CoolWebSearch virus description
Technical details:
Categories: Hijacker,BHO,Toolbar,Popups
CoolWebSearch Files:
[%PROGRAM_FILES_COMMON%]\svchost.exe
[%SYSTEM%]\inetsrv.exe
[%WINDOWS%]\iedll.exe
[%WINDOWS%]\svchost.exe
[%WINDOWS%]\TEMP\win1D24.tmp.exe
[%WINDOWS%]\TEMP\win28B8.tmp.exe
[%WINDOWS%]\TEMP\win35D.tmp.exe
[%WINDOWS%]\TEMP\win3842.tmp.exe
[%WINDOWS%]\TEMP\win52ED.tmp.exe
[%WINDOWS%]\TEMP\win7C0D.tmp.exe
[%WINDOWS%]\TEMP\win??.tmp.exe
[%WINDOWS%]\TEMP\winBFA5.tmp.exe
[%WINDOWS%]\TEMP\winC02.tmp.exe
[%WINDOWS%]\TEMP\winD43.tmp.exe
[%WINDOWS%]\TEMP\winD58.tmp.exe
[%WINDOWS%]\Temp\winF.tmp.exe
[%PROGRAM_FILES_COMMON%]\svchost.exe
[%SYSTEM%]\inetsrv.exe
[%WINDOWS%]\iedll.exe
[%WINDOWS%]\svchost.exe
[%WINDOWS%]\TEMP\win1D24.tmp.exe
[%WINDOWS%]\TEMP\win28B8.tmp.exe
[%WINDOWS%]\TEMP\win35D.tmp.exe
[%WINDOWS%]\TEMP\win3842.tmp.exe
[%WINDOWS%]\TEMP\win52ED.tmp.exe
[%WINDOWS%]\TEMP\win7C0D.tmp.exe
[%WINDOWS%]\TEMP\win??.tmp.exe
[%WINDOWS%]\TEMP\winBFA5.tmp.exe
[%WINDOWS%]\TEMP\winC02.tmp.exe
[%WINDOWS%]\TEMP\winD43.tmp.exe
[%WINDOWS%]\TEMP\winD58.tmp.exe
[%WINDOWS%]\Temp\winF.tmp.exe
CoolWebSearch Registry Keys:
HKEY_CLASSES_ROOT\Interface\{95B92D92-8B7D-4A19-A3F1-43113B4DBCAF}
HKEY_CLASSES_ROOT\TypeLib\{5297E905-1DFB-4A9C-9871-A4F95FD58945}
HKEY_CURRENT_USER\Software\SerG
CoolWebSearch Registry Values:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
CoolWebSearch indications of infection
This symptoms of CoolWebSearch detection are the files, registry, and network communication referenced in the technical details section.
Method of Infection
Trojans do not self-replicate. They are spread manually, often under the premise that the executable is something beneficial.Distribution channels include IRC, peer-to-peer networks, newsgroup postings, e-mail, etc.
Buy
Exterminate-It antivirus software and perform a full scan of the computer.
You can also
Download Free Trial Version of ExterminateIt! to check your your computer just NOW.
Also Be Aware of the Following Threats:
TrojanDropper.Win32.MultiJoiner Trojan Symptoms
SillyDl.CBD Trojan Removal
Trojan.Downloader.Win32.Miewer Downloader Cleaner
VBS.Format Trojan Removal instruction