CWShredder author calls it quits. Just one more reason to avoid using Internet Explorer.

If you’re a PC Technician then chances are you’re very familiar with the CoolWebSearch browser hijacker and how hard it can be to rid a system of. Having CWS on your system is a lesson in pain as it will fill your system with bookmarks to porn sites, adds it’s toolbar to IE without asking your permission, changes your homepage back to CoolWebSearch even if you change it to something else, plus it slows down and destabilizes your PC in general. If I had a dime for every problem system that turned out to have CWS on it I’d be pretty damned wealthy by now.

One of the most useful tools for accomplishing this has been CWShredder from Merijn Bellekom who created the program as a means of automatically removing CWS in all its variants from your system with just the click of your mouse. His little program has saved me from having to restage many a PC in the past, but now we get the bad news that Merijn is giving up the fight as it’s just too much for him to keep up with:

Bellekom has just released the latest version of his CWShredder (1.59), the only antidote to the trojan, but warns that his app won’t be updated again: “I have a few bugs to fix, but after that there’s not much left to do. I simply do not have the tools to remove the latest variants. They are too aggressive or too complicated to allow for automated removal.”

He has tracked CWS and its modifications ever since it first appeared last summer, claiming that it is “the most complex, invisible and devious hijacker” ever programmed. He is not joking: We run afoul of CWS not too long ago and the only way to remove the sucker was to replace the entire Windows Registry with a previous version. Even MSIE 6 Service Pack 2 (beta) couldn’t provide any protection.

The first modifications weren’t even identified as such, according to Bellekom. Users began to report significant slowdowns when they typed messages into text boxes. Merijn believes CoolWebSearch is part of a new strain of trojans that install through the ByteVerify exploit in the MS Java Virtual Machine.

Fighting CoolWebSearch has become a daunting task. The criminals behind it often engage in Distributed Denial of Service (DDoS) attacks against sites that host CWShredder. Some variants try to cripple CWShredder and other spyware removal tools. New versions of CWS are released almost every few weeks. Bellekom’s chronicle of variants pretty much reads like a horror story. Merijn calls the latest variants “a living hell”.

Others are already volunteering to continue work on CWShredder if Bellekom is willing to release the source code, but no word yet on if that’s going to happen. Considering how rapidly new versions of CWS appear it’ll be a dark day if CWShredder dies off and no one picks up the torch. Combine this with news of the latest IE vulnerability reported the other day, let alone all the ones from the past, and it’s clearly getting to a point that using IE for browsing the web is just plain dumb. I haven’t gotten around to installing Mozilla Firefox on Anne or Courtney’s machine, but I’m quickly running out of excuses not to.


21 thoughts on “CWShredder author calls it quits. Just one more reason to avoid using Internet Explorer.

  1. If I read the text in the concluding dialog box of CWShredder (and on the Merijn webpage itself) correctly, the problem here is only for folks who haven’t patched their MS VM machine since the key vulnerability was identified (and patched) April 2003 (the ByteVerifier patch).

    I’m not sure it’s appropriate for MS to taken to task now for folks who haven’t patched something that’s been a known danger for over a year.  (Certainly there are plenty of other things to take them to task about, to be sure.)

  2. I generally don’t mess with the girlfriend’s computer (unless she specifically asks me to);  since it’s got anti-virus, pop-up blocker and firewall installed.  But tonight, I think I’ll definitely be kicking her off of it, installing Firefox and hiding every trace of IE from her that I can.

    captcha = world

  3. I personally don’t use CWshredder anymore.  I boot into safe mode, go into view and unhide everything possible, and then start searching for executables that have installed in the past week/month.  If you kill off weird .exe, .dll, .com and .bat files, you’ll kill almost all hijackers.  (Very important to unhide protected system files first, though.)

    Then start up in normal mode, go into IE options BEFORE starting IE, fix the startup page, and you’re good to go.

    I’ve managed to kill off everything using this method.

  4. The handwriting has been on the wall for a while and I finally got off my lazy but and installed FireFox today. Are there any ‘must have’  add-ins that I need to get? 

    Thanks Bill for making me yearn for the days of ‘Geoworks Ensemble’.

    captcha = ‘policy’  haha IE could use some

  5. I’d say the #1 must have for Mozilla/Firefox would be Adblock.  It’s so nice to surf the web without ads & pop-ups.  😀

    Some of the other add-ons that I like are:
    Enigmail (e-mail add-on, so Mozilla or maybe Thunderbird but not Firefox)

    Other than that, it kind of depends on what you want.  Check the Active Project page for more add-ons than you can shake a stick at.

    captcha = “then”

  6. I installed Firefox about a week ago and I am having a bit of difficulty installing java for it.  I have tried the methods described on one of the help sites except for installing the ‘unoficial’ installer.  I actually downloaded NSIS but I have no clue how to write an install script for it.

