How can I remove ShopNav Hijacker?


I downloaded a free version of AD Aware and have been using it regularly to keep my computer clean of spyware. A recent scan turned some malware called ShopNav Hijacker and I am unable to delete it or quarentine it .the scan said it was located in Windows sys. 32

Is there any way I can remove this. The T.A.C. rateing on it is 8 and I'm concerned it will cause permanent damage to my computer

Thanks for your help



This question was answered on December 9, 2004. Much of the information contained herein may have changed since posting.

Manual Spy Bot Removal > ShopNav

ShopNav is a search-hijacker implemented as an Internet Explorer Browser Helper Object, with an updater process run at startup

Address bar searches, the Search explorer bar, unknown domains, and, in some variants, non-www server names entered into the address bar without the preceding 'http://' will be sent to Srng's controlling server, which redirects to a search service at

Also known as

Srng , after the folder name and domain name used by ShopNav


ShopNav/IE was the initial variant, using separate DLLs for its BHO (IEHelper.dll) and search hijacker (SearchHook.dll)

ShopNav/SN is an update using only one BHO DLL, SNHelper.dll


Distributed with versions of Grokster from March 2003 Not mentioned in (the over 30,000 words of) licence agreement



Privacy violation

Minor When installed it sends details including your Windows account name and your previous search settings to its controlling server

Security issues

Yes Can download and install arbitrary code from its controlling server, as an update feature

Stability problems

None known


Open the registry (click 'Start', choose 'Run', and type 'regedit'), and find the key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run In the list of values on the right, delete the 'srng' entry

Next, open a DOS command prompt window (from Start->Programs->Accessories) and enter the following commands, for the IE variant:

cd "%WiDir%\Sstem"

regsvr32 /u "\Program Files\Srng\SearchHook.dll"

regsvr32 /u "\Program Files\Srng\IEHelper.dll"

Or for the SN variant:

cd "%WiDir%\Sstem"

regsvr32 /u "\Program Files\Srng\SNHelper.dll"

Restart the machine and you should be able to delete the 'Srng' folder inside the Program Files folder You can also open the registry (Start->Run->regedit) and delete key HKEY_LOCAL_MACHINE\SOFTWARE\Srng, and delete the 'words.lst' file in the Windows folder to clean up if you like

Finally, restore the normal search settings (Internet Options->Programs->Reset Web Settings)

Need Help with this Issue?

We help people with technology! It's what we do.
Schedule an Appointment with a location for help!


Posted by Henry of Katharine Gibbs School - New York on December 9, 2004