How can I remove ShopNav Hijacker?

Question

I downloaded a free version of AD Aware and have been using it regularly to keep my computer clean of spyware. A recent scan turned some malware called ShopNav Hijacker and I am unable to delete it or quarentine it .the scan said it was located in Windows sys. 32

Is there any way I can remove this. The T.A.C. rateing on it is 8 and I'm concerned it will cause permanent damage to my computer

Thanks for your help

Bob

Answer

This question was answered on December 9, 2004. Much of the information contained herein may have changed since posting.

Manual Spy Bot Removal > ShopNav

ShopNav is a search-hijacker implemented as an Internet Explorer Browser Helper Object, with an updater process run at startup

Address bar searches, the Search explorer bar, unknown domains, and, in some variants, non-www server names entered into the address bar without the preceding 'http://' will be sent to Srng's controlling server www.srng.net, which redirects to a search service at apps.webservicehost.com

Also known as

Srng , after the folder name and domain name used by ShopNav

Variants

ShopNav/IE was the initial variant, using separate DLLs for its BHO (IEHelper.dll) and search hijacker (SearchHook.dll)

ShopNav/SN is an update using only one BHO DLL, SNHelper.dll

Distribution

Distributed with versions of Grokster from March 2003 Not mentioned in (the over 30,000 words of) licence agreement

Advertising

No

Privacy violation

Minor When installed it sends details including your Windows account name and your previous search settings to its controlling server

Security issues

Yes Can download and install arbitrary code from its controlling server, as an update feature

Stability problems

None known

Removal

Open the registry (click 'Start', choose 'Run', and type 'regedit'), and find the key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run In the list of values on the right, delete the 'srng' entry

Next, open a DOS command prompt window (from Start->Programs->Accessories) and enter the following commands, for the IE variant:

cd "%WiDir%\Sstem"

regsvr32 /u "\Program Files\Srng\SearchHook.dll"

regsvr32 /u "\Program Files\Srng\IEHelper.dll"

Or for the SN variant:

cd "%WiDir%\Sstem"

regsvr32 /u "\Program Files\Srng\SNHelper.dll"

Restart the machine and you should be able to delete the 'Srng' folder inside the Program Files folder You can also open the registry (Start->Run->regedit) and delete key HKEY_LOCAL_MACHINE\SOFTWARE\Srng, and delete the 'words.lst' file in the Windows folder to clean up if you like

Finally, restore the normal search settings (Internet Options->Programs->Reset Web Settings)

Need Help with this Issue?

We help people with technology! It's what we do.
Schedule an Appointment with a location for help!

Author

Posted by Henry of Katharine Gibbs School - New York on December 9, 2004