|
Whazit
Overview
"The whazit hijack is installed using ActiveX driveby methods from affiliate web sites.
Each affiliate is paid $0.14 (USD) for each unique install. Whazit.com is registered to
and operated by Windows Media Solutions Inc (no affiliation with Microsoft).
Infected machines may have their start page, search bar, search page, search assistant,
customized search, and search URL reset to www.whazit.com/ or home.whazit.com/.
A Browser Helper Object and a toolbar are also installed. A new version also
bundles and installs nCase spyware."
Source
Lavasoft
and Doxdesk.com
offer more information about Whazit.
The BHO collection at sysinfo.org lists
the class IDs that Whazit use to register
the browser helper object.
Classification
Change browser settings
Files
WANOBSI.exe, bho.dll, whattt.dll, outones.dll, newones.dll, whattn.dll, HYKFRETI.dll
If you have any of the files related to Whazit on your system,
please send them
for additional analysis. Generally, I have only analysed a
few versions for each software component listed at this web site. With your help I
will be able to look at both old and more recent versions of the Whazit software.
Thank you very much for your time!
Log references
Log 238
Vendor
Windows Media Solutions (Site down 2003.09.09)
Privacy policy
No privacy policy available.
Detection
Bazooka Adware and Spyware Scanner detects Whazit.
Bazooka is freeware and detects spyware, adware, foistware, trojan horses, viruses, worms and
other potentially unwanted applications.
Read more »
Uninstall Whazit with FreeFixer
I'm working on a general purpose tool for removing unwanted software.
The tool is called FreeFixer
and can help you remove unwanted Browser Helper Objects, Internet Explorer toolbars
and software that starts automatically when you reboot your computer, so it can offer some
assistance while uninstalling Whazit. The manual removal instructions
listed below will help you to identify what to delete with
FreeFixer.
Read more about FreeFixer.
Manual removal
Please follow the instructions below if you would like to remove Whazit manually. Please
notice that you must follow the instructions very carefully and delete everything that is mentioned. In most
cases the removal will fail if one single item is not deleted. If Whazit remains on your system
after stepping through the removal instructions, please double-check by stepping through them again.
-
Start the registry editor. This is done by clicking Start then Run.
(The Run dialog will appear.) Type regedit and click OK. (The registry editor will open.)
- Delete 'HKEY_LOCAL_MACHINE\SOFTWARE \ Classes \ CLSID \ {10955232-B671-11D7-8066-0040F6F477E4}', if it exists.
- Delete 'HKEY_LOCAL_MACHINE\SOFTWARE \ Classes \ CLSID \ {267D5BD3-0DC2-4724-A196-7F4794FBB9EB}', if it exists.
- Delete 'HKEY_LOCAL_MACHINE\SOFTWARE \ Classes \ CLSID \ {66F67511-2665-4C34-9E20-FAC2C0954EF2}', if it exists.
- Delete 'HKEY_LOCAL_MACHINE\SOFTWARE \ Classes \ CLSID \ {D5B72AED-E54A-11D6-B1B2-444553540000}', if it exists.
- Delete 'HKEY_LOCAL_MACHINE\SOFTWARE \ Classes \ CLSID \ {D7D7004C-A763-4F8C-B0D4-55A7E017E69D}', if it exists.
- Delete 'HKEY_LOCAL_MACHINE\SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer\Browser Helper Objects \ {10955232-B671-11D7-8066-0040F6F477E4}', if it exists.
- Delete 'HKEY_LOCAL_MACHINE\SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer\Browser Helper Objects \ {267D5BD3-0DC2-4724-A196-7F4794FBB9EB}', if it exists.
- Delete 'HKEY_LOCAL_MACHINE\SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer\Browser Helper Objects \ {66F67511-2665-4C34-9E20-FAC2C0954EF2}', if it exists.
- Delete 'HKEY_LOCAL_MACHINE\SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer\Browser Helper Objects \ {D5B72AED-E54A-11D6-B1B2-444553540000}', if it exists.
- Delete 'HKEY_LOCAL_MACHINE\SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer\Browser Helper Objects \ {D7D7004C-A763-4F8C-B0D4-55A7E017E69D}', if it exists.
- Exit the registry editor.
- Restart your computer.
-
Start Windows Explorer and delete:
%WinDir%\whattn.dll
%WinDir%whattt.dll
%WinDir%\newones.dll
%WinDir%\whattt.dll
%WinDir%\HYKFRETI.dll
%WinDir%\bho.dll
%WinDir%\outones.dll
Note: %WinDir% is a variable (?). By default, this is C:\Windows (Windows 95/98/Me/XP) or C:\WINNT (Windows NT/2000).
- Start Microsoft Internet Explorer.
- In Internet Explorer, click Tools -> Internet Options.
- Click the Programs tab -> Reset Web Settings.
Problems uninstalling? Click here.
I'm looking for your help!
Thank you for using my site, I hope you find it useful. I'm looking
for help from all users, please read more.
Contact information for Whazit's vendor
In order to provide correct, accurate and updated information about Whazit
I encourage the vendor to contact me if any part of this write-up
needs a revision.
Related links |
|
Bazooka - Free scan for spyware, adware, trojan horses, keyloggers, etc. Detects more than 500 potentially unwanted applications. Freeware!
The File Database - Search the file database for more information. Free!
PopUp Blocker Test - Find out if your pop-up killer can handle all pop-ups. Free!
Kephyr Labs - Find out what is going on at Kephyr. Try products in an early stage of development.
|
|
|