Remove FavoriteMan

Remove FavoriteMan
Home ->Remove FavoriteMan        


What is FavoriteMan ?

FavoriteMan is a malicious Internet Explorer plugin that silently downloads from the Internet and installs multiple browser hijackers, adware and spyware parasites or other dangerous pests. It also creates a lot of desktop shortcuts and bookmarks in the web browser's Favorites menu, which all lead to advertising or potentially harmful web sites. FavoriteMan may cause Internet Explorer slowdowns and frequent crashes. The parasite is bundled with some malicious programs and several ad-supported products such as various file sharing software. It can also secretly get into the system while visiting some insecure Internet resources.

FavoriteMan variants

FavoriteMan/Ofrg 's program file is called ofrg.dll. It stores its data in a file called favboot.dll. Its controlling server is www.yourspecialoffers.com.

FavoriteMan/Favorite installs favorite.dll. Data file is FavMan.dll. Controlling server is also www.yourspecialoffers.com.

FavoriteMan/Lwz installs lwz.dll. Data file is SysLdr.dll. Controlling server is www.f1organizer.com.

FavoriteMan/F1 installs F1.dll. Data file is SysLdr.dll. Controlling server is www.prize4all.com.

FavoriteMan/FOne is a replacement for the Lwz variant. Filename is FOne.dll, data file is SysLdr.dll. Controlling server is www.f1organizer.com.

FavoriteMan/ZZ installs ZZ.dll. Data file is SysLdr.dll. Controlling server is www.f1organizer.com.

FavoriteMan/IMZ is installed with a pseudo-random filename. Data file is SysLdr.dll. Controlling server is www.f1organizer.com.

FavoriteMan/Mpz installs mpz300.dll. Data file is mbr32.dll. Controlling server is www.f1organizer.com.

FavoriteMan/Gig installs gig.dll. Data file is mbr32.dll. Controlling server is www.f1organizer.com.

FavoriteMan/Trk installs trk.dll. Controlling server is www.f1organizer.com.

FavoriteMan/Td1 installs td1.dll. Controlling server is www.f1organizer.com.

FavoriteMan/Gr02 installs Gr02.dll. Data file is im64.dll. Controlling server is www.f1organizer.com.

FavoriteMan/Aess installs Aess.dll. Data file is im64.dll. Controlling server is www.f1organizer.com.

FavoriteMan/Ss32 installs Ss32.dll. Controlling server is www.r-vision.org.

FavoriteMan/EMesX installs emesx.dll. Data file is dlh0st.dll. Controlling server is www.f1organizer.com.

FavoriteMan behavior

  • Stealth Tactics
  • Shows ads
  • Changes browser
  • Stays Resident
  • Connects to the internet

FavoriteMan Removal Instructions:

FavoriteMan/F1 and FavoriteMan/ZZ offer a removal feature: go to Add/Remove Programs in the Control Panel, choose 'F1' or 'ZZ' and click 'Remove'.

Common anti-spyware titles and Ad-Aware can remove FavoriteMan/Ofrg and FavoriteMan/Favorite.

Manual removal
The software can be found in the System folder. On Windows 95/98/Me this is the folder called 'System' in the Windows folder; on Windows NT, 2000 and XP it is called 'System32'. Look for one of the filenames listed above.

Before you can delete the program file, you must deregister it. Open a DOS command prompt window (under Accessories in the Programs menu from 'Start') and enter the commands:

cd "%WinDir%\System"
regsvr32 /u favorite.dll
Change the filename 'favorite.dll' to match the variant you have. This can be ofrg.dll, favorite.dll, lwz.dll, F1.dll, ZZ.dll, mpz300.dll, trk.dll, Gr02.dll, Aess.dll, Ss32.dll or emesx.dll; in in the case of the IMZ variant it will have a random eleven-letter filename. (eg. troallystbr.dll). You can usually find the culprit by opening the System folder choosing View->Arrange icons by->Modified, then looking near the bottom of the window.

After doing this and restarting the computer you can delete the file. You can also delete the data file favboot.dll, FavMan.dll, SysLdr.dll, mbr32.dll, im64.dll or dlh0st.dll in the same folder (it isn't a DLL at all), and the settings in the registry in the entries 'Counter', 'Server' and 'Object', hiding in HKEY_CURRENT_USER\Software\Microsoft\Windows.


Remove these files if present:

systemroot+\system32\arb1tal.dll
systemroot+\system32\emesx.dll
systemroot+\system32\f1.dll
systemroot+\system32\favboot.dll
systemroot+\system32\favman.dll
systemroot+\system32\favorite.dll
systemroot+\system32\fone.dll
systemroot+\system32\gr02.dll
systemroot+\system32\im64.dll
systemroot+\system32\lwz.dll
systemroot+\system32\mbr32.dll
systemroot+\system32\mpz300.dll
systemroot+\system32\n3tpa1p.dll
systemroot+\system32\ofrg.dll
systemroot+\system32\pdfzzy.dll
systemroot+\system32\ss32.dll
systemroot+\system32\sysldr.dll
systemroot+\system\emesx.dll
systemroot+\system\f1.dll
systemroot+\system\favboot.dll
systemroot+\system\favman.dll
systemroot+\system\favorite.dll
systemroot+\system\fone.dll
systemroot+\system\im64.dll
systemroot+\system\lwz.dll
systemroot+\system\n3tpa1p.dll
systemroot+\system\ofrg.dll
systemroot+\system\ss32.dll
systemroot+\system\sysldr.dllaess2.dll

 

Copyright © SpywareDot 2002-2005| spywaredot.com.  All rights reserved.

     
FavoriteMan Removal