Option 1: If you have MS Java VM [builds earlier than 3810] installed, visit WindowsUpdate page and download the MS Java VM Update [build 3810]
CoolWebSearch is a name given to a wide range of different browser hijackers. Though the code is very different between variants, they are all used to redirect users to coolwebsearch.com and other sites affiliated with its operators. More Information: http://www.doxdesk.com/parasite/CoolWebSearch.html
The most common symptoms you see are:
Home Page hijacks
Internet Explorer Search engine hijacks
Unwanted menu-extensions and favorites added
Missing Tabs in Internet Explorer Options
CoolWebSearch spyware uses the MS Java VM vulnerability [earlier than builds 3810] and installs itself while visiting some rogue websites.
To guard against CoolWebSearch:
Option 1: If you have MS Java VM
[builds earlier than 3810] installed, visit
WindowsUpdate
page and download the MS Java VM Update [build 3810]
To find the build of MS Java installed in your
system, type "jview" [or wjview] in the Command Prompt
window to note down the version number. Anything
earlier than 3810 means your system is "Vulnerable"
Determine the MS Java Version:
http://www.microsoft.com/security/security_bulletins/ms03-011.asp
Option
2: Uninstall MS Java Virtual Machine completely and install Sun's Version of
Java
Removal:
How can I uninstall the Microsoft Java Virtual Machine from Windows XP?
More Information about the MS Java VM Vulnerability
MS03-011: Flaw in the Microsoft VM Could Enable
System Compromise:
http://support.microsoft.com/?kbid=816093
What You Should Know About Microsoft Security Bulletin MS03-011:
http://www.microsoft.com/security/security_bulletins/ms03-011.asp
Doxdesk.com: parasite: CoolWebSearch:
http://www.doxdesk.com/parasite/CoolWebSearch.html
Merijn.org: - CoolWebSearch Chronicles:
http://www.merijn.org/cwschronicles.html
For the systems already infected by CoolWebSearch, download the CWShredder from Majorgeeks