Keith Dunlap had never even heard of Cool-search.net. But one day last December, as he opened the browser on his home PC, the site filled his display.
The browsers Internet Options window showed his home page had been changed to the arcane address t.rack.cc/hp.php. Dunlap, a researcher at the Wood Science & Technology Institute in Corvallis, Oregon, reentered his old one. But when the system rebooted, his browser jumped to Superbookmark.com, another site he didnt know. Sure enough, that mysterious home page setting was back. He rebooted again, and his browser jumped to a third unwanted site: Real-Yellow-Page.com. Obviously, something was lurking on his PC, and he feared it was tracking his behavior.
Dunlap had already installed PepiMK Softwares Spybot Search & Destroy 1.2 (reviewed in this story), a tool designed to detect and remove this sort of sinister software. Spybots engine, he discovered, had been turned off. "I dont know if the spyware was to blame," Dunlap says. "But Spybots immunization tools were no longer running." Even when he turned it on, Spybot detected no spyware-related files. Dunlap manually removed all references to t.rack.cc/hp.php in the Windows Registry. He rebooted, and they came back.
Dunlaps machine was infected with CoolWebSearch, one of many spyware applications threatening the worlds computing devices—a late-breaking Trojan horse so nasty that only one app we tested, Lavasofts Ad-aware Plus 6, could find it—and none could remove it. There is, however, a standalone app called CWShredder (available at www.spywareinfo.com) that can get rid of CoolWebSearch.
Spyware apps sneak onto your machine when you download many file-sharing services, open infected e-mails, or click on dubious Internet pop-up ads. They can manipulate your system, record your habits, and steal your passwords and credit card numbers. Depending on their degree of aggressiveness, they can steal your privacy or even your identity. And they can be terribly difficult to remove.