What is it???
Cool Web Search is a collection of browser hijackers. They ALL redirect your browser to coolwebsearch.com and other sites affiliated with its operators.
What is Cool Web Search and what exactly does it do???
CoolWebSearch is name given to a wide range of different browser hijackers. Cool web search and their variants are very different in code, but their end result it the same. They ALL redirect users to coolwebsearch.com and other sites affiliated with its operators. CoolWebSearch exists in the following variant forms:
DataNotary:
This is the earliest known cool web search variant, hijacking to datanotary.com. It drops a CSS stylesheet file in the Windows folder and sets it to be used as the user stylesheet for all web pages viewed in IE. The stylesheet includes embedded JavaScript code and tries to guess when the user is viewing porn sites.
BootConf:
This cool web search is similar to DataNotary in the sense that it also drops a user CSS file in the same way as DataNotary. This file points at www.coolwebsearch.com. It also hijacks the home page and all search settings to point to coolwebsearch, and hacks the DNS Hosts file to redirect access of MSN address-bar search to coolwebsearch.com. A program bootconf.exe is also set in your machine to run on every startup, resetting the hijack settings. Finally coolwebsearch.com is added to the Trusted Sites list.
MSInfo:
This is another user-CSS-hijacker, but it points to true-counter.com, which is reported to redirect to global-finder.com.
SvcHost:
This cool web search variant is a hosts file hijacker, which works in a rather unusual way. Its targeted sites (Yahoo Search, MSN Search and all countries?versions of Google) are set in the Hosts file to point to"localhost"(127.0.0.1). Since the local host (the computer the browser is running on) is most often not running a web server in case of user computers, this results in an error page. It is in this error page that SvcHost does it action. It hijacks this error page to the CoolWebSearch site slawsearch.com.
DNSRelay:
This cool web search is an address bar search hijacker and is implemented as an IE URL Search Hook. Along with search phrases, entering any site name into the address bar without a leading"http://" or "www" will result in a search aimed at activexupdate.com, which is a CoolWebSearch site redirecting through yellow2.com to allhyperlinks.com.
PnP:
This exists in the form of a search hijacker that hides inside the "inf" folder usually used for storing device driver information. Its hijacker file oemsyspnp.inf is run on each startup, using a slightly different install command each time. This command cycles through install sections 'RunOnce', 'AudioPnP', 'VideoPnp', 'IdePnP' and 'SysPnP', but it does the same thing regardless of which section is used, namely hijacking home page and search settings to point at www.adulthyperlinks.com and www.allhyperlinks.com. It also adds activexupdate.com to the IE "safe Sites" list, for unknown purposes (this is not the same as the Trusted Sites Zone).
MSSPI:
MSSPI is a search results hijacker implemented as a Winsock2 Layered Service Provider (a fairly low-level networking component, which is tricky to remove). It targets Google, Yahoo and Altavista, opening advertising from unipages.cc.
In other words, when looking for antibiotic information, call your M.D.!!! *G*
Cool Web Search is a collection of browser hijackers. They ALL redirect your browser to coolwebsearch.com and other sites affiliated with its operators.
What is Cool Web Search and what exactly does it do???
CoolWebSearch is name given to a wide range of different browser hijackers. Cool web search and their variants are very different in code, but their end result it the same. They ALL redirect users to coolwebsearch.com and other sites affiliated with its operators. CoolWebSearch exists in the following variant forms:
DataNotary:
This is the earliest known cool web search variant, hijacking to datanotary.com. It drops a CSS stylesheet file in the Windows folder and sets it to be used as the user stylesheet for all web pages viewed in IE. The stylesheet includes embedded JavaScript code and tries to guess when the user is viewing porn sites.
BootConf:
This cool web search is similar to DataNotary in the sense that it also drops a user CSS file in the same way as DataNotary. This file points at www.coolwebsearch.com. It also hijacks the home page and all search settings to point to coolwebsearch, and hacks the DNS Hosts file to redirect access of MSN address-bar search to coolwebsearch.com. A program bootconf.exe is also set in your machine to run on every startup, resetting the hijack settings. Finally coolwebsearch.com is added to the Trusted Sites list.
MSInfo:
This is another user-CSS-hijacker, but it points to true-counter.com, which is reported to redirect to global-finder.com.
SvcHost:
This cool web search variant is a hosts file hijacker, which works in a rather unusual way. Its targeted sites (Yahoo Search, MSN Search and all countries?versions of Google) are set in the Hosts file to point to"localhost"(127.0.0.1). Since the local host (the computer the browser is running on) is most often not running a web server in case of user computers, this results in an error page. It is in this error page that SvcHost does it action. It hijacks this error page to the CoolWebSearch site slawsearch.com.
DNSRelay:
This cool web search is an address bar search hijacker and is implemented as an IE URL Search Hook. Along with search phrases, entering any site name into the address bar without a leading"http://" or "www" will result in a search aimed at activexupdate.com, which is a CoolWebSearch site redirecting through yellow2.com to allhyperlinks.com.
PnP:
This exists in the form of a search hijacker that hides inside the "inf" folder usually used for storing device driver information. Its hijacker file oemsyspnp.inf is run on each startup, using a slightly different install command each time. This command cycles through install sections 'RunOnce', 'AudioPnP', 'VideoPnp', 'IdePnP' and 'SysPnP', but it does the same thing regardless of which section is used, namely hijacking home page and search settings to point at www.adulthyperlinks.com and www.allhyperlinks.com. It also adds activexupdate.com to the IE "safe Sites" list, for unknown purposes (this is not the same as the Trusted Sites Zone).
MSSPI:
MSSPI is a search results hijacker implemented as a Winsock2 Layered Service Provider (a fairly low-level networking component, which is tricky to remove). It targets Google, Yahoo and Altavista, opening advertising from unipages.cc.
In other words, when looking for antibiotic information, call your M.D.!!! *G*
