Microsoft KB Archive/913505

= Winshow browser hijacker causes errors and unwanted Web sites to open in Internet Explorer =

Article ID: 913505

Article Last Modified on 10/30/2007

-

APPLIES TO


 * Microsoft Windows XP Professional
 * Microsoft Windows XP Home Edition
 * Microsoft Windows Server 2003, Enterprise Edition
 * Microsoft Windows Server 2003, Standard Edition (32-bit x86)
 * Microsoft Windows Server 2003, Web Edition
 * Microsoft Windows 2000 Advanced Server
 * Microsoft Windows 2000 Professional Edition
 * Microsoft Windows 2000 Server
 * Microsoft Windows 98 Second Edition
 * Microsoft Windows Millennium Edition

-





Important This article contains information about how to modify the registry. Make sure to back up the registry before you modify it. Make sure that you know how to restore the registry if a problem occurs. For more information about how to back up, restore, and modify the registry, click the following article number to view the article in the Microsoft Knowledge Base:

256986 Description of the Microsoft Windows registry



SYMPTOMS
When you start Microsoft Internet Explorer 6, you may experience one or more of the following symptoms:  You may receive an error message that resembles the following. Then, Internet Explorer may close unexpectedly.

Internet Explorer has encountered a problem and needs to close

application name: iexplorer.exe

mod name: winshow.dll

 You may receive an error message that resembles the following. Then, Internet Explorer may close unexpectedly.

Access violation: IE has encountered a problem and has to shutdown.

 Your home page may change to the Searchv.com Web page. Occasionally, Internet Explorer may randomly open unwanted Web sites.



CAUSE
This issue may occur if the Winshow browser hijacker has been installed on the computer. Winshow can change the Internet Explorer home page and the search settings without your permission. Winshow is installed as an Internet Explorer Browser Helper Object (BHO).



RESOLUTION
To resolve this issue, you must remove the Winshow files and the registry entries that Winshow installs. Additionally, you must reset Internet Explorer to its default settings.

To resolve this issue, follow these steps in order.

Step 1: Remove the Winshow files
Note Because there are several versions of Microsoft Windows, the following steps may be different on your computer. If they are, see your product documentation to complete these steps.

Note Some of the files that are listed in the following steps may not be installed on your computer. In this case, you may receive an error message that states that the specified module could not be found. When this occurs, click OK, and then continue to the next step.

Microsoft Windows XP, Microsoft Windows Server 2003, Microsoft Windows 2000, and Microsoft Windows NT
To unregister the Winshow files on a computer that is running one of these operating systems, follow these steps:
 * 1) Click Start, click Run, type cmd, and then click OK.
 * 2) Type the following commands. Press ENTER after each command.
 * 3) * cd %WinDir%\
 * 4) * regsvr32/u &quot;..\winshow.dll&quot;
 * 5) * regsvr32/u &quot;..\ mshp.dll&quot;
 * 6) * cd &quot;%WinDir%\System&quot;
 * 7) * regsvr32/u &quot;..\winshow.dll&quot;
 * 8) * regsvr32/u &quot;%AppData%\winshow\winshow.dll&quot;
 * 9) * Exit
 * 10) Close all programs, and then restart the computer.

Microsoft Windows Millennium Edition (Me)
To unregister the Winshow files on a computer that is running Windows Millennium Edition, follow these steps:
 * 1) Click Start, point to All Programs, point to Accessories, and then click MS-DOS Prompt.
 * 2) Type the following commands. Press ENTER after each command.
 * 3) * cd %WinDir%\
 * 4) * regsvr32/u &quot;..\winshow.dll&quot;
 * 5) * regsvr32/u &quot;..\ mshp.dll&quot;
 * 6) * cd &quot;%WinDir%\System&quot;
 * 7) * regsvr32/u &quot;..\winshow.dll&quot;
 * 8) * regsvr32/u &quot;..\Application Data\winshow\winshow.dll&quot;
 * 9) * Exit
 * 10) Close all programs, and then restart the computer.

Microsoft Windows 98
To unregister the Winshow files on a computer that is running Windows 98, follow these steps:
 * 1) Click Start, point to All Programs, and then click MS-DOS Prompt.
 * 2) Type the following commands. Press ENTER after each command.
 * 3) * cd %WinDir%\
 * 4) * regsvr32/u &quot;..\winshow.dll&quot;
 * 5) * regsvr32/u &quot;..\ mshp.dll&quot;
 * 6) * cd &quot;%WinDir%\System&quot;
 * 7) * regsvr32/u &quot;..\winshow.dll&quot;
 * 8) * regsvr32/u &quot;..\Application Data\winshow\winshow.dll&quot;
 * 9) * Exit
 * 10) Close all programs, and then restart the computer.

Step 2: Remove the Winshow files and the Winshow registry entries
To remove the files and the registry entries, you can either use third-party scanning and removal software, or you can manually remove the files and the registry entries.

