Websearch.coolsearches.info is a nasty redirect
infection which attacks PC users’ browsers, once being infected, it will modify
settings on the targeted browser to change its homepage to
Websearch.coolsearches.info redirect site. It usually attaches itself to SPAM
emails, attachments, online chats, instant messages, pop-up ads, suspicious
links, unknown websites, peer to peer programs and other unprotected networks.
This redirect virus has a seemingly legitimate interface which misleads most
users into thinking that it is a useful website providing the search function as
Google does, and some users really use the unsafe search engine to do a search,
and as a result, they are constantly redirected to some suspicious websites.
Friendly Reminder:Please try a professional redirect virus removal tool
to remove this redirect virus once you can't remove it through the manual
removal guide below.
In fact, it is a fake search engine that pretends to be a legitimate
site and provides users with multiple utilities and many other search services
in order to attract users to visit it. Despite of the weird phenomena happen on
the browsers, the redirect virus also cause constant popping up of ads which
aims at misleading the net users to click and redirecting them to domain web
pages. In most cases, the advertising sites are designed to promote various
products or services to make money. The Websearch.coolsearches.info redirect
virus interferes with user’s browsing activities by displaying lots of
discounts, coupons, bargains and so on. So, in some cases, those users would
click on the pop-up ads and go for a visit.
Since the redirect virus enters the PC and make modifications on the
browser settings, it may invite more and more cyber threats to the compromised
machine. Because the settings on the infected browser has been modified by this
Websearch.coolsearches.info redirect, there are lots of plug-ins, add-ons will
be installed to the infected browsers, pretending to be the useful tools to
cheat the PC users. It can appear on the startup of the infected browsers and
install extensions, add-ons and links on the computer, such as Internet
Explorer, Mozilla Firefox and Google Chrome. Moreover, this redirect virus will
display all types of web links which might take users to some malicious
websites. It is risky because other cyber threats may get the opportunity to get
into the PCs when users click on the dubious links and visit the malicious
websites.
Guides to Manually Remove Websearch.coolsearches.info – Remove Redirect Virus Step by Step
1) Enable hidden files by opening folder options (start –>run –>
control folders),under view tab
enable show hidden files, folders and drives
uncheck hide extensions for known file types
uncheck hide protected operating system files
2) Open msconfig (start –>run –> msconfig)
Click “Start” –> run –> msconfig)
Go to “boot” tab if you are using Vista or Win 7. In case of XP, select “boot.ini” tab
check bootlog
3) Restart computer
Restart computer for making sure that changes you made are implemented. (On restarting computer a file ntbttxt.log is created which is discussed later in troubleshooting steps)
4) Do a complete IE optimization
Read this article on how to do an Internet Explorer optimization. Internet explorer optimization is done to ensure that redirection is not as a result of problem with IE or corrupted internet settings. Even if you use a different browser other than Internet explorer, IE optimization is compulsory as IE settings acts as the basic settings for any web browser using windows operating system.
5) Open device manager (start –>run –> devmgmt.msc)
Click “Start” –> run –> devmgmt.msc
Click “view” tab on top. Select “show hidden devices”
Look for “non-plug and play drivers”. Expand it to see entire list under option.
Check if you have any entry TDSSserv.sys. Note down name carefully. Right click on entry and uninstall it. Don’t restart computer yet, cancel it. Continue troubleshooting without restarting.
6) Open registry (start –>run–>regedit). Take a backup of registry before making changes
Click on edit –> find. Enter first few letters of infection name. In this case, I used TDSS and searched for any entries starting with those letters. Every time there is an entry starting with TDSS, it shows the entry on the left and value on right side.
If there is just an entry, but no file location mentioned, then delete it directly. Continue searching for next entry with TDSS
The next search took me to an entry which got details of file location on right which says C:\Windows\System32\TDSSmain.dll.You need to utilize this information. Open folder C:\Windows\System32, find and delete TDSSmain.dll mentioned here.
Assume that you were not able to find file TDSSmain.dll inside C:\Windows\System32.This shows entry is super hidden. You need to remove file using command prompt. Just use command to remove it. del C:\Windows\System32\TDSSmain.dll
Repeat same until all entries in registry starting with TDSS is removed. Make sure if those entries are pointing towards any file inside folder remove it either directly or by using command prompt.
