So I might be making a silly request, but I've been searching around for about an hour and I haven't seen my answer obviously posted anywhere. I notice that lots of people are victims of CWS hijacking, but no one indicates where they were browsing to receive the CWS installation. I write scripts and provide solutions to remove software for users at my job. The first thing that I always have before trying to determine how a piece of software installs itself is to get my hands on the installation package. If anyone has a copy of the installer or if they know what URL they were browsing to on the web when they were hijacked, making this information public would be very useful for those of us who are working to provide solutions to remove the nastyware. This seems so obvious to me that such information would be valuable. Perhaps I overlooked the link that says, "WHATEVER YOU DO, DON'T CLICK ON THIS LINK, BUT HERE IS THE INSTALL SOURCE FOR CWS", but I have not seen it yet. I do realize that casual browsing does not lend itself to any sort of scientific method that would help us determine the origins of the CWS install, but I thought it would be worth asking.