How to Remove CoolWebSearch

Posted on July 13, 2011 by

Before we remove CoolWebSearch let’s find out a bit more about this very common piece of malware.

CoolWebSearch has to be one of the most infamous pieces of malware around, currently there are around 60 variants of it which cause numerous effects when it successfully infects your computer.

About
Its payload usually consists of changing your browsers home page, creating popups which bypass many popup blockers, redirecting your browser search, you type in a search subject or location and it will take you to a completely difference website which could be anything from just an advertising page through to porn sites.

As mentioned above there are around 60 variants and that list if growing, the common factor being ever that each one begins with CWS.

How does it get installed?
Much of the time it’s when visiting seemingly innocent websites a chosen web pages attempts to automatically install the CWS. File, if the browser security is too low then the CoolWebSearch variant downloads and installs in a few seconds

How to remove CoolWebSearch
CoolWebSearch is one of the newer generations of malware and as such it can change system security settings to enable it to hide, avoiding detection and removal.

There are a number of manual methods to remove CoolWebSearch but as it has so many variants; makes multiple registry changes and creates files on your hard drive it’s preferable to use a reliable Antimalware application when removing CoolWebSearch, if you still wish to attempt manual removal see below

Good Malware protection which can remove CoolWebSearch all offer free versions.

  • Malwarebytes
  • Spybot search and destroy
  • Spyware doctor

Removing CoolWebSearch manually
From the Start Run menu type – Win.ini – now when the file opens look for the line

C:\Program Files\Common Files\Microsoft Shared\MSInfo\MSInfo.exe delete the line if it exists

(when editing your computers registry make sure you create a backup first)

Run Regedit – drill down to HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun and delete bootconf.exe

Next edit the HOSTS file – C:\Windows\system32\drivers\etc\hosts – the file can be edited using notepad – remove CoolWebSearch or CWS entries if they exist.

If you manually remove CoolWebSearch entries it is still advisable to run a complete Antimalware search afterwards with some type of Antimalware as above.

Before deleting all system restore points make sure your computer is running ok

In addition to this your computers restore point may still contain malware so also if your computer was infected when the restore point was created – so delete all restore points – to do this go to Control Panel – System – System Restore tab – then select Turn off System Restore – it will then warn you that all existing system restore points will be deleted – select yes and then the wait for a minute or so until finished

After un-tick Turn off System Restore  – click ok for it to start functioning again.

computer adviser remove coolwebsearch article

Related content:

  1. Security Virus Information and Removal
  2. JS-Downloader-BNL – Analysis & Removal
  3. Is your Safari Hijacked ? Not sure ?
  4. IE Hijacked ? How to Fix
  5. Firefox Hijacked Problems and Fixes
  6. How to Remove a Virus
  7. Cannot Uninstall an Application?
  8. Windows Restore Without a Disk

Posted in Spyware & Viruses | No Comments »
Tagged:

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>