CoolWebSearch: How It Works and How to Remove It

CoolWebSearch is one of the most well known pieces of malware for hijacking your browser. It is a browser hijacker that comes in a variety of different versions which all use different techniques. Although the code is different depending upon the version of CoolWebSearch, all versions send sensitive data back to the CoolWebSearch site and all of the other sites that are associated with CoolWebSearch.

How CoolWebSearch Works

Originally, CoolWebSearch only worked with Internet Explorer but now it contains versions that work with Mozilla Firefox.

Some of the different versions perform the following malicious activity:

  • Data Notary: This version of CoolWebSearch is designed with a code that attempts to determine when the PC user is viewing pornographic sites by dropping a file into the Windows folder which is set to track all of the websites you visit.
  • Boot Conf: This file helps to get CoolWebSearch listed with your antivirus program as a trusted website by dropping a file into your PC that points toward the CoolWebSearch website. It will also hijack your home page and reset all of your search settings to direct your information to its website.

  • MSInfo: This works the same way as the Boot Conf file except that it points towards sites that are associated with CoolWebSearch such as and
  • Svc Host: This version of CoolWebSearch hijacks your Host file and targets search sites such as Yahoo, Google, and MSN Search which all point to your local hosts file. Your computer acts as the local host for running the browser on these sites and the result of the insertion of the CoolWebSearch file is to create an error page which is hijacked to one of the sites associated with CoolWebSearch.

  • Winres: CoolWebSearch/Winres inserts a .dll file which changes your Start page to about-blank which resembles a page in a search engine. The file will change the Start page frequently while adding other sites into your trusted sites and downloading adware such as 2020search.
  • PnP: This CoolWebSearch file performs some of the same functions as the Boot Conf file except that it points everything toward a pornographic website

CoolWebSearch Removal

The problem with this type of browser hijacking malware is that it is very tricky to remove depending upon the version that has been installed on your PC. The best route to take with this type of malware is to install a very reputable anti-spyware tool that is designed to get rid of CoolWebSearch files.

Keep in mind that the malware is created by affiliates of CoolWebSearch that abuse the program by redirecting you to information that you did not request.

Log in or sign up to comment.

Post a comment

Log in or sign up to comment.

With the advent of wireless Internet, more and more computer users are entering the world of cyber space.

Yet, while these users are well aware of the importance of the protection of their computer when hooked up to regular internet providers, they are often oblivious to the fact that the same cyber dangers, and in fact even more, exist in the world of WiFi.

What you may not know is that same Internet connection that makes it possible to check your email from the comfort of your bed also makes it easier for hackers to access your personal information.

It is for this reason, the sharing of the wireless Internet connection, that protecting your computer when wireless is even more important than ever before.