William Warren wrote:
not all the variants are that easy..how about doing a google on coolwebsearch..scumware.com has a good writeup as well as spywareinfo.com...the newer variants are not that easy....
I second that. The version I saw required a third party registry editor and booting up into the recovery console from an XP cd (safe mode didn't cut it) just to remove a hidden dll. Had it not been for the forums out there at http://forums.spywareinfo.com and the cwsshredder, which got most, but not all, of the cruft installed by this piece of bastard software, my grandmother's computer would still be popping up those tens of pages of garbage randomly. The authors of these coolwebsearch variants are extremely intelligent programmers with far more understanding of the bowels of the windows platform than your average script kiddies. If you get hit with the version I saw, it's no 10 minute piece of cake. What I don't understand is how exploiting bugs in a program (internet explorer) to install software without the consent or even acknowledgement from the owner/user is legal behavior. To me, it's just like someone abusing a bug in bind, and installing a rootkit, which last time I checked, could end up getting someone in legal troubles. For another hastily-thought-out analogy, it's like someone breaking into your house and reprogramming your cable box to keep changing the channel to the home shopping club every 30 seconds. -Brian