Manual removal Open a DOS command prompt window (from Start->Programs->Accessories), and enter the following commands: cd "%WinDir%\System" regsvr32 /u "..\winshow.dll" Restart the computer and you should be able to delete the files winshow.dll, winshow.cfg and dict.dat from the Windows folder. // Andy -----Original Message----- From: thelist-bounces at lists.evolt.org [mailto:thelist-bounces at lists.evolt.org] On Behalf Of Andre Genic Sent: Tuesday, September 16, 2003 4:04 AM To: Thelist at Lists. Evolt. Org Subject: [thelist] Weird IE6 Hijacking Help!!! Seems as though someone has hijacked my IE6, for some reason when I visit a site that uses pop ups, a second one opens up and goes to this IP address 184.108.40.206 which goes back to a hosting company in NYC. The site itself http://220.127.116.11 is like one of those spammy search engine pages called 8ad.com strange thing is they offer a link "Uninstall WinShow PopUps", how the hell did their WinShoW PopUps get on my machine in the first place, I don't download anything remotely dodgy or go on porn sites. A whois shows just how serious these people are about business, they display this as there contact number +1.123456789 It's the source of the same 3 ads that are driving me nuts, now I've done everything I know to get rid of this, but it's still happening, cleared cache, cookies, reset IE6, the only thing left is the registry, is it even possible to get into the registry through the browser? well what I mean is, is it possible for embedded code to even get from the browser into the registry? Any help here would be great, because I'm real close to pulling IE6, plus I want to report these clowns for all the hassle It's causing me any suggestions. Andre... -- * * Please support the community that supports you. * * http://evolt.org/help_support_evolt/ For unsubscribe and other options, including the Tip Harvester and archives of thelist go to: http://lists.evolt.org Workers of the Web, evolt !