adware.winfavorites is an adware program that may have two components: an executable file and a browser helper object.
when adware.winfavorites is executed, it does the following:
attempts to insert the files:
bridge.dll
bridge.inf
creates the following registry key:
hkey_local_machine\software\microsoft\windows\currentversion\explorer\
browser helper objects\{9c691a33-7dda-4c2f-be4c-c176083f35cf}
adds the value:
"systray"=""
to the registry key:
hkey_local_machine\software\microsoft\windows\currentversion\run
so that the adware runs when you start windows.
creates a registry key:
hkey_local_machine\software\microsoft\windows\currentversion\uninstall\bridge
attempts to download files from www.flingstone.com.
########################
the following text comes from:
http://www.kephyr.com/spywarescanner/library/winfavorites/index.phtml
# manual removal
please follow the instructions below if you would like to remove winfavorites manually. please notice that you must follow the instructions very carefully and delete everything that is mentioned. in most cases the removal will fail if one single item is not deleted. if bazooka still detects winfavorites after stepping through the removal instructions, please double-check by stepping through them again.
start the registry editor. this is done by clicking start then run. (the run dialog will appear.) type regedit and click ok. (the registry editor will open.)
browse to the key:
'hkey_local_machine \ software \ microsoft \ windows \ currentversion \ run'
in the right pane, delete the value called 'winfavorites' or 'clock.sync', if it exists.
exit the registry editor.
restart your computer.
start windows explorer and delete:
%programsdir%\winfavorites\
note: %programsdir% is a variable (?). by default, this is c:\program files.
如对本文有疑问,
点击进行留言回复!!
相关文章:
-
-
-
-
-
-
-
-
-
-
-
微软有史以来最严重漏洞的弥补
6月10日凌晨微软发布了有史以来严重漏洞补丁升级公告!我们先看看严重会对用户直接造成经济损失的漏洞情况:
严重-MS09-022:Windows 打印后台处理...
[阅读全文]
网友评论