Assume that you were not able to find TDSSserv.sys inside hidden devices under device manager, then go to Step 7.
7) Check ntbtlog.txt for corrupted file
By doing Step 2, a log file called ntbtlog.txt is generated inside C:\Windows. It’s a small text file containing lot of entries which might run to more than 100 pages if you take a printout. You need to scroll down slowly and check if you have any entry TDSSserv.sys which shows that there is an infection. Follow steps mentioned in Step6.
enable show hidden files, folders and drives
uncheck hide extensions for known file types
uncheck hide protected operating system files
2) Open msconfig (start –>run –> msconfig)
Click “Start” –> run –> msconfig)
Go to “boot” tab if you are using Vista or Win 7. In case of XP, select “boot.ini” tab
check bootlog
3) Restart computer
Restart computer for making sure that changes you made are implemented. (On restarting computer a file ntbttxt.log is created which is discussed later in troubleshooting steps)
4) Do a complete IE optimization
Read this article on how to do an Internet Explorer optimization. Internet explorer optimization is done to ensure that redirection is not as a result of problem with IE or corrupted internet settings. Even if you use a different browser other than Internet explorer, IE optimization is compulsory as IE settings acts as the basic settings for any web browser using windows operating system.
5) Open device manager (start –>run –> devmgmt.msc)
Click “Start” –> run –> devmgmt.msc
Click “view” tab on top. Select “show hidden devices”
Look for “non-plug and play drivers”. Expand it to see entire list under option.
Check if you have any entry TDSSserv.sys. Note down name carefully. Right click on entry and uninstall it. Don’t restart computer yet, cancel it. Continue troubleshooting without restarting.
6) Open registry (start –>run–>regedit). Take a backup of registry before making changes
Click on edit –> find. Enter first few letters of infection name. In this case, I used TDSS and searched for any entries starting with those letters. Every time there is an entry starting with TDSS, it shows the entry on the left and value on right side.
If there is just an entry, but no file location mentioned, then delete it directly. Continue searching for next entry with TDSS
The next search took me to an entry which got details of file location on right which says C:\Windows\System32\TDSSmain.dll.You need to utilize this information. Open folder C:\Windows\System32, find and delete TDSSmain.dll mentioned here.
Assume that you were not able to find file TDSSmain.dll inside C:\Windows\System32.This shows entry is super hidden. You need to remove file using command prompt. Just use command to remove it. del C:\Windows\System32\TDSSmain.dll
Repeat same until all entries in registry starting with TDSS is removed. Make sure if those entries are pointing towards any file inside folder remove it either directly or by using command prompt.
Assume that you were not able to find TDSSserv.sys inside hidden devices under device manager, then go to Step 7.
7) Check ntbtlog.txt for corrupted file
By doing Step 2, a log file called ntbtlog.txt is generated inside C:\Windows. It’s a small text file containing lot of entries which might run to more than 100 pages if you take a printout. You need to scroll down slowly and check if you have any entry TDSSserv.sys which shows that there is an infection. Follow steps mentioned in Step6.
Conclusion
Websearch.coolsearches.info is a big threat to both your computer and
privacy if you cannot get rid of it promptly from your computer. Another way it
often uses is through bundling with some programs installers thus it can be
installed if the user do not pay attention to some unnoticeable options. Many
people don’t think it is a serious issue and choose to ignore it, leading to
many troublesome and annoying troubles in the further.
To prevent being hijacked and redirected by the redirect virus, users
should pay more attention to the browsing activities and their computer
performance so that they can take instant measures to fix the browser redirect
issues once they notice the default homepage is altered forcibly, the search
quires are redirected or unknown toolbars appear on the browser. If you ever
notice any weird phenomena on your computer such as homepage change, constant
popping ups, and new add-ons appearance, you should run your antivirus program
to scan the whole system to see if there are any attacks. Then restore the
browser settings manually to repair the browsers. In addition, scan each
downloaded file before running it on computer for security, in case of the virus
or rogue software mix together with others and invade system and post threaten
to computer.
No comments:
Post a Comment