Remove CoolWebSearchRemove CoolWebSearch How to remove and uninstalling CoolWebSearch Browser Hijacker.How to Uninstall CoolWebSearch and Safely Remove it from your computer. |
|
What is CoolWebSearch and how to remove this spyware CoolWebSearch is the most widely known and the most annoying browser hijacker. It distributes itself by exploiting security holes in older or unpatched version of Microsoft Internet Explorer. It has many variants (see Variants), each of them with its own performance and actions. This spyware has lots of variants: CWS.AddClass CWS.AFF.IEDLL CWS.AFF.MadFinder CWS.AFF.WinShow CWS.AlFaSearch CWS.Bootconf CWS.Ctfmon32 CWS.DataNotary CWS.DNSRelay CWS.DReplace CWS.Dwinf CWS.GoogleMS CWS.IEFeats CWS.LoadBAT CWS.MSConfd CWS.MSInfo CWS.MSOffice CWS.Msspi CWS.MSwsc10 CWS.MUpdate CWS.OEMSysPNP CWS.OSLogo CWS.QTTasks CWS.Svchost32 CWS.Svcinit CWS.TapiCFG CWS.TheRealSearch CWS.Vrape CWS.XPlugin How to remove CoolWebSearch - Remove CoolWebSearch Instructions DataNotary, BootConf, MSInfo variants For these variants, start by opening Tools->Internet Options->Accessibility and make sure the 'user style sheet' option is turned off. You should then be able to delete the user stylesheet from the Windows folder. With DataNotary it is called 'default.css'; with MSInfo it is called 'oslogo.bmp'; with Bootconf it may be either. MSInfo variant onlyNext, open the file 'win.ini' from the Windows folder in a text editor. Delete the line ¡°run=C:\WINDOWS\..\PROGRA~1\COMMON~1\MICROS~1\MSINFO\msinfo.exe¡± and save. (This line may change a little on different systems, but will always point to msinfo.exe.) Delete the 'MSInfo' folder inside 'Common Files' in the 'Program Files' folder. BootConf, SvcHost variantsNext, open the registry (Start->Run->regedit), find the key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run, and delete the bootconf.exe or svchost.exe entry. You can then delete the bootconf.exe or svchost32.exe file from the System folder (which is inside the Windows folder, and called 'System32' on Windows NT/2000/XP) BootConf, SvcHost, MSInfo variantsFrom the System folder, open the drivers->etc folders and find the file named 'HOSTS', with no extension. Either edit it to remove the hijacker entries, or simply delete the file. PnP variantOpen the registry (Start->Run->regedit) and find the key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run. Delete the 'SysPnP' entry, and the 'oemsysinf.pnp' file from the 'inf' folder (which is inside the Windows folder). MSSPI variantRemoving a Layered Service Provider by hand is tricky and if you get it wrong you'll lose your internet connection. If you really want to try, open the registry key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\WinSock2 \Parameters\Protocol_Catalog9\Catalog_Entries, delete the subkeys starting with the path of msspi.dll, renumber the remaining subkeys, and set the Num_Catalog_Entries value in the Protocol_Catalog9 key to match the highest numbered subkey left. Normally it is better to get a program (eg. CWShredder, HijackThis or LSPFix to remove an LSP for you. Having done that, open the registry and check the key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run for an 'msupdate' entry; delete it if you find it. Restart the computer and you should be to delete msspi.dll in the System folder (which is inside the Windows folder, and called 'System32' on Windows NT/2000/XP), along with msupdate.exe if you have it. DNSRelay variantOpen a DOS command prompt window (from Start->Programs->Accessories) and enter the following commands: cd "%WinDir%\System"regsvr32 /u dnsrelay.dll Restart and you should be able to delete the file 'dnsrelay.dll' in the System folder (which is inside the Windows folder, and called 'System32' on Windows NT/2000/XP). All variantsAfter having removed the software, use Internet Options->Programs->Reset Web Settings to remove the bogus home page and search settings. |
|
|
| ©Copyright 2005-2008 Free Spyware Removal All Rights Reserved |