CoolWebSearch Trojans, Zwinky, and Malware from Dream World on Facebook

EQ Admin

EQ Forum Admin
Staff member
Hello,

I'm slightly embarrassed to admit this but my computer picked up a nasty infection of the CoolWebSearch family of malware / trojans. The infection came from links within a Facebook application called Dream World. To get bonus rewards in the game (similar to the rewards system in Mafia Wars) you need to click the links and give them your junk email address. I'm a dummy and clicked some of the links and my computer was infected. I'm disappointed but not surprised that Facebook allows the application programmers to get away with linking to malware sites. Everyone is in it for the money. Anyway, after trying several tools I was able to remove it with Download CWShredder 2.19 - FileHippo.com from Trend Micro.

CWShredder.JPG

I initially tried with Spybot S&D. That detected the problem, removed some of it, and tried but failed to remove the rest after starting early after a reboot. I also had MalwareBytes installed which detected up 2 problems and removed them. I'm mostly disappointed, besides with myself and Facebook, with the Avast anti-virus program. I have avast anti-virus installed with all of the providers active and running but all though this I did get a single alarm or warning from Avast. I would have expected Avast to have made some noise. Do you agree?
 

EQ Admin

EQ Forum Admin
Staff member
Re: CoolWebSearch Trojans and Malware from Dream World on Facebook

It's been a couple hours and a few reboots since the problem started. I noticed my Mozilla menu bar (the file, edit, vie, etc options) were blinking and not clickable. I ran a few more scans and am now running yet another scanner hoping that between them all they are able to detected the remove all of the problems that were installed earlier today. The program that I am running now is called A-Squared.

-Raymond
 

EQ Admin

EQ Forum Admin
Staff member
Re: CoolWebSearch Trojans and Malware from Dream World on Facebook

The problem offer from Dream World is a offer to make an avatar from Zwinky.

Now that I'm spending a little less time scanning my computer I did some Google searches and see that they have had problems with also installing CoolWebSearch malware dating back to at least 2006 :

Bits from Bill: What is Zwinky?

Bits from Bill: Response from MyWebSearch & FunWebProducts

I contacted the owners of Dream World as well. Their initial response was quick and I'm waiting to see if they and they offer provider drop Zwinky.

-Raymond
 
Re: CoolWebSearch Trojans and Malware from Dream World on Facebook

My friend installed zwinky on her computer and it put lots of garbage on her computer. STAY AWAY FROM ZWINKY !!!
 

EQ Admin

EQ Forum Admin
Staff member
Re: CoolWebSearch Trojans and Malware from Dream World on Facebook

More scanners, more junk found.

Obfuscated Trojan.JPG

At the speed it's going it will be another hour or so until I can get back into my Mozilla (primary web browser)

When letting Dream world know about the problem I made a crack about them and facebook and wallets. :cool:

Eye for an eye, I got a nice dig back along with their response :

Sorry that this caused you much trouble, but just so that you are aware - unless this is a known issue within Offerpal, it will take probably take some time for Offerpal to investigate into the "Zwinky" offer. Also, if and when we decide to remove the offer from our wall, it will be because that we want to provide future Dream World users with better offer experience, not because we are concerned about your forum post (no offense intended).
It sounds to me like they are at the mercy of offerpal.

In the meantime, I'll remind everyone with a common sense warning to be careful of what you click and allow to be installed on your computer.

-Raymond
 
Top