[thelist] Weird IE6 Hijacking

Andrew Raymond andyray at gmx.net
Tue Sep 16 12:57:24 CDT 2003

Manual removal 

Open a DOS command prompt window (from Start->Programs->Accessories),
and enter the following commands: 

cd "%WinDir%\System" 
regsvr32 /u "..\winshow.dll" 

Restart the computer and you should be able to delete the files
winshow.dll, winshow.cfg and dict.dat from the Windows folder. 



-----Original Message-----
From: thelist-bounces at lists.evolt.org
[mailto:thelist-bounces at lists.evolt.org] On Behalf Of Andre Genic
Sent: Tuesday, September 16, 2003 4:04 AM
To: Thelist at Lists. Evolt. Org
Subject: [thelist] Weird IE6 Hijacking


Seems as though someone has hijacked my IE6, for some reason when I
visit a
site that uses pop ups, a second one opens up and goes to this IP
address which goes back to a hosting company in NYC.

The site itself is like one of those spammy search
engine pages called 8ad.com strange thing is they offer a link
WinShow PopUps", how the hell did their WinShoW PopUps get on my machine
the first place, I don't download anything remotely dodgy or go on porn

A whois shows just how serious these people are about business, they
this as there contact number +1.123456789

It's the source of the same 3 ads that are driving me nuts, now I've
everything I know to get rid of this, but it's still happening, cleared
cache, cookies, reset IE6, the only thing left is the registry, is it
possible to get into the registry through the browser? well what I mean
is it possible for embedded code to even get from the browser into the

Any help here would be great, because I'm real close to pulling IE6,
plus I
want to report these clowns for all the hassle It's causing me any


* * Please support the community that supports you.  * *

For unsubscribe and other options, including the Tip Harvester 
and archives of thelist go to: http://lists.evolt.org 
Workers of the Web, evolt ! 

More information about the thelist mailing list