Anyone experience hijack attempts when going to Java cool site?

Hi foderboder,

We've actually been researching this since you first posted. So far, we've found nothing wrong at the main website or any of the download servers, but we didn't expect to either. The hijacker you are describing is one of the most current and most powerful ones out there. Once you get it on your system, it strikes at odd times, especially when you are trying to remove it.

There's a technical posting that only just scratches the surface of this one. It's posted here (post #26):

https://www.wilderssecurity.com/showthread.php?p=198412

(Note that the dll name can vary with these infections and still be the same spyware module.) The experts are looking at better detection and prevention techniques. If you find any additional information on this, please reply and post it here. Thanks!

 

javacool.com is a japanese/korean website with some what appears to be dodgy javascript embedded in it & it's distinctly possible taht you might have picked up the CWS hijack from there

As far as can be worked out the latest versions of CWS which you appear to have get installed via undocumented security holes in Windows that M$ are working on to fix.

If you were trying to update spywasterblaster or spyware guard to protect yourself agsain hijackingb then you should be going to http://www.javacoolsoftware.com/index.html

Unfortunately neither we on these forums or Javacool software have any control over the domain name of javacool.com which sounds like it might be one of the places that is causing the infection

All the CWS hijacks originate in Russia but because a lot of money is involved many previously innocent websites have unwittingly installed the code on their sites thinking that they will be paid affiliate fees & earn a few $