The adware's spyware "Adtest" will direct you to a Chinese portal site.
The Downloaded Trojan will drop the file, or it can be picked up by a forced visit to one of the portal sites.
File names: System\intnets.exe
System\scridows.exe
System\sysinfer.exe
Windir\msfiles.exe
Windir is a variable. The application locates the Windows installation folder (by default; this is C:\Windows or C:\Winnt) and copies itself to that location.
Adds the values:
"intnets" = "System\intnets.exe"
"sysinfer" = "System\sysinfer.exe"
to the registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft
\Windows\CurrentVersion\Run
so that the adware or spyware runs when you start Windows.
Adds the following line to the Win.ini file on Windows 95/98/Me computers:
run = Windir\msfiles.exe
Changes the Internet Explorer home page by creating the value:
"StartPage" = "http:\ \HAO3344.com"
in the registry key:
HKEY_CURRENT_USER\Software\
Microsoft\Internet Explorer\Main
On Windows NT/2000/XP computers, it adds the registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft
\Windows NT\CurrentVersion\Windows
\Load\intnets
with the value:
"System\intnets.exe"
Do one of the following:
On the Windows 98 taskbar:
Click Start > Settings > Control Panel.
In the Control Panel window, double-click Add/Remove Programs.
On the Windows Me taskbar:
Click Start > Settings > Control Panel.
In the Control Panel window, double-click Add/Remove Programs.
If you do not see the Add/Remove Programs icon, click "...view all Control Panel options."
On the Windows 2000 taskbar:
By default, Windows 2000 is set up the same as Windows 98, in which case, follow the instructions for Windows 98. Otherwise, click Start, point to Settings, point to Control Panel, and then click Add/Remove Programs.
On the Windows XP taskbar:
Click Start > Control Panel.
In the Control Panel window, double-click Add or Remove Programs.
The spyware's program name will be in Chinese. On non-Chinese Windows systems, this appears as random incomprehensible characters. Select this application.
If your system does run more than one DBCS-named application, make sure you are uninstalling the correct one.
Click Add/Remove, Change/Remove, or Remove (this varies with the operating system). Follow the prompts.
Make sure to run a full system scan with Anti-Spyware to identify that this security risk no longer resides on your system.
If any files are detected as spyware infected with the Adware Adtest, click Delete.
Click Start, and then click Run. (The Run dialog box appears.)
Type regedit
Then click OK. (The Registry Editor opens.)
Navigate to the key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft
\Windows\CurrentVersion\Run
In the right pane, delete the values:
"intnets"="System\intnets.exe" and "sysinfer" = "System%\sysinfer.exe"
Exit the Registry Editor.
If you are running Windows 95/98/Me, follow these steps:
The function you perform depends on your operating system:
Windows 95/98: Go to step B.
Windows Me: If you are running Windows Me, the Windows Me file-protection process may have made a backup copy of the Win.ini file that you need to edit. If this backup copy exists, it will be in the C:\Windows\Recent folder. We recommend that you delete this file before continuing with the steps in this section. To do this:
Start Windows Explorer.
Browse to and select the C:\Windows\Recent folder.
In the right pane, select the Win.ini file and delete it. The Win.ini file will be regenerated when you save your changes to it in step F.
Click Start, and then click Run.
Type the following, and then click OK.
edit c:\windows\win.ini
(The MS-DOS Editor opens.)
NOTE: If Windows is installed in a different location, make the appropriate path substitution.
In the [windows] section of the file, look for a line similar to:
run = Windir\msfiles.exe
If this line exists, delete the entire line.
Click File, and then click Save.
Click File, and then click Exit.
© 2008; SpywareUninstaller.com Group Project; All Rights Reserved.