CoolWebSearch

Posted: April 10, 2005

Threat Metric

The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to give every identifiable malware threat. Our Threat Meter includes several criteria based off of specific malware threats to value their severity, reach and volume. The Threat Meter is able to give you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count, Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic breakdown of how all threats are ranked within our own extensive malware database. The scoring for each specific malware threat can be easily compared to other emerging threats to draw a contrast in its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to remove a threat or pursue additional analytical research for all types of computer users.

The following fields listed on the Threat Meter containing a specific value, are explained in detail below:

Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.

Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.

Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.

Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.

% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.

Ranking:	11,515
Threat Level:	5/10
Infected PCs:	3,110

First Seen:	July 24, 2009
Last Seen:	October 14, 2023
OS(es) Affected:	Windows

CoolWebSearch is a browser hijacker that redirects your Web browser to the site by the same name, CoolWebSearch.com. The CoolWebSearch website is designed with the looks of a search engine in mind, but results acquired through the CoolWebSearch website are sponsored advertisements – as opposed to organic search results that are relevant to your search terms. With CoolWebSearch being a sufficiently notorious browser hijacker to merit the development of software designed solely to remove CoolWebSearch, alongside generalized anti-malware products, there should be no question that removing CoolWebSearch as soon after seeing its browser redirects as possible is the right decision to make.

A Search Engine with a Very Uncool History Behind It

CoolWebSearch is among the most famous browser hijackers, with an obvious business model that uses hijacks to force visitors towards advertising affiliates. Run by the same company responsible for such Web-browsing nuisances as Zwinky and SmileyCentral, CoolWebSearch is most identifiable by trying to redirect your searches or homepage to CoolWebSearch.com. The advertisement links are disguised as search results. However, CoolWebSearch also may have other effects on your PC, of which malware experts consider the most important to be:

Loading pop-up content, particularly (but not exclusively) content related to adult websites.
Gathering basic information about your Web-browsing habits.
Slowing your browser or causing other browser-related performance problems.

Although CoolWebSearch (sometimes abbreviated as CWS) sometimes is referred to as spyware, malware experts currently classify CoolWebSearch as an adware/browser hijacker. Early identifications for CoolWebSearch (including those from normally-accurate PC security companies like Microsoft) often categorized CoolWebSearch as spyware, but there isn't any evidence of CoolWebSearch being used to steal passwords or any other confidential information from its victims.

Freezing CoolWebSearch out of Your Browser

With CoolWebSearch having no observable advantages for your browser, malware experts have zero problems in encouraging the quick deletion of CoolWebSearch through any trusted anti-malware tools that happen to be on hand. The CoolWebSearch adware may hinder browser security features or redirect you to third party partners with unreliable intentions. Although CoolWebSearch originally was suspected to be specific to Internet Explorer, evidence of variants of CoolWebSearch compatible with other Web browsers, including Chrome and Firefox, has been confirmed.

CoolWebSearch installations may come from any number of sources, but malware researchers have particularly pointed out its occasional use of fake Microsoft updates. Updating your software from a source that isn't official or completely trustworthy continues to be a fast track towards endangering your PC, and you may even consider yourself lucky if a browser hijacker like CoolWebSearch is the worst thing that you get from such habits.

www.CoolWebSearch.com

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:

uc1362.exe

File name: uc1362.exe
Size: 6.65 KB (6656 bytes)
MD5: 4976bb48a9f2fa8eb7a19f46b797c312
Detection count: 83
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: January 10, 2022

javaef.dll

File name: javaef.dll
Size: 87.6 KB (87604 bytes)
MD5: 949deaf6bced3ec6ac2bffcbb549ad1a
Detection count: 82
File type: Dynamic link library
Mime Type: unknown/dll
Group: Malware file
Last Updated: December 11, 2009

1tcdhfwx.exe, 26vks59f.exe, aiqkawmm.exe, du7nptd8.exe, fpxbnng9.exe, jbf4azag.exe, kn1k9r57.exe, pl7srsn5.exe, rhu3smep.exe, xyawckzp.exe, aimee2[2].exe

