The latest variants of the CoolWebSearch trojan are a little bit nasty and like all CWS variants are apparently mutating on a regular basis. It seems like they spend a real lot of time trying to find every nasty trick that can be pulled and then bundling it all together for our web-browsing pleasure.

Anyway it is typified by some large warning banner or other overtaking the desktop (hence 'DesktopHijack') and installation of various dubious Spyware/Virus removal programs. There are now some tools about to help automate it's removal. Although from experience I can tell you they may not completely solve your issues they should at least recover your PC to a usable state, you may need to delete the HOSTS file to further the process but it depends on what other crap you have accumulated.


http://www.bleepingcomputer.com/files/reg/smitfraud.reg registry patch to remove many of the smitfraud modifications.
http://www.spywareedge.net/tools/smitRem.zip Automated removal of Smitfraud earlier variant.
http://www.intermute.com/spysubtract/cwshredder_download.html the latest version of the CWS removal tool - now owned and maintained by Trend Micro.
http://www.pandasoftware.com/products/activescan/com/activescan_principal.htm Panda Antivirus online scan - Panda is very good.


There is a detailed listing of the earlier SmitFraud variants and what it does at Symantec
http://securityresponse.symantec.com/avcenter/venc/data/w32.desktophijack.html
http://securityresponse.symantec.com/avcenter/venc/data/trojan.desktophijack.b.html

Great info. Thanks for sharing and trying to keep us safe.

The original banner was along the lines of

'an error was caused by Trojan-Spy.Smitfraud.c'

And a load of other gunk, that should attract some hits once google has done it's job.
trojan-spy.smitfraud.c remove removal fix repair spyware virus
oops - started writing a keywords list:p