CoolWebSearch URL hook

  • Thread starter Thread starter Ian
  • Start date Start date
I

Ian

Installed MS Spyware. Shows clean scan on main account,
but on switching to another user account, I get a red
warning telling me that CoolWebSearch is trying to
install a URL hook browser redirect. Despite using MS
Spyware to remove this threat, it re-appears every time I
sign on to a second account, never the main account.
AdAware, and SpyBot S+D give system clean bill of health.

Any suggestions?
 
strange...I have the same problem...but no solution!
Would anybody from Microsoft care to answer?
 
This does sound like it may be a false positive. Can you post the text of
the alert?
 
It does not show up on the main account it only appears
on secondary accounts!
I used Antispy several times for each user and I even ran
it a couple of time in Safe Mode.

Thanks,

This is the message I get:

Microsoft AntiSpyware has detected the threat
CoolWebSearch trying to install a URL Search Hook on your
computer. If you would like to allow CoolWebSearch to
install the URL Search Hook click the 'Allow' button
below.

Name: CoolWebSearch
Type: Browser Modifier
Threat Level: Severe
Author: CoolWebSearch.com

Description: CoolWebSearch is a wide range of browser
redirection tools. All variants redirect you to specific
Web sites.

Advise: This is a very high risk threat and should be
removed immediately as to prevent harm to your computer
or your privacy.
 
Downloadad and ran CWShredder, which also gave system a
clean bill of health. Have uninstalled nd reinstalled MS
AntiSpyware incase it was a corrupt installation, but to
no avail. The message as listed previously still appears
on any logging in to any account except the main one.
(Options are to Ignore the threat, or remove it.)

As an aside, I installed MS Antispyware on to two other
pc's running WinXP (All SP2) all auto updated, and have
had no problems with them!
 
Downloadad and ran CWShredder, which also gave system a
clean bill of health. Have uninstalled nd reinstalled MS
AntiSpyware incase it was a corrupt installation, but to
no avail. The message as listed previously still appears
on any logging in to any account except the main one.
(Options are to Ignore the threat, or remove it.)

As an aside, I installed MS Antispyware on to two other
pc's running WinXP (All SP2) all auto updated, and have
had no problems with them!
 
This is how I got rid of this URL

I usually connect to the web with my administrative account, even though from what I hear,
it is not wise to do so. However I have two other accounts that my family logs on to. I
noticed that my administrative account was slow in accessing some of my favorite websites
and ran all of my various scanners (adaware, spybot, Microsoft antispyware...etc) even
"hijack this" gave a clean bill of heatlh. I new their was something wrong cause adaware
would always detect a tracking cookie in one of the other accounts. So on that one
account I ran "hijack this" and noticed that "url" was on the scan list, even though it
never appeared on my admistrative account, I guess that is just how tricky this spyware
is. I have xp sp2 too and when u try to run "hijack this" on that corrupt account it will
pop up messages that it is not possible, but just continue to try and run the program, and
it runs the scan. Tick that url, on mine it appeared on top of the list, and fix it, which
usually means delete it. Than run Adaware with a "full system scan" and it will reveal
the "auto dialer" that keeps calling home, then reboot your computer, that is how I got rid of mine and haven't had any troubles for a long time, Good Luck, I hope this helps out.
 
Back
Top