File name: 1tcdhfwx.exe, 26vks59f.exe, aiqkawmm.exe, du7nptd8.exe, fpxbnng9.exe, jbf4azag.exe, kn1k9r57.exe, pl7srsn5.exe, rhu3smep.exe, xyawckzp.exe, aimee2[2].exe
Size: 15.97 KB (15976 bytes)
MD5: 46dae5962f0ef360161e672299473f2c
Detection count: 72
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: December 11, 2009

y.exe

File name: y.exe
Size: 15.36 KB (15360 bytes)
MD5: cce97f3359c4dd28345436e0a5b4a543
Detection count: 52
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: December 11, 2009

svchost.exe

File name: svchost.exe
Size: 700.41 KB (700416 bytes)
MD5: 30f792c0af69801584462a0bb85928f0
Detection count: 50
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: December 11, 2009

funniest.exe

File name: funniest.exe
Size: 17.4 KB (17408 bytes)
MD5: 2f2ce1eba638136042b6bd9bef9ad634
Detection count: 46
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: December 11, 2009

time.exe

File name: time.exe
Size: 30.2 KB (30208 bytes)
MD5: e8f70c8a1f9b78232187855eb709fe7b
Detection count: 45
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: December 11, 2009

win32e.exe

File name: win32e.exe
Size: 25.85 KB (25856 bytes)
MD5: 7607f53286d88c8816ccc6822e4a0e5f
Detection count: 44
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: December 11, 2009

loader.exe

File name: loader.exe
Size: 12.03 KB (12032 bytes)
MD5: 02c588d40bc0e511690f1cfa7f8047dd
Detection count: 42
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: December 11, 2009

internet.exe

File name: internet.exe
Size: 10.24 KB (10240 bytes)
MD5: 3ded54edea9488b3177c3c8981dbd01c
Detection count: 40
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: December 11, 2009

svcinit.exe

File name: svcinit.exe
Size: 16.89 KB (16896 bytes)
MD5: 312544f9eae93d1e80258267137d4a31
Detection count: 36
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: December 11, 2009

msupdate.exe

File name: msupdate.exe
Size: 29.18 KB (29184 bytes)
MD5: 829881bd2981178ccdcf945f0a3d0c30
Detection count: 35
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: December 11, 2009

waol.exe

File name: waol.exe
Size: 20.99 KB (20992 bytes)
MD5: d5b080ea4a1c219bffcb6a5e5d94e35e
Detection count: 34
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: December 11, 2009

svchost32.exe

File name: svchost32.exe
Size: 29.95 KB (29952 bytes)
MD5: 95d8d1f08b7f88f1e61616790d4055b6
Detection count: 32
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: December 11, 2009

qttasks.exe

File name: qttasks.exe
Size: 8.7 KB (8704 bytes)
MD5: bf3cf36a72cf27a64f21cbf9134f6ed4
Detection count: 31
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: December 11, 2009

accesss.exe

File name: accesss.exe
Size: 8.7 KB (8704 bytes)
MD5: deda65303ef2f2ce3bc625c1cbad1ce5
Detection count: 25
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: December 11, 2009

rsysinit.exe

File name: rsysinit.exe
Size: 1.26 KB (1267 bytes)
MD5: 41d7bbec3b2bc56a523523397978da6e
Detection count: 21
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: January 10, 2022

iexplorer.exe

File name: iexplorer.exe
Size: 32 KB (32000 bytes)
MD5: ac61b50419f874260a67c85acd8ea8ca
Detection count: 16
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: December 11, 2009

editpad.exe

File name: editpad.exe
Size: 13.31 KB (13312 bytes)
MD5: f176fa7a43cfaa9fdeb798b8c746f9d0
Detection count: 13
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: December 11, 2009

third love.exe

File name: third love.exe
Size: 7.83 MB (7831040 bytes)
MD5: 14c3db0f7ed243bb5353b4b855e6de98
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: December 11, 2009

sp.exe, spr[1].exe

File name: sp.exe, spr[1].exe
Size: 71.62 KB (71620 bytes)
MD5: 3da9e7dd50a1491924fa26c5286f8f90
Detection count: 1
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: December 11, 2009

Registry Modifications

The following newly produced Registry Values are:

CLSID{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}{4F7681E5-6CAF-478D-9CB8-4CA593BEE7FB}{5297E905-1DFB-4A9C-9871-A4F95FD58945}{E3EEBBE8-9CAB-4C76-B26A-747E25EBB4C6}{fd9bc004-8331-4457-b830-4759ff704c22}File name without pathservices.exetmksrvu.exeupdate911.jsRun keysSys

2 Comments

Agung SARONO says:

July 10, 2009 at 11:56 pm

Gents,
It is an information that very useful for me. Unfortenately, my PC seemed got infected by 'spamware' or 'CWS'. When I run or open IE, it will show up a webpage of 'www.getiton.com. I have tried hijackthis, CWShredder, etc but it doesnt want to go.
I hope you could give me a clue on how to remove this annoying thing.
Thanks,
AS
kenny nielsen says:

August 23, 2009 at 11:19 am

the page keeps listing the program running as spyhunter3 unregestered even though I paid (MC -1339). How do I resolve this issue?