CoolWebSearch: How It Works and How to Remove It

CoolWebSearch is one of the most well known pieces of malware for hijacking your browser. It is a browser hijacker that comes in a variety of different versions which all use different techniques. Although the code is different depending upon the version of CoolWebSearch, all versions send sensitive data back to the CoolWebSearch site and all of the other sites that are associated with CoolWebSearch.

How CoolWebSearch Works

Originally, CoolWebSearch only worked with Internet Explorer but now it contains versions that work with Mozilla Firefox.

Some of the different versions perform the following malicious activity:

  • Data Notary: This version of CoolWebSearch is designed with a code that attempts to determine when the PC user is viewing pornographic sites by dropping a file into the Windows folder which is set to track all of the websites you visit.
  • Boot Conf: This file helps to get CoolWebSearch listed with your antivirus program as a trusted website by dropping a file into your PC that points toward the CoolWebSearch website. It will also hijack your home page and reset all of your search settings to direct your information to its website.

  • MSInfo: This works the same way as the Boot Conf file except that it points towards sites that are associated with CoolWebSearch such as and
  • Svc Host: This version of CoolWebSearch hijacks your Host file and targets search sites such as Yahoo, Google, and MSN Search which all point to your local hosts file. Your computer acts as the local host for running the browser on these sites and the result of the insertion of the CoolWebSearch file is to create an error page which is hijacked to one of the sites associated with CoolWebSearch.

  • Winres: CoolWebSearch/Winres inserts a .dll file which changes your Start page to about-blank which resembles a page in a search engine. The file will change the Start page frequently while adding other sites into your trusted sites and downloading adware such as 2020search.
  • PnP: This CoolWebSearch file performs some of the same functions as the Boot Conf file except that it points everything toward a pornographic website

CoolWebSearch Removal

The problem with this type of browser hijacking malware is that it is very tricky to remove depending upon the version that has been installed on your PC. The best route to take with this type of malware is to install a very reputable anti-spyware tool that is designed to get rid of CoolWebSearch files.

Keep in mind that the malware is created by affiliates of CoolWebSearch that abuse the program by redirecting you to information that you did not request.

Log in or sign up to comment.

Post a comment

Log in or sign up to comment.
Identity theft comes in many forms.

A person\92s identity can be 'borrowed' for the purpose of creating fictional credit cards or a person\92s entire identity can be usurped to the point where they can have difficulty proving that they really are who they claim to be.

Up to 18% of identity theft victims take as long as four years to realize that their identity has been stolen.

There are many ways to protect your personal identity and many steps you can take to prevent your identity from being stolen:

*Never give out unnecessary personal information
*Never provide bank details or social security numbers over the Internet
*Always remain aware of who is standing behind you when you type in your personal credit codes at ATM machines and at supermarket checkout swipe machines.