Spyware Horror Story: Uncool Web search

Published by: Bob; Boston

I have an XP Systemax unit that has worked flawlessly for two years. Until today. I checked my e-mail in the morning and noticed it was a little sluggish, so I rebooted--I admit, it had been a while since my last reboot. When the computer came back up, it was almost at a dead stop. Neither my ZoneAlarm nor AVG Anti-Virus would load. Any program I tried relating to anti-anything would not work, either.

After several reboots I was able to launch AVG and found hundreds of spyware files dumped on my system, from CoolWebSearch to lots more with the word "search" at the end of it. I managed to delete all the entries, but my system still working badly. I had to use Phoenix System to restore the unit to its factory settings and hope for the best. I have yet to go home and see if it worked. Any suggestions as to any more forms of defense? I have (had) SpyCatcher Express, ZoneAlarm, ZoneAlarm ForceField, CCleaner, Advanced WindowsCare Personal, and SpywareBlaster. Luckily, I had everything backed up to a separate drive and to other computers on my network that they could not see.

Editor's response

Just when we all thought CoolWebSearch was a thing of the past, it rears up to trouble the victim with pop-ups, browser hijacking, and scraping up personal data. Getting rid of it and its ilk is the first task. Keeping them from returning is the second.

CoolWebSearch first began spying on Windows users in 2003. Not too long after, InterMute Software (now part of TrendMicro), released CWShredder, a freeware antispyware utility bent on destroying CoolWebSearch and known variants from your PC. Start there.

Hopefully the infiltrating malware isn't crafty enough to disable your Internet connection or new downloads. If it is, downloading the file on an uninfected computer and transferring it through flash memory or a CD to the besieged computer might work. If the executable installs but isn't able to run, rebooting in Safe Mode--by repeatedly punching the F8 key and selecting "Safe Mode"--should succeed.

At this point, let's assume that CWShredder has emerged victorious and most of the files are gone. This is a good time to rev up one of your trusted antivirus applications for a second-round check. When all appears clear, I'd let loose with CCleaner to sweep away fragments of digital debris on the hard drive and Registry. You'll have the added assurance that CCleaner will make backups to undo changes in an emergency. If you'd like, scan with a different antivirus program to make sure you've thoroughly hunted down the malicious code, and--this is recommended, but completely optional--top it off with a thorough defrag session.

Gosh, that sounds like a lot of work. It is, but that's the nature of the DIY malware-removal beast. Wiping XP and reinstalling Windows is a more straightforward, more extreme technique, but it, too, takes hours to accomplish and requires the presence of your original boot disks. Besides, you'll need to reinstall all the software, photos, music, and other personal files that you had accumulated over the years, another time-consuming effort.

What about when the computer is back to its pristine state? How, then, do you keep nasty, invasive malware from piercing your armor? A good firewall is crucial. Equally essential are safe surfing habits. Take advantage of user accounts on computers you share with extended family and friends who may engage in risky online behavior. (See our how-to). Also, try switching to Firefox, Opera, or Flock browsers if you've had problems with viruses targeting Internet Explorer. And you know those Web-site-rating browser add-ons we routinely advocate? Use them; they work. WOT, Netcraft Toolbar, LinkScanner, and McAfee SiteAdvisor are all solid options.