CoolWebSearch Spyware

CoolWebSearch Spyware

CoolWebSearch spyware is a notorious potentially unwanted program that takes place in cybersecurity history as the nastiest browser hijacker ever created. This cyber threat is known to enter Google Chrome or Internet Explorer and modify their settings without warning. Soon after that, the hijacker redirects all searches to or other questionable sites. The hazardous program comes in a variety of versions (107 to be precise) all of them using a different code, but behaving very similarly. During its reign in 2005, it infected over 8% of PCs worldwide, which is a massive amount.

The most annoying feature of this browser hijacker is the advertising content display, as well as its frequency. Users are often bothered by multiple pop-up windows or redirects that occur daily and conceal the content of legitimate websites. What is more, CoolWebSearch hijack considerably slows down your computer and may even crash your operating system. Additionally, internet speed can be affected too, and getting to even the simplest websites might take a substantial amount of time.

What CoolWebSearch affects?

Just like any other browser hijacker, CoolWebSearch can track a variety of non-personally identifiable information, such as:

  • An IP address (note: this data may be considered personal, depending on where you live)
  • Internet service provider
  • Technical information
  • Search queries
  • Websites visited
  • Bookmarks added
  • links clicked, etc.

This data is invaluable for any marketing firm, as it is used as a tool to generate a virtual ID about every user, and display targeted advertisement, making users buy from sponsored retailers. This way, traffic to unknown websites is boosted, and the sponsors manage to sell their products or services much easier. The sad part is, that a lot of these products may be bogus, or end up being a complete scam.

Versions of CoolWebSearch Spyware

Originally, CoolWebSearch only worked with Internet Explorer but now it contains versions that work with Mozilla Firefox.

Some of the different versions perform the following malicious activity:

  • Data Notary: This version of CoolWebSearch is designed with a code that attempts to determine when the PC user is viewing pornographic sites by dropping a file into the Windows folder which is set to track all of the websites you visit.
  • Boot Conf: This file helps to get CoolWebSearch listed with your antivirus program as a trusted website by dropping a file into your PC that points toward the CoolWebSearch website. It will also hijack your home page and reset all of your search settings to direct your information to its website.
  • MSInfo: This works the same way as the Boot Conf file except that it points towards sites that are associated with CoolWebSearch such as and
  • Svc Host: This version of CoolWebSearch hijacks your Host file and targets search sites such as Yahoo, Google, and MSN Search which all point to your local hosts file. Your computer acts as the local host for running the browser on these sites and the result of the insertion of the CoolWebSearch file is to create an error page which is hijacked to one of the sites associated with CoolWebSearch.
  • Winres: CoolWebSearch/Winres inserts a .dll file which changes your Start page to about-blank which resembles a page in a search engine. The file will change the Start page frequently while adding other sites into your trusted sites and downloading adware such as 2020search.
  • PnP: This CoolWebSearch file performs some of the same functions as the Boot Conf file except that it points everything toward a pornographic website.

How does CoolWebSearch spyware work?

CoolWebSearch may hijack web searches, home page, and other Internet Explorer settings. Recent variants of CoolWebSearch were installed using malicious HTML applications or security flaws, such as exploits in the HTML Help format and Microsoft Java Virtual machines.

The program can change an infected computer’s web browser homepage to, and although originally thought to work only on Internet Explorer, recent variants affect Mozilla Firefox as well as Google Chrome. CoolWebSearch can also create pop-up ads that redirect to other websites including pornography sites, collect private information about users and slow the speed of infected computers.

Certain variants insert links on random text, leading to advertiser websites. Others attempt to access websites that are redirected to pay-per-click search engines which may install more malware display ads.

Some versions also attempt to edit users’ trusted sites and modify security settings as well as to hide from removal programs.

What is so special about CoolWebSearch spyware?

What is so dangerous about this malware is its rapid metamorphosis and the increasing difficulty of removal. Users should not try removing it manually.

Its various complex techniques of evading detection and removal make CoolWebSearch so difficult to remove completely. Even after successful removal, it can still come back if you failed to remove other potentially unwanted programs that sometimes come together with CoolWebSearch in a bundle.

How to prevent it from infecting my PC?

You should avoid suspicious websites such as file-sharing, torrent, porn, gambling, free online gaming, and similar sites. You should always pay attention when installing software because often, a software installer includes optional installs, such as this browser hijacker. Be very careful what you agree to install.

Finally, you should never forget to install security software with a real-time protection feature to keep you safe.

Leave a Comment

Your email address will not be published. Required fields are marked *

three × four =