|
CWS.loadnew
Overview
CWS.loadnew is a suite of software components installed without user notice when visiting
(Warning, do not visit this site!) 213.159.117.133.
Several files will be dropped on your system, such as in
%WinDir%, %SystemDir% but also on the current user's
desktop. The files contains functionality shut down your computer, change
browser settings to http://213.159.117.134/index.php,
add sites to the Trusted Zones,
some hook into explorer.exe and show
strong indications to be spam related, others have backdoor capabilities.
Note: %WinDir% is a variable (?). By default, this is C:\Windows (Windows 95/98/Me/XP) or C:\WINNT (Windows NT/2000).
Note: %SystemDir% is a variable (?). By default, this is C:\Windows\System (Windows 95/98/Me), C:\WINNT\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
The following sites was added to the Trusted Zones:
blazefind.com, clickspring.net, flingstone.com, mt-download.com,
my-internet.info, searchbarcash.com, searchmiracle.com, skoobidoo.com,
slotch.com, slotchbar.com, windupdates.com, xxxtoolbar.com and ysbweb.com.
Variants
CoolWebSearch
CoolWebSearch.alfasearch
CoolWebSearch.control
CoolWebSearch.cpan
CoolWebSearch.criticalupdater
CoolWebSearch.ctrlpan
CoolWebSearch.dnse
CoolWebSearch.dnserr
CoolWebSearch.dpe
CoolWebSearch.ehttp
CoolWebSearch.excel10
CoolWebSearch.explorer32
CoolWebSearch.googlems
CoolWebSearch.iefeatsl
CoolWebSearch.iefeatslupdate
CoolWebSearch.image
CoolWebSearch.keymgrldr
CoolWebSearch.ld
CoolWebSearch.madfinder
CoolWebSearch.mgs_32
CoolWebSearch.msaps
CoolWebSearch.msconfd
CoolWebSearch.msmk
CoolWebSearch.mssearch
CoolWebSearch.msstar
CoolWebSearch.msstar2
CoolWebSearch.mstaskm
CoolWebSearch.msupdate
CoolWebSearch.msupdater
CoolWebSearch.mtwirl32
CoolWebSearch.my.css
CoolWebSearch.notepad32
CoolWebSearch.ntsearch
CoolWebSearch.olehelp
CoolWebSearch.popup_bl
CoolWebSearch.quicken
CoolWebSearch.qttasks
CoolWebSearch.secure
CoolWebSearch.soundmx
CoolWebSearch.sys
CoolWebSearch.time
CoolWebSearch.toolband
CoolWebSearch.winproc32
CoolWebSearch.winsuck
CoolWebSearch.winres
CoolWebSearch.winug
CoolWebSearch.xplugin
CoolWebSearch.xpsystem
CoolWebSearch.xrectar
Files
loadnew.exe, questmod.dll, mstask1.exe, mstask2.exe, mstask3.exe, toolbar.exe, process.exe, msrexe.exe, systime.exe, dktibs.exe, child.dll, chup.dll, chup32.dll
If you have any of the files related to CWS.loadnew on your system,
please send them
for additional analysis. Generally, I have only analysed a
few versions for each software component listed at this web site. With your help I
will be able to look at both old and more recent versions of the CWS.loadnew software.
Thank you very much for your time!
Log references
Log 1275
Privacy policy
No privacy policy available.
Detection
Bazooka Adware and Spyware Scanner detects CWS.loadnew.
Bazooka is freeware and detects spyware, adware, foistware, trojan horses, viruses, worms and
other potentially unwanted applications.
Read more »
Uninstall CWS.loadnew with FreeFixer
I'm working on a general purpose tool for removing unwanted software.
The tool is called FreeFixer
and can help you remove unwanted Browser Helper Objects, Internet Explorer toolbars
and software that starts automatically when you reboot your computer, so it can offer some
assistance while uninstalling CWS.loadnew. The manual removal instructions
listed below will help you to identify what to delete with
FreeFixer.
Read more about FreeFixer.
Manual removal
Please follow the instructions below if you would like to remove CWS.loadnew manually. Please
notice that you must follow the instructions very carefully and delete everything that is mentioned. In most
cases the removal will fail if one single item is not deleted. If CWS.loadnew remains on your system
after stepping through the removal instructions, please double-check by stepping through them again.
- Go to windowsupdate.com and install all service packs and critical updates.
-
Start your computer in safe mode.
-
Start the registry editor. This is done by clicking Start then Run.
(The Run dialog will appear.) Type regedit and click OK. (The registry editor will open.)
- Browse to the key:
'HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run'
- In the right pane, delete values named 'SysTime', 'Service Host', 'process.exe' and 'System Service'.
- Browse to the key:
'HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run'
- In the right pane, delete values named 'SysTime', 'Service Host', 'process.exe' and 'System Service'.
- Exit the registry editor.
-
Start Windows Explorer and delete:
%WinDir%\loadnew.exe
%WinDir%\questmod.dll
%WinDir%\mstask1.exe
%WinDir%\mstask2.exe
%WinDir%\mstask3.exe
%WinDir%\toolbar.exe
%WinDir%\process.exe
%SystemDir%\msrexe.exe
%SystemDir%\systime.exe
%SystemDir%\dktibs.exe
%SystemDir%\child.dll
%SystemDir%\chup.dll
%SystemDir%\chup32.dll
- Restart your computer.
Problems uninstalling? Click here.
I'm looking for your help!
Thank you for using my site, I hope you find it useful. I'm looking
for help from all users, please read more.
Contact information for CWS.loadnew's vendor
In order to provide correct, accurate and updated information about CWS.loadnew
I encourage the vendor to contact me if any part of this write-up
needs a revision.
Related links |
|
Bazooka - Free scan for spyware, adware, trojan horses, keyloggers, etc. Detects more than 500 potentially unwanted applications. Freeware!
The File Database - Search the file database for more information. Free!
PopUp Blocker Test - Find out if your pop-up killer can handle all pop-ups. Free!
Kephyr Labs - Find out what is going on at Kephyr. Try products in an early stage of development.
|
|
|