CWS.loadnew

Overview

CWS.loadnew is a suite of software components installed without user notice when visiting (Warning, do not visit this site!) 213.159.117.133. Several files will be dropped on your system, such as in %WinDir%, %SystemDir% but also on the current user's desktop. The files contains functionality shut down your computer, change browser settings to http://213.159.117.134/index.php, add sites to the Trusted Zones, some hook into explorer.exe and show strong indications to be spam related, others have backdoor capabilities.

Note: %WinDir% is a variable (?). By default, this is C:\Windows (Windows 95/98/Me/XP) or C:\WINNT (Windows NT/2000).
Note: %SystemDir% is a variable (?). By default, this is C:\Windows\System (Windows 95/98/Me), C:\WINNT\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).

The following sites was added to the Trusted Zones: blazefind.com, clickspring.net, flingstone.com, mt-download.com, my-internet.info, searchbarcash.com, searchmiracle.com, skoobidoo.com, slotch.com, slotchbar.com, windupdates.com, xxxtoolbar.com and ysbweb.com.

Variants

CoolWebSearch  CoolWebSearch.alfasearch  CoolWebSearch.control  CoolWebSearch.cpan  CoolWebSearch.criticalupdater  CoolWebSearch.ctrlpan  CoolWebSearch.dnse  CoolWebSearch.dnserr  CoolWebSearch.dpe  CoolWebSearch.ehttp  CoolWebSearch.excel10  CoolWebSearch.explorer32  CoolWebSearch.googlems  CoolWebSearch.iefeatsl  CoolWebSearch.iefeatslupdate  CoolWebSearch.image  CoolWebSearch.keymgrldr  CoolWebSearch.ld  CoolWebSearch.madfinder  CoolWebSearch.mgs_32  CoolWebSearch.msaps  CoolWebSearch.msconfd  CoolWebSearch.msmk  CoolWebSearch.mssearch  CoolWebSearch.msstar  CoolWebSearch.msstar2  CoolWebSearch.mstaskm  CoolWebSearch.msupdate  CoolWebSearch.msupdater  CoolWebSearch.mtwirl32  CoolWebSearch.my.css  CoolWebSearch.notepad32  CoolWebSearch.ntsearch  CoolWebSearch.olehelp  CoolWebSearch.popup_bl  CoolWebSearch.quicken  CoolWebSearch.qttasks  CoolWebSearch.secure  CoolWebSearch.soundmx  CoolWebSearch.sys  CoolWebSearch.time  CoolWebSearch.toolband  CoolWebSearch.winproc32  CoolWebSearch.winsuck  CoolWebSearch.winres  CoolWebSearch.winug  CoolWebSearch.xplugin  CoolWebSearch.xpsystem  CoolWebSearch.xrectar 

Files

loadnew.exe, questmod.dll, mstask1.exe, mstask2.exe, mstask3.exe, toolbar.exe, process.exe, msrexe.exe, systime.exe, dktibs.exe, child.dll, chup.dll, chup32.dll

If you have any of the files related to CWS.loadnew on your system, please send them for additional analysis. Generally, I have only analysed a few versions for each software component listed at this web site. With your help I will be able to look at both old and more recent versions of the CWS.loadnew software. Thank you very much for your time!

Log references

Log 1275

Privacy policy

No privacy policy available.

Detection

Bazooka Adware and Spyware Scanner detects CWS.loadnew. Bazooka is freeware and detects spyware, adware, foistware, trojan horses, viruses, worms and other potentially unwanted applications. Read more »

Uninstall CWS.loadnew with FreeFixer

I'm working on a general purpose tool for removing unwanted software. The tool is called FreeFixer and can help you remove unwanted Browser Helper Objects, Internet Explorer toolbars and software that starts automatically when you reboot your computer, so it can offer some assistance while uninstalling CWS.loadnew. The manual removal instructions listed below will help you to identify what to delete with FreeFixer.

Read more about FreeFixer.

Manual removal

Please follow the instructions below if you would like to remove CWS.loadnew manually. Please notice that you must follow the instructions very carefully and delete everything that is mentioned. In most cases the removal will fail if one single item is not deleted. If CWS.loadnew remains on your system after stepping through the removal instructions, please double-check by stepping through them again.

  1. Go to windowsupdate.com and install all service packs and critical updates.
  2. Start your computer in safe mode.
  3. Start the registry editor. This is done by clicking Start then Run. (The Run dialog will appear.) Type regedit and click OK. (The registry editor will open.)
  4. Browse to the key:
    'HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run'
  5. In the right pane, delete values named 'SysTime', 'Service Host', 'process.exe' and 'System Service'.
  6. Browse to the key:
    'HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run'
  7. In the right pane, delete values named 'SysTime', 'Service Host', 'process.exe' and 'System Service'.
  8. Exit the registry editor.
  9. Start Windows Explorer and delete:
    %WinDir%\loadnew.exe
    %WinDir%\questmod.dll
    %WinDir%\mstask1.exe
    %WinDir%\mstask2.exe
    %WinDir%\mstask3.exe
    %WinDir%\toolbar.exe
    %WinDir%\process.exe
    %SystemDir%\msrexe.exe
    %SystemDir%\systime.exe
    %SystemDir%\dktibs.exe
    %SystemDir%\child.dll
    %SystemDir%\chup.dll
    %SystemDir%\chup32.dll
  10. Restart your computer.

Problems uninstalling? Click here.

I'm looking for your help!

Thank you for using my site, I hope you find it useful. I'm looking for help from all users, please read more.

Contact information for CWS.loadnew's vendor

In order to provide correct, accurate and updated information about CWS.loadnew I encourage the vendor to contact me if any part of this write-up needs a revision.

How do you rate the information provided about CWS.loadnew?


Related links

Bazooka - Free scan for spyware, adware, trojan horses, keyloggers, etc. Detects more than 500 potentially unwanted applications. Freeware!

The File Database - Search the file database for more information. Free!

PopUp Blocker Test - Find out if your pop-up killer can handle all pop-ups. Free!

Kephyr Labs - Find out what is going on at Kephyr. Try products in an early stage of development.


FreeFixer
Read more about FreeFixer, Kephyr's latest spyware removal tool.
Home & Products |  Legal |  Privacy |  Search

© Kephyr, 2003-2012. HtmlTidy, HTML 4.01, CSS andy@kephyr.com