IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice

Bootconf.exe << What the hell is this

766 Views 2 Replies 3 Participants Last post by Davey7549, Sep 13, 2003

ipconfig

Discussion Starter · Sep 13, 2003

Ive got this file on my C drive (not in System32 folder) and nortons antivirus tells me its a trojan. How can I get rid of it...
Please Help

Save

Status: Not open for further replies.

1 - 3 of 3 Posts

Top Banana

· #2 · Sep 13, 2003

You need CoolWebShredder.

Save

Just for information since TB is on top of the situation......

----------- Bootconf -------------
CoolWebSearch/BootConf: drops a user CSS file in the same way as DataNotary, but pointing at www.coolwebsearch.com. Also hijacks the home page and all search settings to point to coolwebsearch, and hacks the DNS Hosts file to redirect access of MSN address-bar search to coolwebsearch.com. The site names are obfuscated using URL-encoding (%XX) to make them difficult to read. A program bootconf.exe is set up to run on every startup, resetting the hijack. Finally coolwebsearch.com is added to the Trusted Sites list, along with msn.com, whom coolwebsearch are also impersonating.

Quote from http://www.doxdesk.com/parasite/CoolWebSearch.html
---------------------------------------

Dave

PS: Coolweb is a nasty nasty so follow Top Banana's suggestions to the tee getting all bits off your system.

Save

1 - 3 of 3 Posts

Status: Not open for further replies.

Top Contributors this Month