English 
CoolWebSearch CoolWebSearch
By
GoldSparrow in 
Loading ...
CoolWebSearch Description
CoolWebSearch (or, alternatively, Cool Web Search) may redirect your web browser home page to CoolWebSearch.com, Cool-Search.ws, or other affiliates. CoolWebSearch may also generate pornographic pop-up advertisements on your computer.
Type: Browser Hijackers
Automatic Detection of CoolWebSearch
CoolWebSearch Technical Report
As new CoolWebSearch details are reported by our customers and findings from our Threat Research Center, we will update this section.
The following CoolWebSearch files with its MD5s were created in the system:
| File Name | File Size | MD5 |
|---|
| javaef.dll | 87604 | 949deaf6bced3ec6ac2bffcbb549ad1a |
| uc1362.exe | 6656 | 4976bb48a9f2fa8eb7a19f46b797c312 |
| accesss.exe | 8704 | deda65303ef2f2ce3bc625c1cbad1ce5 |
| editpad.exe | 13312 | f176fa7a43cfaa9fdeb798b8c746f9d0 |
| funniest.exe | 17408 | 2f2ce1eba638136042b6bd9bef9ad634 |
| funny.exe | 10240 | 1ebd551402a96bebda352dea92e369d7 |
| iedll.exe | 11520 | fe28422592c516f6f5138609446368cf |
| iexplorer.exe | 32000 | ac61b50419f874260a67c85acd8ea8ca |
| internet.exe | 10240 | 3ded54edea9488b3177c3c8981dbd01c |
| loader.exe | 12032 | 02c588d40bc0e511690f1cfa7f8047dd |
| mssys.exe | 30976 | 31e21cf87f0cb3e6265bd196d8bc4f63 |
| msupdate.exe | 29184 | 829881bd2981178ccdcf945f0a3d0c30 |
| qttasks.exe | 8704 | bf3cf36a72cf27a64f21cbf9134f6ed4 |
| svchost32.exe | 29952 | 95d8d1f08b7f88f1e61616790d4055b6 |
| svcinit.exe | 16896 | 312544f9eae93d1e80258267137d4a31 |
| time.exe | 30208 | e8f70c8a1f9b78232187855eb709fe7b |
| waol.exe | 20992 | d5b080ea4a1c219bffcb6a5e5d94e35e |
| win32e.exe | 25856 | 7607f53286d88c8816ccc6822e4a0e5f |
| win64.exe | 20736 | 1b351540eec899e91d63d9c1e466c735 |
| window.exe | 9216 | 4049f412286d04892aee670dda627439 |
| winmgnt.exe | 19200 | 2fb2d1aa9a445614d0d07c1bd03461b2 |
| x.exe | 8192 | 2a98a97c6e8582957b5577c3d3cd9cfe |
| y.exe | 15360 | cce97f3359c4dd28345436e0a5b4a543 |
| svchost.exe | 700416 | 30f792c0af69801584462a0bb85928f0 |
| sp.exe | 71620 | 3da9e7dd50a1491924fa26c5286f8f90 |
| spr[1].exe | 71620 | 3da9e7dd50a1491924fa26c5286f8f90 |
| 1tcdhfwx.exe | 15976 | 46dae5962f0ef360161e672299473f2c |
| 26vks59f.exe | 15976 | 46dae5962f0ef360161e672299473f2c |
| aiqkawmm.exe | 15976 | 46dae5962f0ef360161e672299473f2c |
| du7nptd8.exe | 15976 | 46dae5962f0ef360161e672299473f2c |
| fpxbnng9.exe | 15976 | 46dae5962f0ef360161e672299473f2c |
| jbf4azag.exe | 15976 | 46dae5962f0ef360161e672299473f2c |
| kn1k9r57.exe | 15976 | 46dae5962f0ef360161e672299473f2c |
| pl7srsn5.exe | 15976 | 46dae5962f0ef360161e672299473f2c |
| rhu3smep.exe | 15976 | 46dae5962f0ef360161e672299473f2c |
| xyawckzp.exe | 15976 | 46dae5962f0ef360161e672299473f2c |
| aimee2[2].exe | 15976 | 46dae5962f0ef360161e672299473f2c |
