Gday all,
A friend contacted me yesterday explaining that his Internet Explorer had been hijacked after one of his flatmates visited a website and sadly clicked YES when prompted by a popup window. His computer is now over-run with "search portal hijack" and "coolwebsearch".
What does this do?
Basically it hijacks your internet explorer so that the cool web search portal becomes your homepage. You can change your homepage, and coolwebsearch will change it back.
Also it launches Internet Explorer on start-up to run iexplore.exe in the background regardless of wether you have an internet explorer window open or not. You can kill iexplore.exe through your task manager and it will restart itself so that as soon as you kill the process, another iexplore.exe appears in the task manager processes window, scant seconds later.
Spyware removal software will detect and remove both coolwebsearch and search portal hijack, but if you run another scan straight after removing them, one or both will have returned immediately.
You can remove all traces of Internet Explorer in the registry, and coolwebsearch will reinstate it scant seconds after you remove it.
Has anyone else encountered this hijacking software? If so how did you remove it SAFELY from the system?
I am aware of a program called CWSshredder which supposedly removes it, but I'm interested in other opinions before implementing that option...
cheers
