Worse Than a Bug: Cockroach Code

[SECURITY SERIES] The Sneakiest Kinds of Malware

By John C. Dvorak

I do a few things to keep my Windows computer humming at full speed, including maintaining a clean registry using various tools such as Iolo System Mechanic and Glary Utilities. My current antivirus of choice is avast!. When I boot I actually do a CTL-ALT-DEL and look at the processes running in Task Manager to see if anything sneaky has gotten into the machine. While I’m there I kill a number of processes that are running for no good reason such as Skype, Dropbox, and other background tasks.

If I want to use Skype I will boot Skype.

Even with all this care I frequently run into a kind of browser-based malware that doesn’t necessarily show itself to antivirus software or much of anything. I call it cockroach code.

It generally takes the form of a browser hijacker. They become apparent when your browser starts acting up or slowing down. You see it when you open a new tab and discover something is in there besides a visual menu of common sites you visit. If a search bar from some alien search engine appears, you have a problem. You have a cockroach!

Often some of these hijack programs are listed in browser add-ons, extensions, or plug-ins. More often than not, they are invisible and need to be hunted down and expunged from your system.

Two of the bad actors that you will probably run into the most are Conduit Search and CoolWebSearch. Both are nasty pieces of cockroach code that embed here and there and are very elusive. They can ruin the performance of your computer because they are robbing cycles to report details of your activity back to base. Both deliver ads where they are unwelcome and on sites that normally have no ads. Companies that use these systems to advertise should be condemned.

The worse aspect of this code is that it hitches a ride with other software from download sites. Most download sites have become a mess of misleading links asking you if you want to download all sorts of alien code, none of which is what you wanted in the first place. In some instances it is almost impossible to find the download you want.

Google does not help. It will often guide you to an odd alternative site for commonly loaded code. For example, when you want a copy of Open Office you should only go to openoffice.org and none of the sites claiming to be the Open Office site. Google’s search results show’s ads first, all links questionable download sites.


A lot of the genuine download sites are still cluttered with alternative things to download. Many of these “try it, you’ll like it” or “you need this” software is loaded with cockroach code that you end up installing by accident during the yes/no dialog box barrage.

What to do? Well, the best free tool I have found is the anti-malware/anti-adware product Malwarebytes. It’s a PCMag Editors’ Choice, considered best of breed, and I routinely use the free version every few months when I’m seeing performance issues within the browser environment. Best of all, it is one of the very few tools I have found that actually finds and removes all the instances of Conduit. No easy chore.

Do yourself a favor and clean up your Windows system more often. This product is a good start.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: