AutoSearch Description:
AutoSearch is an IE Browser Helper Object that
hijacks address-bar searches. It knows about some
of the other prevalent search-hijackers? IGetNet
, CommonName
and NewDotNet
?and will steal back any address bar searches
they take over.
Also known as: AutoSearch BHO\Hijacker
by Ad-Aware. MSInfoSys after its filename.
AutoSearch Automatic Removal:
Using BPS
Adware and Spyware Remover to remove
AutoSearch AUTOMATICALLY!
Sponsored Links:
AutoSearch Manual Removal:
Open a DOS command prompt window (from
Start->Programs->Accessories) and enter the
following commands:
cd "%WinDir%\System"
regsvr32 /u msinfosys.dll
You should now be able to delete the 'msinfosys.dll'
file in your System folder (inside the Windows
folder; called 'System32' on Windows NT/2000/XP).
It is believed that AutoSearch is installed
with or by Wink/ASWnk. Check your system for this
parasite.
Wink removal
Wink is a family of parasites based on an
original dialler. It cannot be detected by the
script at this site. Some variants of Wink are
actual diallers; others have had this function
disabled and act as adware. Wink can download and
execute arbitrary unsigned code from its
controlling server at 204.177.92.204. It also
puts an entry in Add/Remove Programs to run a
file '[variant name]_uninstall.exe' in the
Windows System folder, which doesn't uninstall
the software, but in dialler variants makes the
software hide instead of showing itself at
startup.
Wink can be spotted by opening the registry
(click 'Start', choose 'Run', enter 'regedit')
and finding the key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run;
Wink variants have a characteristic run string
ending in '/noconnect'. This entry should be
deleted, along with the key HKEY_CURRENT_USER\Software\SiteIcons,
and, in dialler variants, HKEY_CLASSES_ROOT\.WINK
and HKEY_CLASSES_ROOT\WINK File. If you use
Netscape 4, dialler variants will also add
themselves to the 'User Trusted External
Applications' in HKEY_CURRENT_USER\Software\Netscape\Netscape
Navigator; its entries here should be deleted.
Then restart and delete the program file,
which usually lives in a folder called 'dialers'
in 'C:\Program Files', but see the following
variants:
Wink/Party : dialler, program file in
'files\dialers\online_party\online_party.exe'.
Wink/hot : various diallers: at least
hot_swiss, hot_canada and hotsurprise_in have
been seen. Program file is in the form 'dialers\hot_swiss\hot_swiss.exe'
(and so on for the other variants).
Wink/HornyCam : various diallers: at least
hornycam_jp has been seen. Program file is in the
form 'comsoft\dialers\hornycam_jp\hornycam_jp.exe'.
Wink/EasyDates : various diallers: at least
hornycam_jp has been seen. Program file is in the
form 'comsoft\dialers\easydates_jp\easydates_jp.exe'.
Wink/UKVideo2 : another dialler, program file
'dialers\ukvideo2\ukvideo2.exe'.
Wink/VideoAction : more diallers: at least
videoaction_se has been seen. Program file in the
form 'comsoft\dialers\videoaction_se\videoaction_se.exe'.
Wink/DateMaker : more diallers: at least
datemakerspain and datemakerintl have been seen.
Program file in the form 'dialers\datemakerspain\datemakerspain.exe'
and so on. Uses registry key 'HKEY_CLASSES_ROOT\dting
File' instead of 'WINK file'. Detected by Sophos
anti-virus as Dial/Datemake and by Panda
anti-virus as Trj/Pornspa.
Wink/ASWnk : not a dialler. Opens pop-up ads
from fassia.net. Program file is ASWnk.exe in a
Program Files folder called 'primesoft\ASWnk'
(instead of the usual 'dialers').
Wink/nsdlua : not a dialler. Opens pop-up ads
from (deep breath)
0-ol1oiz-xolxii1-oxli10ozl1l1-o-l-11-iizxp-l-0o-oll11iz0oil-ol.com.
Program file is 'dialers\nsdlua\nsdlua.exe'. This
is known to be loaded as a fake pop-up-killer
application (which claims it has failed to run),
by stopannoyingpopups.com; exploitation of an IE
security hole is suspected here.
Wink/dluca : not a dialler. Program file is 'msinstall\dlu32\dluca\dluca.exe',
hidden in the Windows System[32] folder instead
of Program Files.
Wink/infwin : not a dialler. Program file is 'infwin.exe',
hidden in the Windows System[32] folder instead
of Program Files.
Wink/win and Wink/win32 : not a dialler.
Program file depends on country; at least 'winde.exe',
'win32us.exe', 'win32gb.exe' have been seen, in
the Windows System[32] folder.
More
Removal Instructions for Adware/Spyware Programs - 'A'
| 
