During the last week or so, I have noticed some strange behavior from both Firefox and Internet Explorer. I use the Kerio firewall with the sponge ruleset. Lately whenever I go to sites such as foxnews or myspace, I get a message from Kerio saying that my browser is trying to connect to IP 205.177.95.78/79. The ruleset I'm using identifies this IP block as being associated with CoolWebSearch and blocks the connection. I haven't experienced any form of browser hijacking and I've run CWShredder numerous times. I use the Hoster program to manage my hosts file. It keeps the file set to read only. This problem doesn't occur with all web sites and it doesn't always happen on sites like foxnews.com. When it happens there are many times where my browser will say that it can't connect at all and the site can't be displayed. Has anyone else encountered anything like this? Any suggestions? I would appreciate any feedback.

Hello,
Maybe you have CWS infection piggybacking?
Mrk

AFAIK the current incarnation of CWShredder from intermute has not been keeping up with latest versions of the trojan.

Have you scanned with your AV ? Which is it?
Have you done any other scans with any other tools?
If you haven't already;try the free on line scans from
KAV: http://www.kaspersky.com/virusscanner
Trend: http://housecall.trendmicro.com/
Dl and run Gmer and look for hidden services: http://www.gmer.net/index.php

go to http://gladiator-antivirus.com/forum/index.php?showforum=170 and get help if you need to.

Tell us what happens.