Online scans

 * http://www.pandasoftware.com/products/activescan.htm
 * http://housecall.trendmicro.com
 * http://us.mcafee.com/root/mfs/default.asp
 * http://virusscan.jotti.org
 * http://www.spywareguide.com/onlinescan.php
 * http://pestpatrol.com/prescan.htm

Security software: Downloads and trials
http://www.windowsmarketplace.com/category.aspx?bcatid=1183&tabid=1

Microsoft provides third-party contact information to help you find technical support. This contact information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information.

The information and the solution in this document represents the current view of Microsoft Corporation on these issues as of the date of publication. This solution is available through Microsoft or through a third-party provider. Microsoft does not specifically recommend any third-party provider or third-party solution that this article might describe. There might also be other third-party providers or third-party solutions that this article does not describe. Because Microsoft must respond to changing market conditions, this information should not be interpreted to be a commitment by Microsoft. Microsoft cannot guarantee or endorse the accuracy of any information or of any solution that is presented by Microsoft or by any mentioned third-party provider.

Microsoft makes no warranties and excludes all representations, warranties, and conditions whether express, implied, or statutory. These include but are not limited to representations, warranties, or conditions of title, non-infringement, satisfactory condition, merchantability, and fitness for a particular purpose, with regard to any service, solution, product, or any other materials or information. In no event will Microsoft be liable for any third-party solution that this article mentions.

Manually remove the Winshow files and the Winshow registry entries
Note Some of the files or the registry entries that are listed in the following steps may not be installed on your computer. In this case, continue to the next step.

Manually remove the Winshow files. To do this, follow these steps:
 * 1) Close all programs, browser windows, and Windows Explorer.
 * 2) Click Start, and then click Search.
 * 3) Click All Files and Folders, and then type Winshow in the All or part of the file name box.
 * 4) Click More Advanced Options, and then click to select the Search hidden files and folders check box.
 * 5) Click Search.
 * 6) Right-click each Winshow file or folder that you find, and then click Delete.
 * 7) Click Back.
 * 8) Type msupdater.exe in the All or part of the file name box, and then click Search. Delete the Msupdater.exe file if it is found.
 * 9) Click Start, click Run, type cmd, and then click OK.
 * 10) Type the following commands. Press ENTER after each command.
 * 11) * cd %WinDir%\
 * 12) * del winlink.dll
 * 13) * del dict.dat
 * 14) * del dllreg.exe
 * 15) * del sys.reg
 * 16) * Exit

Manually remove the Winshow registry entries. To do this, follow these steps:  Close all programs, browser windows, and Windows Explorer.</li> Click Start, click Run, type regedit, and then click OK.</li> Right-click the following subkey in the registry, and then click Delete:

HKEY_CURRENT_USER\SOFTWARE\Winshow

Click Yes to confirm.</li> Right-click the following subkey in the registry, and then click Delete:

HKEY_CLASSES_ROOT\CLSID\{6cc1c918-ae8b-4373-a5b4-28ba1851e39a}

Click Yes to confirm.</li> Right-click the following subkey in the registry, and then click Delete:

HKEY_CLASSES_ROOT\TypeLib\{354a1552-9a59-417e-87cb-0d040a85b4d6}\c:\windows\winshow.dll

Click Yes to confirm.</li> Right-click the following subkey in the registry, and then click Delete:

HKEY_CLASSES_ROOT\TypeLib\{6cc1c918-ae8b-4373-a5b4-28ba1851e39a}

Click Yes to confirm.</li> Right-click the following subkey in the registry, and then click Delete:

HKEY_CLASSES_ROOT\Winlink.viewsource

Click Yes to confirm.</li> Right-click the following subkey in the registry, and then click Delete:

HKEY_CLASSES_ROOT\Winlink.viewsource.1

Click Yes to confirm.</li> Right-click the following subkey in the registry, and then click Delete:

HKEY_CLASSES_ROOT\Winshow.viewsource

Click Yes to confirm.</li> Right-click the following subkey in the registry, and then click Delete:

HKEY_CLASSES_ROOT\Winshow.viewsource.1

Click Yes to confirm.</li> Right-click the following subkey in the registry, and then click Delete:

HKEY_CURRENT_USER\SOFTWARE\Winshow

Click Yes to confirm.</li> Right-click the following subkey in the registry, and then click Delete:

HKEY_LOCAL_MACHINE\CLSID\{6cc1c918-ae8b-4373-a5b4-28ba1851e39a}

Click Yes to confirm.</li> Right-click the following subkey in the registry, and then click Delete:

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6cc1c918-ae8b-4373-a5b4-28ba1851e39a}

Click Yes to confirm.</li> Right-click the following subkey in the registry, and then click Delete:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6cc1c918-ae8b-4373-a5b4-28ba1851e39a}

Click Yes to confirm.</li> Close Registry Editor.</li></ol>

Step 3: Reset Internet Explorer to the default settings
Note You should not perform the following function if you use a proxy server. You may have to contact a system administrator or Internet service provider before you continue. For more information about how to configure a proxy server in Internet Explorer, click the following article number to view the article in the Microsoft Knowledge Base:

135982 How to configure Internet Explorer to use a proxy server

<ol> Reset the Internet Explorer home page and the search page. To do this, follow these steps.

