and added IE again and rebooted. Same problem.


I started asking my friend what he had installed lately and he mentioned his son who was home from college had been using the computer a lot and may have installed some stuff. This sounded like a infection scenario so I fired up the control panel and started to look through the installed programs looking for something that a teenager might install. I noticed a few odd things and on a whim pressed the link that directed me to the products home page. Surprise, IE loaded and took me to the page. I now clicked on the desktop IE icon and it too loaded. The home page it took me to was a local file on the c drive. I asked my friend why he had this as his home page. He said he didn't and it had just started to appear recently. I opened internet options, and changed the home page to google and rebooted the system.


Feeling less than totally confident I clicked on the desktop IE icon again and it crashed just as before. I had already spent about 45 minutes getting to this point so I decided to install a back door to the internet. I used the trick I had discovered earlier of opening IE through the control panel to downloaded Mozilla 1.6 and installed it on the machine. If I couldn't get IE to work, at least I would be able to get him setup on Mozilla.


Now that I was back on line I figured it should be able to google around and find some more info on the problem. I couldn't find anything exactly that described what I was seeing but I saw enough info on the CoolWebSearch trojan that I figured it was the root cause of the problem. I downloaded two pieces of software:
HijackThis and CWShredder, both from Merijn.org. The instructions called for using CWShredder first from a Safe Mode prompt, rebooting, running HijackThis to remove the registry crap and rebooting again. Thankfully it worked, IE loaded and went to the blank:about page. I reset it to Google, rebooted and all was well.


In the end it took about an hour and a half to diagnose and clean the machine. The initial lack of access to the internet was probably the most frustrating part. In the end, I learned a lot about the current state of tojans and have a new respect for how heinous they can be.



Comments

Post a Comment

Popular posts from this blog

Shark Crackers

The movie Jaws has been a fan favorite for 30 years. A lot has been written about the impact Jaws had on the movie making business and summer swimming habits but there's one aspect of the movie that's seldom been discussed, the impact Jaws had on the image of the saltine cracker. Before Robert Shaw's Quint, a cracker was a bland cake of baked flour only good as a surface to hold peanut butter or cheese, but not after. Quint elevated the cracker into the snack of sailors and shark hunters. What man has not wanted to calmly snap chunks of a cracker while saying the words: Y'all know me. Know how I earn a livin'. I'll catch this bird for you, but it ain't gonna be easy. Bad fish! Not like going down to the pond and chasing bluegills and tommycocks. This shark, swallow you whole. No shakin', no tenderizin', down you go. Much like the Eucharist is a symbol of Christ in the Catholic tradition, in Jaws, the cracker forms the edible representation of the
Read more

Running roughshod or ripshod

A common euphamism for political power abuse is saying someone or organization has ' run ripshod ' through the land. I was going to use the phrase myself the other day when I realized I had no idea what ripshod meant. I searched around and found many other users but no place that could define the word. This started me thinking that perhaps every example I found was just a perpetuation of a common mistake. I tried aother variations on the phrase and finnally hit upon a more common usage: run roughshod. The words roughshod and ripshod don't really sound the same but people use them in the same manner in similar contexts. Does anyone know the proper usage?
Read more

Axis, Axes, Axii?

While writing another post (it will probably follow this one) I needed to pluralize axis. None of the guesses I came up with passed the spell checker so I Googled it. The first hit I got was from a drafting company. (Interesting aside: word order matters in Google more than I realized - searching for "plural axis" didn't get the same dictionary oriented results as "axis plural") According to these folks the answer is: Grammatical Note : The plural of axis is axes. Some radical etymologists insist that the plural form of axis is axii, but that is only if there are three or more; One axis, two axes, three axii. The word axii, however, still doesn’t pass the spell checker, so perhaps getting grammar lessons from a drafting company isn’t such a great idea. More legitimate authorities simply list axes as the plural. If you do visit the above link to drafing company, can you answer me a question, what the heck are those diagrams depicting. I
Read more