Hijacker . CWS.Wnim (Summary)
home | requirements | help | contact | scan now  

OVER 8 MILLION PEOPLE WORLDWIDE USE NUKER TO PROTECT THEIR PC!
YOU CAN TRY ITS AUDIT TODAY ABSOLUTELY FREE!

FREE SCAN

Free Anti Spyware Audit
Click Here to scan your PC for
CWS.Wnim
free of charge
Hijacker . CWS.Wnim (Summary)

Software Name: CWS.Wnim
Company Name:
Product Name: CWS.Wnim
Classification: Hijacker
Website:

Brief:
Hijacks browser settings. Lowers internet security by reducing IE security and zone settings. Downloads other software and periodically displays pop-up ads from adult sites.

 

IMPORTANT!
Some of the Hijacker.CWS.Wnim components are listed below. The list is compiled as a reference. The list might not be complete and it doesn't represent instructions for manual removal. We DO NOT recommend manual removal. Incorrect removal of certain software might make your computer unstable or even unusable.
Removal of adware component might affect the related ad-supported software.

If you suspect that you have an unwanted instance of CWS.Wnim installed on your computer we recommend a free audit of your system with INAC Anti Spyware.

CWS.Wnim might create following folders (and inject its files inside the folders):

  • %SYSTEM%\Software

  • %WINDOWS%\system\software

CWS.Wnim might create following files (some of the files might be loaded in memory while the software is running):

  • %SYSTEM%\Software\software.exe

  • %PROGRAM_FILES%\Windows Media Player\wmplayer.exe.tmp

  • %SYSTEM%0796.exe

  • %SYSTEM%\dialer.exe

  • %SYSTEM%\jdslg.rrh

  • %SYSTEM%\wnim.dll

CWS.Wnim is often accompanied by the following tracking cookies:

  • t058.com

  • cnt.com

CWS.Wnim might create following registry keys (and inject subkeys and values):

  • HKEY_CLASSES_ROOT\CLSID\{B72F75B8-93F3-429D-B13E-660B206D897A}

  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B72F75B8-93F3-429D-B13E-660B206D897A}

  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Cache\http://allways.drusearch.com*

  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Cache\http://oranger.biz*

  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Best Search Engine!!!

CWS.Wnim might create following registry values:

  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Software

  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Systems Restart

CWS.Wnim might create registry values with following data:

  • HKEY_USERS\*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\awmdabest.com|*|2

  • HKEY_USERS\*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\c4tdownload.com|*|2

  • HKEY_USERS\*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\finefind.net|*|2

  • HKEY_USERS\*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\iframe.biz|*|2

  • HKEY_USERS\*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\megapornix.com|*|2

  • HKEY_USERS\*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\newiframe.biz|*|2

  • HKEY_USERS\*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\overpro.com|*|2

  • HKEY_USERS\*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\pizdato.biz|*|2

  • HKEY_USERS\*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sp2admin.biz|*|2

  • HKEY_USERS\*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sp2fucked.biz|*|2

  • HKEY_USERS\*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\vse-moe.biz|*|2

  • HKEY_USERS\*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\windupdates.com|*|2

  • HKEY_USERS\*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ysbweb.com|*|2

  • HKEY_USERS\*\Software\Microsoft\Internet Explorer\Security|Trust Warning Level|No Security

  • HKEY_USERS\*\Software\Microsoft\Internet Explorer\Security|Safety Warning Level|SucceedSilent

  • HKEY_USERS\*\Software\Microsoft\Windows\CurrentVersion\Internet Settings|CodeDownload|Yes

  • HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/html|CLSID|{B72F75B8-93F3-429D-B13E-660B206D897A}

  • HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/plain|CLSID|{B72F75B8-93F3-429D-B13E-660B206D897A}

  • HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/html|*|{B72F75B8-93F3-429D-B13E-660B206D897A}

  • HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/plain|*|{B72F75B8-93F3-429D-B13E-660B206D897A}

  • HKEY_USERS\*\Software\Microsoft\Internet Explorer\Main|conc|1105547694

  • HKEY_USERS\*\Software\Microsoft\Internet Explorer\Security|Trust Warning LevelNo Security

  • HKEY_USERS\*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\newiframe.biz|*

  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main|FlagInstall|1

CWS.Wnim might insert following entries in the HOSTS file:

  • 127.0.0.1 www.iframedollars.biz

  • 127.0.0.1 iframedollars.biz

  • 127.0.0.1 www.allforadult.com

  • 127.0.0.1 allforadult.com

  • 127.0.0.1 www.vesbiz.biz

  • 127.0.0.1 vesbiz.biz

  • 127.0.0.1 www.aaasexypics.com

  • 127.0.0.1 aaasexypics.com

  • 127.0.0.1 www.virgin-tgp.net

  • 127.0.0.1 virgin-tgp.net

  • 127.0.0.1 www.5sec.biz

  • 127.0.0.1 5sec.biz

  • 127.0.0.1 www.avp.com

  • 127.0.0.1 www.viruslist.com

  • 127.0.0.1 viruslist.com

  • 127.0.0.1 www.symantec.com

  • 127.0.0.1 networkassociates.com

  • 127.0.0.1 secure.nai.com

  • 127.0.0.1 downloads1.kaspersky-labs.com

  • 127.0.0.1 downloads2.kaspersky-labs.com

  • 127.0.0.1 downloads3.kaspersky-labs.com

  • 127.0.0.1 downloads4.kaspersky-labs.com

  • 127.0.0.1 downloads-us1.kaspersky-labs.com

  • 127.0.0.1 downloads-eu1.kaspersky-labs.com

  • 127.0.0.1 kaspersky-labs.com

  • 127.0.0.1 www.networkassociates.com

  • 127.0.0.1 us.mcafee.com

  • 127.0.0.1 f-secure.com

  • 127.0.0.1 avp.com

  • 127.0.0.1 www.sophos.com

  • 127.0.0.1 sophos.com

  • 127.0.0.1 www.ca.com

  • 127.0.0.1 ca.com

  • 127.0.0.1 securityresponse.symantec.com

  • 127.0.0.1 symantec.com

  • 127.0.0.1 mast.mcafee.com

  • 127.0.0.1 my-etrust.com

  • 127.0.0.1 www.kaspersky.com

  • 127.0.0.1 www.f-secure.com

  • 127.0.0.1 dispatch.mcafee.com

  • 127.0.0.1 update.symantec.com

  • 127.0.0.1 nai.com

  • 127.0.0.1 www.nai.com

  • 127.0.0.1 liveupdate.symantec.com

  • 127.0.0.1 customer.symantec.com

  • 127.0.0.1 rads.mcafee.com

  • 127.0.0.1 trendmicro.com

  • 127.0.0.1 liveupdate.symantecliveupdate.com

  • 127.0.0.1 www.mcafee.com

  • 127.0.0.1 mcafee.com

  • 127.0.0.1 www.my-etrust.com

  • 127.0.0.1 download.mcafee.com

  • 127.0.0.1 updates.symantec.com

  • 127.0.0.1 kaspersky.com

  • 127.0.0.1 www.trendmicro.com

  • 127.0.0.1 conyc.com

  • 127.0.0.1 us.mcafee.com/root/

  • 127.0.0.1 www.avp.ru

 

Click here to scan your computer for CWS.Wnim free of charge
 Download | Order Now | Partners | Index | Hunter's Log | EULA | Privacy Policy   © 2002-2007 TrekBlue, Inc.