Freeware. InterMute’s CWShredder Update Defeats Polymorphic CoolWebSearch Spyware

Unrelenting Browser Hijacker ‘HomeSearch’ Is Easily Removed With New CWShredder

InterMute, Inc., a leading provider of best-of-breed Internet security and content filtering solutions, today announced a significant upgrade of CWShredder(TM) (Version 2.12) that eradicates browser hijacker HomeSearch. This polymorphic spyware takes control of a user’s homepage settings and is considered to be one of the most tenacious browser hijackers. HomeSearch continuously changes its own file name to defy anti-spyware detection. No matter how many times a user tries to remove HomeSearch, it puts itself back in control of the user’s browser, not allowing the original homepage to appear.

Nicknamed “gremlinware” because it always comes back, HomeSearch is extremely persistent, replicating and reinstalling itself when removal is attempted. “It wants to stay alive,” said Ed English, CEO and founder of InterMute, Inc.

Polymorphic spyware like HomeSearch defeats traditional file name and signature scanning techniques by modifying file names and file contents when they replicate themselves. Due to their continuously morphing and mutating nature, they can not be removed with conventional anti-spyware tools.

Not only is HomeSearch completely invisible during installation but also it installs to a variety of locations on a user’s hard drive with different file names. HomeSearch attaches itself directly to Internet Explorer as a Brower Helper Object. BHOs are small programs that run automatically every time the IE browser is launched. Some BHOs are benign because they help users, for example, identify file formats without having them to specifically open the correct application. However, in this case the HomeSearch spyware manipulates IE to establish a homepage of its choice, not of the user’s.