Coolweb Trojan query and Malware in general

  CurlyWhirly 20:52 22 Nov 2004

Hi. It is only a minor query but I wonder HOW a variant of CoolWebSearch can get on my PC when I DON'T bother with porn sites or P2P sites?
I have SpywareBlaster, Spybot, Ad-Aware SE, a2 trojan scanner, CW Shredder v2.0 not to mention anti-virus & firewall and they are ALL kept up to date.

In my opinion WHATEVER you do to try and protect your computer some damned Malware seems to get past your defences!
No wonder why there is a rumour that Microsoft MAY release an anti-spyware 'solution' in it's next version of Windows 64 bit operating system!

I ran CW Shredder v2.0 and even though it deleted the trojan whenever I start up Windows I have a dll. error which I suspect is the remnant of the trojan left on my PC!

I have managed to get rid of it now with System Restore however, thank goodness!
I always thought that dll. files (dynamic library link) were XP files and if so how come they are not protected you know like when you run 'sfc/ scannow' and a Windows File Protection box comes up.

  Fruit Bat /\0/\ 20:58 22 Nov 2004

Trojans and spyware are often packaged (self extracting zips)with other items you wish to download like wallpaper, music files, and even drivers.

My daughter wanted a Spongebob screensaver, the maker said something like 453k, but most of the site I found it on were over a meg due to the trojans and spyware pakaged with it to catch the kids.

  Dan the Confused 21:03 22 Nov 2004

All kinds of malware can get onto your PC just by visiting websites, not necessarily porn or p2p related. It happens, which is why Spybot's immunize feature and SpywareBlaster are such good programs (they block most of them).

The dll remnant could have been removed via msconfig or, my preferred method, a registry cleaner.

  stalion 21:04 22 Nov 2004

some malaware etc will still get through often because it is a new variant not yet covered by the cleaning programs.

  CurlyWhirly 21:08 22 Nov 2004

So to recap as 'Fruitbat /\0/\' said then these trojans and spyware programs get on your PC by coming 'packaged' with other programs unknown to the downloader - the crafty beggars!
I personally think that Spyware is becoming as big a nuisance as viruses IMHO.

  VoG II 21:15 22 Nov 2004

You are not wrong there, CW.

I've spent a good few hours trying to disinfect a friend's machine. Ad-aware found over 400 things; nasty things not just data miner cookies (which are fairly harmless). I'm pretty sure they have not been accessing dodgy sites (I did my Inspector Clouseau stuff to find out where they had been). The PC had slowed down to a crawl. Ad-aware took over 2 hours to scan! After that, Spybot found a lot more.

  CurlyWhirly 21:24 22 Nov 2004

Yeah I agree. The trouble is that some newcomers to the PC go online thinking that anti-virus & firewall are sufficient to keep them protected!

My friend bought a PC a few months ago and I had to go over his house and try and clean it (NOT that I am an expert but I do something about the dangers of Malware) and this took me literally HOURS with continual dropped connections, DNS server errors & 'The webpage could not be displayed' amongst other problems.

The strange thing was that because he had firewall & anti-virus installed he was amazed that he wasn't SAFE while online!
Fortunately he knew that he had to keep up to date with Microsoft automatic updates as he had heard about the MS Blaster worm which had caught LOADS of people out (including me) but no more as automatic updates are always ENABLED now as I have learnt my lesson the hard way!

  bertiecharlie 21:52 22 Nov 2004

About Windows File Protection. Apparently its quite easy for a Trojan to disable this by unloading the sfc.dll, after which, the system files can be modified.

ProcessGuard from click here can protect your system from a lot of this stuff. It blocks Rootkit/Driver/Service installation and registry dll injections. Some spyware such as CWS use registry dll injections to make it difficult to remove from your system.

I am talking as if I know all about it, I don't, and there is a bit of a learning curve in respect of ProcessGuard so don't just jump in without weighing the programme up first.

(If you download their free RegProt programme, which is a very basic start up monitor, you get 7.5% off the cost of ProcessGuard, so it ends up costing £16. There is also a free version which provides limited protection).

  CurlyWhirly 22:35 22 Nov 2004

What do you mean by 'unloading' the sfc.dll file?
I take it unloading means disabling?

  bertiecharlie 22:50 22 Nov 2004


Basically, yes.

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

The Evil Within 2 review-in-progress

Adobe shows still-in-development tools, including automatically colourising black-and-white photos

iPhone X news: Release date, price, new features & specs

Comment transformer un iPhone en borne Wi-Fi ?