Hallo, vielen Dank für die schnelle Info.
Das dies ein Pilzforum ist, weis ich bereits; bin seit fast 2 Jahren
als Teilnehmer schon mit dabei.
Mir wäre es viel lieber gewesen, du hättest es nicht so knapp gemacht -
es geht ja nicht um Sendezeit.
Leider habe ich absolut nichts verstanden. So ist das halt mit den
Graugrufties über 50.
Sorry.
Werner2
: Hallo Werner,
: ich mach's knapp, schließlich ist das ein Pilzforum :-)
: Lade dir am besten das Programm Adaware runter (kostenlos). Updaten und dann
: ausführen. Fertig!
: Intruder: CoolWebSearch
: Variants: This spyware is morphing at a rapid rate. Below, variants and their
: estimated appearance date are listed in reverse chronological order.
: DNSRelay.dll - August 7, 2003
: Svchost32 - August 3, 2003
: Oemsyspnp - July 29, 2003
: Msspi.dll - July 28, 2003
: Vrape - July 20, 2003
: OSLogo.bmp - July 10, 2003
: Bootconf - July 6, 2003
: Datanotary - May 27, 2003
: De#####ion: CoolWebSearch is a name given to a wide range of different
: browser hijackers. The code is very different between variants, but all
: are currently used to redirect users to coolwebsearch.com and other sites
: affiliated with its operators. The alarming trend with this hijacker is
: rapid metamorphosis and the increasing difficulty of removal. Some
: documented behaviors associated with each variant include: DNSRelay.dll -
: Implemented as an IE URL hook. Hijacks address bar search phrases as well
: as any site name entered into the address bar without a leading 'http://'
: or 'www' to search aimed at activexupdate.com (a CWS site redirecting
: through yellow2.com to allhyperlinks.com).
: Svchost32 - Hosts file hijacker that uses a laundering technique to avoid
: detection by anti-hijacker tools. Targeted sites (Yahoo Search, MSN Search
: and all countries' versions of Google) are set in the Hosts file to point
: to 'localhost' (127.0.0.1). Because most local hosts are not running a web
: server, this results in an error page that is hijacked to the CWS site
: slawsearch.com.
: Oemsyspnp - Hides inside the 'inf' folder usually used for storing device
: driver information. Its hijacker file is run on each startup, using a
: slightly different install command each time. Hijacks home page and search
: settings to point at www.adulthyperlinks.com and www.allhyperlinks.com
: and adds activexupdate.com to the IE 'Safe Sites' list.
: Msspi.dll - Implemented as a Winsock2 Layered Service Provider. Hijacks
: search results and targets Google, Yahoo and Altavista, offering popups
: that advertised bogus enhanced results and leading to advertising from
: unipages.cc.
: OSLogo.bmp - IE start and search pages are changed to several dozen different
: sites affiliated with CoolWebSearch. Over 80 domains that are known CWS
: have appeared in users' logs.
: Bootconf - Also employs a CSS stylesheet, but hijacks homepage and all search
: settings to coolwebsearch.com. Site names are scrambled using URL-encoding
: to make them difficult to read. Bootconf.exe is set to run on every
: start-up, reestablishing the hijack. CoolWebSearch is added the IE 'Safe
: Sites' list.
: Datanotary - First known variant, hijacks to datanotary.com. Places a CSS
: stylesheet in the Windows folder and sets it as the default sytlesheet for
: all pages viewed in IE. Embedded ##### code then tries to guess when a
: user is viewing pornographic images.
: Method of Infection: CoolWebBrowser is suspected to be installed by pop-ups
: exploiting security holes in IE. However, to date, no one has caught a
: live CWS installer.
: Privacy Issues: None reported
: Security Issues: In the Bootconf variant, coolwebsearch.com is added to IE's
: Trusted Sites Zone, allowing it to download and install any code it likes.
: Stability Issues: DataNotary and BootConf variants may cause significant
: slowdown when typing in a browser window on some systems (particularly
: when entering information into forms). The SvcHost variant prevents you
: from completely reaching Google or the search services of MSN or Yahoo.
: Removal Process: Manual removal is possible for most of the variants, but can
: be time consuming. As of this writing, most anti-spyware programs aren't
: currently addressing all variants.
: Merijn Bellekom has fully documented the metamorphosis of CoolWebSearch and
: has prepared a tool called CWShredder which should be able to remove all
: known CoolWebSearch variants automatically. To access both, visit
: http://www.spywareinfo.com/~merijn/cwschronicles. href="http://www.ntsearch.com/search.php?q=html&v=52&src=zon">html .
: Vendor: www.CoolWebSearch.com
: Grüßle