CoolWebSearch Trojans, Zwinky, and Malware from Dream World on Facebook

Discussion in 'General' started by popowich, Mar 24, 2010.

  1. popowich

    popowich EQ Forum Admin Staff Member

    Joined:
    Aug 12, 2008
    Messages:
    9,001
    Likes Received:
    120
    Hello,

    I'm slightly embarrassed to admit this but my computer picked up a nasty infection of the CoolWebSearch family of malware / trojans. The infection came from links within a Facebook application called Dream World. To get bonus rewards in the game (similar to the rewards system in Mafia Wars) you need to click the links and give them your junk email address. I'm a dummy and clicked some of the links and my computer was infected. I'm disappointed but not surprised that Facebook allows the application programmers to get away with linking to malware sites. Everyone is in it for the money. Anyway, after trying several tools I was able to remove it with Download CWShredder 2.19 - FileHippo.com from Trend Micro.

    CWShredder.JPG

    I initially tried with Spybot S&D. That detected the problem, removed some of it, and tried but failed to remove the rest after starting early after a reboot. I also had MalwareBytes installed which detected up 2 problems and removed them. I'm mostly disappointed, besides with myself and Facebook, with the Avast anti-virus program. I have avast anti-virus installed with all of the providers active and running but all though this I did get a single alarm or warning from Avast. I would have expected Avast to have made some noise. Do you agree?
     


  2. popowich

    popowich EQ Forum Admin Staff Member

    Joined:
    Aug 12, 2008
    Messages:
    9,001
    Likes Received:
    120
    Re: CoolWebSearch Trojans and Malware from Dream World on Facebook

    It's been a couple hours and a few reboots since the problem started. I noticed my Mozilla menu bar (the file, edit, vie, etc options) were blinking and not clickable. I ran a few more scans and am now running yet another scanner hoping that between them all they are able to detected the remove all of the problems that were installed earlier today. The program that I am running now is called A-Squared.

    -Raymond
     

  3. popowich

    popowich EQ Forum Admin Staff Member

    Joined:
    Aug 12, 2008
    Messages:
    9,001
    Likes Received:
    120
    Re: CoolWebSearch Trojans and Malware from Dream World on Facebook

    The problem offer from Dream World is a offer to make an avatar from Zwinky.

    Now that I'm spending a little less time scanning my computer I did some Google searches and see that they have had problems with also installing CoolWebSearch malware dating back to at least 2006 :

    Bits from Bill: What is Zwinky?

    Bits from Bill: Response from MyWebSearch & FunWebProducts

    I contacted the owners of Dream World as well. Their initial response was quick and I'm waiting to see if they and they offer provider drop Zwinky.

    -Raymond
     
  4. jonasbrotherslover97

    jonasbrotherslover97 New Email

    Joined:
    Aug 14, 2008
    Messages:
    2
    Likes Received:
    0
    Re: CoolWebSearch Trojans and Malware from Dream World on Facebook

    My friend installed zwinky on her computer and it put lots of garbage on her computer. STAY AWAY FROM ZWINKY !!!
     
  5. popowich

    popowich EQ Forum Admin Staff Member

    Joined:
    Aug 12, 2008
    Messages:
    9,001
    Likes Received:
    120
    Re: CoolWebSearch Trojans and Malware from Dream World on Facebook

    More scanners, more junk found.

    Obfuscated Trojan.JPG

    At the speed it's going it will be another hour or so until I can get back into my Mozilla (primary web browser)

    When letting Dream world know about the problem I made a crack about them and facebook and wallets. :cool:

    Eye for an eye, I got a nice dig back along with their response :

    It sounds to me like they are at the mercy of offerpal.

    In the meantime, I'll remind everyone with a common sense warning to be careful of what you click and allow to be installed on your computer.

    -Raymond
     

Want to reply or ask your own question?

It only takes a minute to sign up (and it's free!). Click the orange sign up button to choose a username and then you can ask your own questions on the forum.