Home > Industries > Internet
1. the IE homepage/search page is set as a foreign search engine. If some malicious webpages contain "search ";
2. When an invalid website address is entered or the website cannot be accessed, ie is redirected to a foreign malicious webpage;
3. Set the IE homepage to"About:A blank page of blank is displayed, but it becomes a "search for" webpage;
4. The webpage is redirected to the malicious webpage when accessing Google;
5. the settings of the home page and search page cannot be modified, or are quickly hijacked after modification;
6. automatically add trusted sites;
7. Adult Websites are automatically added to favorites;
8. The IE speed is severely slowed down when characters are entered;
9. Options that cannot be changed or hidden appear in Internet Options;
10. manually modify the registry or use the usual Internet Explorer Repair Tool to repair it. After the repair, it is quickly hijacked or IE is hijacked after the computer is restarted.
We can find the address list of these malicious web pages on the website of hijackthis author merijn: http://www.merijn.org/cwschronicles.html
If your IE is accidentally hijacked by malicious web pages outside China, check to see if it is a variant of the CoolWebSearch malicious website family. The appendix of this post provides the latest CoolWebSearch URL list. You can check it.
The following describes how to clear such foreign malicious webpages:
1. coolweb shredder (coolweb crusher)
The CoolWebSearch malicious website family variants can be removed using the coolweb shredder. This is a completely free tool and can be upgraded online. This tool is another work of merijn, creator of hijackthis. Not only can CoolWebSearch and its variants be completely cleared, but other malicious web pages can be dealtCodeAnd small advertisements are also very effective. The latest version is 2.0, which can scan hundreds of malicious webpages. Although it is an English interface, it is very easy to use.
Download coolweb shredder:
Click to browse the file (decompress the file after downloading from here)
Download the merijn Homepage
Usage:
1. Download the Installation File cwsinstall.exe. Double-click it and click "I agree". Accept the Protocol to automatically install it under c: \ Program Files \ intermute \ spysubtract \ and create a shortcut cwshredder on the desktop. Coolweb shredder is a green software. You can directly Delete the intermute folder under c: \ Program Files \ when uninstalling it.
Figure 1
2. After the installation is complete, cwshredder runs automatically and appears. A total of four options are available: scan only (check ONLY), check for update (check for updates), and make report (Create report), fix-> (repair ).
Figure 2
3. Because CoolWebSearch continuously produces variants, click "check for update" to perform online upgrade before scanning and removal. If no new update is available, the "Download and open the update" button in the middle is grayed out. If there is a new update, this button is activated. You can press it to download the upgrade file. Cwshredder is disabled and automatically updated. After the update is complete, you need to double-click to start cwshredder.
Figure 3 (updated)
Figure 4 (updating being downloaded)
This is the latest version that I just downloaded from the merijn homepage last night. For example:
Figure 5 (no new updates)
4. Click "Fix->" in the lower right corner to go to the repair page. In this case, a window is displayed, prompting you to "Close the browser port, folder window, notepad, and so on ."ProgramWindow to facilitate cwshredder Repair ". If a browser window opens, CoolWebSearch is hard to be cleared. After closing these windows, click "OK" to clear the CoolWebSearch and its variants.
Figure 6
5. If you find the CoolWebSearch or its variants, a message is prompted to clear them. After cwshredder is finished, "done!" is displayed !".
Figure 7 (checking)
Figure 8 (repaired)
6. Click Next to go to the next step. Some suggestions for Website access and report preparation are all in English. Click "exit" to exit.
Figure 9
7. If you use CoolWebSearch to detect and fix the problem, the problem persists after the restart. In this case, we recommend that you enter safe mode and use cwshredder again to fix the issue. After the fix, clear the temporary ie files. The method is as follows: internet Options → click "delete file" under "Temporary Internet Files" → select "delete all offline content" and click "OK ". We recommend that you complete all the security patches for the system.
2. COOL-WWW-SEARCH smartkiller miniremoval killing tool
When cwshredder is used, the window of cwshredder is automatically closed as soon as it is opened. It may be a problem that the user is prevented from clearing their own CoolWebSearch Variants by blocking the operation of the anti-hijacking software. In this case, please ask the variant's dedicated cleanup tool COOL-WWW-SEARCH smartkiller miniremoval to get out of the horse.
COOL-WWW-SEARCH smartkiller mini removal killing tool download:
Click to browse the file (decompression required)
When using the tool, close all IE and Windows "Resource Manager" windows, and then run the tool to clear it.
Iii. hijackthis Tool
If both of the above tools are invalid with the latest variants, or malicious webpages with non-CoolWebSearch and other variants are in use, the famous hijackthis tool is only available, which is particularly effective for malicious web page code, it is also helpful for finding Trojans/worms in the system! Not only applicable to foreign malicious web pages, but also for domestic malicious web pages. If you cannot cope with this problem with common tools, we recommend that you use this tool to clear or assist in clearing !!
Figure 10
I even posted a post about hijackthis from wendao's chang'an moderator. This is a very popular tool and has been introduced on major forums and the rising homepage. Although the tool is powerful and easy to use, it may be troublesome for some members because of the need for careful analysis of its check logs. Secondly, its logs involve the hosts file and BHO (the auxiliary module of the browser), self-starting item, registry key value, ie plug-in, ActiveX object, iereset. INF file and other terms, just getting started cainiao members may feel dizzy.
However, if you don't want to be a newbie forever, we recommend that you learn to use hijackthis because you have read the log file of hijackthis, And you are half a prawns! ^_^ If you do not want to become a prawns, we recommend that you use hijackthis because you can use hijackthis to check and click "Save log". After saving, the log file will automatically open, post all the content to the Forum to help you analyze the problem. This log contains magnetic boot items, processes, ie plug-ins, ActiveX objects, registry key values, and so on! Not only is it applicable to iefix, but it applies to all faults related to self-startup items, processes, ie INS, ActiveX objects, and so on! This is a tough and laborious long article. It also makes it clearer for the two monks to get confused and confused! More effective !! Haha ......
Well, let's get down to the truth. For hijackthis, I have posted a post about its download and tutorial several months ago, so it will not recur again. Here I will only post its link:
Hijackthis concise tutorial and Chinese Version Download: http://bbs.cfanclub.net/dispbbs.asp? Boolean id = 2 & id = 126265
Note that before using hijackthis, close all other program windows, including the resource manager window !!
It is strongly recommended that members learn to use hijackthis !!!
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
