I've seen too many false positives to recommend anything from Computer
Associates (PestPatrol, EZ AV,etc.). PestPstrol told me my system was
infected with IstBar, but it wan't. It was detecting a legit MS .ocx
(ActiveX) file that was installed when I installed VB Learning Edition
(version 5) as IstBar since it wasn't signed. However, the file was created
BEFORE digital signing of ActiveX files was ever available to the public.
Not to mention that IstBar is a Hijacker, and my system was not hijacked.
I'd suggest using ewido
(
http://www.download.com/3001-8022_4-10326287.html?idl=n), ad-aware
(
http://www.download.com/3001-8022_4-10399602.html?idl=n), spybot
(
http://www.download.com/3001-8022_4-10401314.html?idl=n), and Tremd Micro's
sysclean
(
http://kb.trendmicro.com/solutions/search/main/search/solutionDetail.asp?solutionID=25991,
download from
http://www.trendmicro.com/ftp/products/tsc/sysclean.com, and
download latest definition files from
http://www.trendmicro.com/download/viruspattern.asp). Make certain to not
remove checkmarks from both boxes listed under Additional Options menu when
installing ewido, do NOT use Spybot's Immunization feature (i.e., remove
checkmark for Immunization when installing Spybot), and place the
decompressed definition files from Trend Micro (lpt$vpn.xxx, where xxx =
latest definition fileset) in the same folder as the sysclean.com app. Be
sure to download the latest updates for every app before using them. Boot
into Safe Mode (press F8 before initial Windows screen during boot/reboot,
press F8 again to get to Advanced Options screen if neccessary, and choose
option that only states Safe Mode). Run a full system scan with every app,
one at a time, removing what it finds, and continuing until all apps have
been run.
I'm willing to bet that none of the apps find anything related to
CoolWebSearch. If so, then it's likely PestPatrol and EZ AV were giving
false positives. To be certain, Google the name y.exe and yexe, one at a
time, to see what changes they make and see if any have occurred on your
system. Chances are none of the changes have occurred, nor are any of the
additions to the registry.
Alan