    Can anybody tell me how install java for Firefox?  All help is greatly appreciated.

  7. Ok, big hint to prevent popups, etc for IE. Now, this =DOES= disable the functionality for certain websites filled with extra garbage no one really needs, but the webmaster insisted on putting in…

    Under the Security Tab in Internet Options, click on Custom Level, disable all Active X, disable scripting and disable Java Scripting. Hit OK, then restart the browser. This kills any and all popups, alot of redirects, and all of those nasty ad scripts built into the urls and page code. Now, remember, you have to turn on all 3 to access the Windows Update website.

  8. That’s the paradox of IE: to make it “safe” you have to disable the very features that allow Windoze update to work, which is essential to keeping a safe system.  Geeks will go through disable/enable/re-enable but most users will not, resulting in less safety on networks.  Gee!

    Windows update is the only thing I use IE for.  Everything else: Mozilla.  Only a little bit because of its improved safety, but mostly because I’m really addicted to tabbed browsing – and blocking popups is as simple as clicking “block unrequested popups.”

    Capcha: “average” – as in the kind of user applications have to take into consideration.

  9. Oh I totally agree, right now I am using IE to view this site though as I have just completed a fresh format and reinstall of the OS and was too lazy to install Mozilla again right now. But of course it will be on my system again shortly as I also love tabbed browsing and the faster response times of page loading, etc.

    An excellent tool for tweaking Windoze XP that I recommend is TweakXP Pro by Totalidea Software, tons of CPU, File System, OS, IE, Outlook and Outlook Express, etc tweaks for the average and pro user. I happily customized my IE browser bar to say Internet Explorer Sucks instead of the normal boring title smile

  10. I can customize the browser bar with TweakXP Pro?  (Voice of Will Smith from Independence Day) “Man, I have GOT to get me one of these!”

    Browser bar: “Internet Explorer Malware Platform”

  11. DOF, if you want to change the titlebar in IE you could just hack the registry:

      Using Registry Editor, add a String value named Window Title to the following key in the registry:

      HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main

      The data value is the title you want to appear on the Internet Explorer window.

  12. Wow! I’m as shocked as you are. grin

    Next thing you know they’ll be advising folks to play more video games.

  13. And they should, since it is scientific fact that video games improve reasoning abilities, quick thinking, and hand-eye coordination. Viva la games!

    On a side note, yes, you can do the registry hack, but why bother doing only one thing when you can use a nice program to do it for you, and do all kinds of other neat things too smile

  14. America’s Army!  *gag*

    (me coughs up something far too nasty to swallow and then spits it under the nearest patch of shrubbery)

    Leave it to the military to take something as pure and delightful as the Unreal engine, that sublime source of adrenaline jitter fast-twitch fragfest fantasy, and transform it into an overly realistic recruiting tool.

    If you can’t “reach out and touch” someone with the laser gun, then switch to the mini to finish them off, well. . .  what’s the point of playing?

    If the military really wanted to recruit me, they’d have to institute “force respawn” on all their servers.

  15. Yes, but everyone knows that game is just a cheap recruitment toy for the meatgrinder known as the US Army wink

    I bet it wasn’t cheap – you and I probably paid top dollar for it.  Sleazy, yes; underhanded and cynical; absolutely.  But not cheap.  ($100 for a toilet seat – how much to develop a video game?)

    JYNXD, I agree about using a program instead of the registry hack – I’m just clumsy enough to make editing the registry for entertainment inadvisable.

    Capcha: “usually” as in I’m usually clumsy but do have occasional moments of apparent brilliance.

  16. Yeah, I know what you mean about being clumsy, although I do tend to manually edit my registry with wild abandon when I learn of a new tweak or hack that isn’t already covered by a program smile

    On a side note, I happen to use Protowall, The Blocklist Manager, Peerguardian, Spybot S&D 1.3, Ad-Aware Pro 1.81, AVG, and Spyware Blaster to great effect at prefenting malware like CWS from even getting on my computer to begin with. Script Sentry from Gibson Research is another very handy tool that prevents browser based scripts from executing and making changes to your browser among other things.

  17. Gah, I misspelled preventing, now I must perish in the limbo of poor spelling Purgatory :/ This is what I get for typing after I have just woken up smile

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.