Note This procedure restores the Internet Explorer home page and the search page to the default settings. <ol style="list-style-type: lower-alpha;"> <li>Start Internet Explorer, and then click Internet Options on the Tools menu.</li> <li>On the Programs tab, click Reset Web Settings.</li> <li>In the Reset Web Settings dialog box, click to select the Also reset my home page check box, and then click Yes.</li> <li>Click OK two times.</li></ol> </li> <li>Turn off third-party browser extensions. To do this, follow these steps: <ol style="list-style-type: lower-alpha;"> <li>Start Internet Explorer, and then click Internet Options on the Tools menu.</li> <li>On the Advanced tab, scroll to the Browsing section, and then click to clear the Enable third-party browser extensions (requires restart) check box.</li> <li>Click OK to close the Internet Options dialog box.</li></ol> </li> <li>Delete Internet Explorer temporary Internet files and cookies. To do this, follow these steps: <ol style="list-style-type: lower-alpha;"> <li>Start Internet Explorer, and then click Internet Options on the Tools menu.</li> <li>On the General tab, click Delete Cookies, and then click OK.</li> <li>Click Delete Files.</li> <li>In the Delete Files dialog box, click to select the Delete all offline content check box, and then click OK.</li> <li>Click Clear History, and then click Yes.</li> <li>Click Settings, and then click View Objects.</li> <li>On the Edit menu, click Select all, and then press DELETE.</li> <li>Click Yes to verify that you want to delete the files, and then close the Downloaded Program Files dialog box.</li> <li>In the Settings dialog box, click OK.</li> <li>In the Internet Options dialog box, click the Security tab.</li> <li>Click Internet, move the Security Level slider to Medium, and then click Apply.</li> <li>Click the Privacy tab, move the Security Level slider to Medium, and then click Apply.</li> <li>Click the Connections tab, and then click LAN Settings.</li> <li>In the Local Area Network (LAN) Setting dialog box, click to clear all the check boxes, and then click Apply.</li></ol> </li></ol>

Windows XP, Windows Server 2003, Windows 2000, and Windows NT
To rename the Hosts file on a computer that is running one of these operating systems, follow these steps:
 * 1) Click Start, click Run, type cmd, and then click OK.
 * 2) Type the following commands. Press ENTER after each command.
 * 3) * Ren %windir%\SYSTEM32\DRIVERS\ETC\hosts hosts.old
 * 4) * Exit
 * 5) Close all programs, and then restart the computer.

Microsoft Windows Millennium Edition (Me)
To rename the Hosts file on a computer that is running one of these operating systems, follow these steps:
 * 1) Click Start, click Run, type cmd, and then click OK.
 * 2) Type the following commands. Press ENTER after each command.
 * 3) * Ren %windir%\SYSTEM32\DRIVERS\ETC\hosts hosts.old
 * 4) * Exit

Windows 98
To rename the Hosts file on a computer that is running Windows 98, follow these steps:
 * 1) Click Start, point to All Programs, point to Accessories, and then click Command Prompt.
 * 2) Type the following commands. Press ENTER after each command.
 * 3) * Ren C:\WINDOWS\hosts hosts.old
 * 4) * Exit

Step 5: Computer cleanup
The following clean-up steps will help make sure that all Winshow files have been removed. These steps will also help make sure that you have a fresh restore point on the computer.

Note Make sure that you restart the computer before you continue with the following steps. <ol> <li>Empty the Recycle Bin. To do this, follow these steps: <ol style="list-style-type: lower-alpha;"> <li>On the Desktop, double-click the Recycle Bin icon.</li> <li>In the task pane on the left side of the Recycle Bin window, click Empty the Recycle Bin.</li> <li>Click Yes to confirm.</li> <li>Close the Recycle Bin window.</li></ol> </li> <li>Run the Disk Cleanup utility. To do this, follow these steps: <ol style="list-style-type: lower-alpha;"> <li>Click Start, point to All Programs, point to Accessories, point to System Tools, and then click Disk Cleanup.

Note If your computer has more than one partition, you will be prompted to select the drive letter that you want to clean up. Select the drive that contains the operating system and the user profiles, and then click OK. Typically, this is drive C.</li> <li>In the Disk Cleanup dialog box, click to select the following check boxes: <ul> <li>Temporary Internet Files</li> <li>Recycle Bin</li> <li>Temporary files</li></ul> </li> <li>Click OK, and then click Yes.</li></ol> </li> <li>Create a fresh restore point. To do this, follow these steps: <ol style="list-style-type: lower-alpha;"> <li>Click Start, point to All Programs, point to Accessories, point to System Tools, and then click System Restore.</li> <li>Click Create a restore point, and then click Next.</li> <li>In the Restore point description box, type an appropriate description. For example, type After Winshow Removal.

Note This description is supposed to remind you when and why you created this restore point.</li> <li>Click Create.</li> <li>Click Close to close the System Restore window.</li></ol> </li></ol>

The third-party products that are discussed in this article are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, regarding the performance or reliability of these products.

Keywords: kbtshoot kbexpertisebeginner kberrmsg KB913505

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.