| message.exe services.exe | 13312 | 1b9a57308af5a82ce5c92da177d23bc6 |
| rsysinit.exe | 1267 | 41d7bbec3b2bc56a523523397978da6e |
| third love.exe | 7831040 | 14c3db0f7ed243bb5353b4b855e6de98 |
CoolWebSearch has typically the following processes in memory:
- tmksrvu.exe
- mshp.dll
- xplugin.dll
- 3.03.00.dll
- tksrv99.exe
- sp.exe
- cpan.dll
- msconfd.dll
- mswsc20.dll
- winajbm.dll
- inetinf.exe
- quicken.exe
- systeem.exe
- DownloaderEXE.exe
- image.dll
- mssearch.dll
- crqf32.exe
- 3.02.00.dll
- aimee2[2].exe
- avpcc.dll
- gfmnaaa.dll
- mswsc10.dll
- searchword.dll
- helpcvs.exe
- olehelp.exe
- sistem.exe
- services.exe
- iekp32.dll
- mslq32.dll
- DNLDC.ocx
- coolwebsearch-info.dll
- rsysinit.exe
- javaef.dll
- dnsrelay.dll
- msspi.dll
- mtwirl32.dll
- astctl32.ocx
- notepad32.exe
- rundll16.exe
- systemcritical.exe
CoolWebSearch creates the following registry entries:
- 5321E378-FFAD-4999-8C62-03CA8155F0B3
- fd9bc004-8331-4457-b830-4759ff704c22
- E3EEBBE8-9CAB-4C76-B26A-747E25EBB4C6
- B94B4225-E02E-4D3F-BADB-026F1E2F3AD7
- 1DE9EE01-DF51-49DB-9BDD-5990B35C1C2A
- ToolBand.StartBHO
- 0B40A54D-BEC3-4077-9A33-701BD6ACDEB2
- Image.Image
- ShowSearch.ViewSource.1
- 204CC9B5-882F-4BDF-8470-0E15D16E880C
- XPlugin.XFilter.1
- 5F2BD607-9849-4E9B-AC43-056D2F3F263B
- SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\3F143C3A-1457-6CCA-03A7-7AA23B61E40F
- C1299AC9-3277-4B23-9F6D-C9037A7A4C84
- 92F476F5-A7A6-458E-BDAF-5B302D8D4265
- AC29943E-756D-4B89-9A83-C13CF83AFF76
- F949D095-16D2-0276-9929-9026ED9B7AA5
- SoftwareMicrosoftWindowsCurrentVersionRunServicesImage
- 93674FCF-119D-EBAC-174F-9BA8737F9ADD
- SOFTWARE\Microsoft\Internet Explorer\Toolbar\E3EEBBE8-9CAB-4C76-B26A-747E25EBB4C6
- Replace.HBO.1
- 30192F8D-0958-44E6-B54D-331FD39AC959
- ToolBand.ToolBandObj.1
- 5297E905-1DFB-4A9C-9871-A4F95FD58945
- searchhook.searchhookobject.1
- ShowSearch.ViewSource
- EE79D398-AAAF-47B1-8C9E-11F7D4C9111B
- XPlugin.XFilter
- 4F7681E5-6CAF-478D-9CB8-4CA593BEE7FB
- TMKSoft
- A1511F4E-4107-4904-97BC-2F953DA06132
- 11735F21-5127-4C2E-BD5E-9B3A6904B997
- pmv1s4.Main
- B58A2FBE-5744-D2AD-DCBC-F5D84F027C2A
- SOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorerRunImage
- E89097ED-3400-411D-9647-D368C3311C98
- E2DDF680-9905-4dee-8C64-0A5DE7FE133C
- Replace.HBO
- 0E1230F8-EA50-42A9-983C-D22ABC2EED3B
- ToolBand.ToolBandObj
- ToolBand.StartBHO.1
- searchhook.searchhookobject
- Image.Image.1
- C9ECA160-055F-4725-A394-C328F5C0DF1B
- 399FE428-BC1C-4902-A8EB-006E59F17F39
- DNLDC.DNLDCCtrl.1
- B0B1E678-1825-4889-B36E-C52DCA08C3A8
- 3F143C3A-1457-6CCA-03A7-7AA23B61E40F
- a31o9nhawv.class
- AD99E521-90B0-4B9B-BD99-2CD0E5123F64
- AFF84E78-CBFB-4221-95CB-4A353DC1B463
Important Article Disclaimer
This entry was posted
on 04/18/08 and is filed under Browser Hijackers.
You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
