CoolWWWSearch.CameUP

Discussion in 'adware, spyware & hijack cleaning' started by Smokey, Apr 17, 2004.

Thread Status:
Not open for further replies.
  1. Smokey

    Smokey Registered Member

    Joined:
    Apr 1, 2002
    Posts:
    1,513
    Location:
    Annie's Pub
    Who knows more about a variant of CoolWWWSearch, CoolWWWSearch.CameUp?

    On the net I can't find any information about this variant.

    register key:

    CoolWWWSearch.CameUp: Class ID HKEY_CLASSES_ROOT\CLSID\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}

    Ciao,

    Smokey
     
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    Hi Smokey,

    Can you give me some more background info.
    That CLSID does not match CWS as far as I know.

    Regards,

    Pieter
     
  3. Smokey

    Smokey Registered Member

    Joined:
    Apr 1, 2002
    Posts:
    1,513
    Location:
    Annie's Pub
    Hi P-A!

    It was found by Spybot S&D v1.3 RC3, it's my problem too that it does not match CWS....

    Log S&D:

    CoolWWWSearch.CameUp: Class ID (Registry key, nothing done)
    HKEY_CLASSES_ROOT\CLSID\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}

    --- Spybot - Search && Destroy version: 1.3 rc 3 ---
    2004-04-14 Includes\Cookies.sbi
    2004-04-14 Includes\Dialer.sbi
    2004-04-14 Includes\Hijackers.sbi
    2004-04-14 Includes\Keyloggers.sbi
    2004-04-14 Includes\LSP.sbi
    2004-04-14 Includes\Malware.sbi
    2004-04-14 Includes\Revision.sbi
    2004-04-14 Includes\Security.sbi
    2004-04-14 Includes\Spybots.sbi
    2004-04-14 Includes\Tracks.uti
    2004-04-14 Includes\Trojans.sbi

    With a registry search I found this results:

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}\InprocServer32]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}\ProgID]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}\Programmable]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}\TypeLib]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}\VersionIndependentProgID]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DMBar.ToolBandObj.1\CLSID]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DMBar.ToolBandObj.1\CLSID]

    @="{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DMBar.ToolBandObj\CLSID]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DMBar.ToolBandObj\CLSID]

    @="{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

    "{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}"="IDA Bar"

    OS: Windows XP Professional SP1


    Ciao,

    Smokey
     
  4. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    Hi Smokey,

    The entries I quoted explain the legit presence of that CLSID.
    I am not sure if Patrick found a liaison to CWS that escaped everyone else or if it is a f/p.


    Regards,

    Pieter
     
Thread Status:
Not open for further replies.