CoolWWWSearch.CameUP

Discussion in 'adware, spyware & hijack cleaning' started by Smokey, Apr 17, 2004.

Thread Status:
Not open for further replies.
  1. Smokey

    Smokey Registered Member

    Joined:
    Apr 1, 2002
    Posts:
    1,514
    Location:
    Annie's Pub
    Who knows more about a variant of CoolWWWSearch, CoolWWWSearch.CameUp?

    On the net I can't find any information about this variant.

    register key:

    CoolWWWSearch.CameUp: Class ID HKEY_CLASSES_ROOT\CLSID\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}

    Ciao,

    Smokey
     
    Smokey, Apr 17, 2004
    #1
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,491
    Location:
    Netherlands
    Hi Smokey,

    Can you give me some more background info.
    That CLSID does not match CWS as far as I know.

    Regards,

    Pieter
     
    Pieter_Arntz, Apr 17, 2004
    #2
  3. Smokey

    Smokey Registered Member

    Joined:
    Apr 1, 2002
    Posts:
    1,514
    Location:
    Annie's Pub
    Hi P-A!

    It was found by Spybot S&D v1.3 RC3, it's my problem too that it does not match CWS....

    Log S&D:

    CoolWWWSearch.CameUp: Class ID (Registry key, nothing done)
    HKEY_CLASSES_ROOT\CLSID\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}

    --- Spybot - Search && Destroy version: 1.3 rc 3 ---
    2004-04-14 Includes\Cookies.sbi
    2004-04-14 Includes\Dialer.sbi
    2004-04-14 Includes\Hijackers.sbi
    2004-04-14 Includes\Keyloggers.sbi
    2004-04-14 Includes\LSP.sbi
    2004-04-14 Includes\Malware.sbi
    2004-04-14 Includes\Revision.sbi
    2004-04-14 Includes\Security.sbi
    2004-04-14 Includes\Spybots.sbi
    2004-04-14 Includes\Tracks.uti
    2004-04-14 Includes\Trojans.sbi

    With a registry search I found this results:

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}\InprocServer32]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}\ProgID]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}\Programmable]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}\TypeLib]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}\VersionIndependentProgID]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DMBar.ToolBandObj.1\CLSID]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DMBar.ToolBandObj.1\CLSID]

    @="{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DMBar.ToolBandObj\CLSID]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DMBar.ToolBandObj\CLSID]

    @="{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

    "{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}"="IDA Bar"

    OS: Windows XP Professional SP1


    Ciao,

    Smokey
     
    Smokey, Apr 17, 2004
    #3
  4. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,491
    Location:
    Netherlands
    Hi Smokey,

    The entries I quoted explain the legit presence of that CLSID.
    I am not sure if Patrick found a liaison to CWS that escaped everyone else or if it is a f/p.


    Regards,

    Pieter
     
    Pieter_Arntz, Apr 17, 2004
    #4
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...