Jump to content

CoolWeb - Protect your system


nellie2
 Share

Recommended Posts

As you are no doubt aware, some of the major problems that are around on the internet at the moment are what's known as Coolweb infections. Merijn Bellekom's CoolWeb Shredder has been an excellent tool for dealing with this up to now but these infections are getting more and more complicated and difficult to remove.

This is some of what Merijn has to say about it;

We are pretty sure now CoolWebSearch is part of a new strain of trojans that have recently been identified that all have one thing in common: they install through the ByteVerify exploit in the MS Java VM and change the IE homepage, search page, search bar, etc.
See here for more.

Merijn has posted information on his site about how to uninstall MS Virtual Machine and install Sun Java.

see here

Link to comment
Share on other sites

Still unable to contact.

I am tempted to ask, though: If this Coolweb tning is using a weakness of a MS utility, why aren't MS doing something about it? Where's the critical update to stop this? Or is Bill Gates still suffering a fit of pique because he's lost, or losing, a legal battle with Sun systems?

Link to comment
Share on other sites

Still unable to contact.

I am tempted to ask, though: If this Coolweb tning is using a weakness of a MS utility, why aren't MS doing something about it? Where's the critical update to stop this? Or is Bill Gates still suffering a fit of pique because he's lost, or losing, a legal battle with Sun systems?

Well I think to an extent if this was a major problem then it would be looked at but by who?

I thought Microsoft were not allowed MS VM anymore because of the Sun Jave case?

So who would fix it.

Installing Sun Java is the easiest thing around it [uninstalling MSVM even].

But and i cn only speak for myself, MSIE and MSVM no infection what-so-ever.

I think its all down to what websites you visit if you know what i mean.

Link to comment
Share on other sites

If there are computers with MSVM installed (which, undoubtedly there are) and it is causing a problem, BG should arrange for removal. It appears that MSVM is possibly being used illegally or, at least against Mr Sun's wishes.

The Coolweb thing is not causing me a problem, nor would I like it to so, to this end, I would wish to have the means at my disposal for it to remain that way. Hence my wish to contact the relevant website and do what I can to grant my wish.

N.B. I do have Sun Java installed as an add-on to Opera. It isn't used as far as I'm aware.

Link to comment
Share on other sites

I am tempted to ask, though: If this Coolweb tning is using a weakness of a MS utility, why aren't MS doing something about it?

No Critical update because MSVM is not supported, MS have done something, I think SP1a actually uninstalls MSVM... but probably not because of cool web but because of the legal implications with Sun.

Link to comment
Share on other sites

I am tempted to ask, though: If this Coolweb tning is using a weakness of a MS utility, why aren't MS doing something about it?

No Critical update because MSVM is not supported, MS have done something, I think SP1a actually uninstalls MSVM... but probably not because of cool web but because of the legal implications with Sun.

SP1a does not even include MSVM.

Link to comment
Share on other sites

From nels link:- removing the Ms java VM.

1) Click Start/run and enter:

RunDll32 advpack.dll,LaunchINFSection java.inf,UnInstall

2) Click "Yes" to confirm the uninstall and restart your system when complete.

3) Delete the following if they are still present:

The Folder C:\windows\java

C:\windows\inf\java.pnf

C:\windows\system32\jview.exe

C:\windows\system32\wjview.exe

4) Click Start/Run and enter "regedit" to start the registry editor.

5) Browse to the following keys, highlight them and delete.

HKEY_LOCAL_MACHINE\Software\Microsoft\Java VM

HKEY_LOCAL_MACHINE\Software\Microsoft\InternetExplorer\AdvancedOptions\JAVA_VM

For Windows NT4 and Windows 2000, replace C:\windows with. C:\winnt

For Windows 95-98-98SE and ME, replace C:\windows\system32 with. C:\windows\system

You can now download the Sun Java from here.

http://www.java.com/

[Edit] Comma's and spaces are intended and copied as is from the link.

Link to comment
Share on other sites

Before doing anything positive to my current machine about this, I thought I'd do a search for the MS VM. Nothing was found anywhere.

My old machine, though, does have it and that alone has decided for me that I will reformat and reinstall. Oh, lordy, what a job :(

I'm sure that a number of machines I've built will also have MSVM and I think most of the owners won't want a re-install so the info given will be very useful.

Link to comment
Share on other sites

Hmmm.... well I have just done a log on another site that was infected with CoolWeb and they had Sunjava installed!! :huh:

I can only assume that they didn't uninstall MSVM... as that stays as the default unless you take it off!

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue. Privacy Policy