NEWS
PARASITES
SOFTWARE
FORUM
DIRECTORY

 
 
 
 
 
 
  

Remove FavoriteMan. Description and removal instructions

 
Title: FavoriteMan
Type: Browser Plugins
Severity scale:FavoriteMan severity is 64  (64 / 100)
 
FavoriteMan is a malicious Internet Explorer plugin that silently downloads from the Internet and installs multiple browser hijackers, adware and spyware parasites or other dangerous pests. It also creates a lot of desktop shortcuts and bookmarks in the web browser's Favorites menu, which all lead to advertising or potentially harmful web sites. FavoriteMan may cause Internet Explorer slowdowns and frequent crashes. The parasite is bundled with some malicious programs and several ad-supported products such as various file sharing software. It can also secretly get into the system while visiting some insecure Internet resources.

FORUM:
Discuss FavoriteMan in
spyware removal forum

FavoriteMan properties:
• Connects itself to the internet
• Hides from the user
• Stays resident in background

Automatic FavoriteMan removal:

remover for FavoriteMan

FavoriteMan manual removal:

Delete registry values:
HKEY_CLASSES_ROOT\F1.Organizer
HKEY_CLASSES_ROOT\F1.Organizer.1
HKEY_CLASSES_ROOT\NewFavorite.FavoriteMan
HKEY_CLASSES_ROOT\NewFavorite.FavoriteMan.1
HKEY_CLASSES_ROOT\Ro_tater.Class1
HKEY_CLASSES_ROOT\CLSID\{00000EF1-0786-4633-87C6-1AA7A44296DA}
HKEY_CLASSES_ROOT\CLSID\{A61BF823-2770-4038-9D26-348CAA0AC7A3}
HKEY_CLASSES_ROOT\CLSID\{EF100007-F409-426A-9E7C-CB211F2A9786)
HKEY_CLASSES_ROOT\CLSID\{EBBD88E5-C372-469D-B4C5-1FE00352AB9B}
HKEY_CLASSES_ROOT\Interface\{6BDAB517-CC58-4AA1-9FA4-B645D4AFDB5C}
HKEY_CLASSES_ROOT\TypeLib\{3F44A502-E104-4D3B-95EC-C3B886E25A16}
HKEY_CLASSES_ROOT\TypeLib\{EB5E961F-F519-303C-9744-0D4376B1B0B5}
HKEY_CLASSES_ROOT\TypeLib\{EF100007-F409-426A-9E7C-CB211F2A9786)
HKEY_CURRENT_USER\Software\Microsoft\Windows\Counter
HKEY_CURRENT_USER\Software\Microsoft\Windows\Object
HKEY_CURRENT_USER\Software\Microsoft\Windows\Server
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000EF1-0786-4633-87C6-1AA7A44296DA}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EBBD88E5-C372-469D-B4C5-1FE00352AB9B}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\DMO
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DMO
HELP:
how to remove registry entries

Unregister DLLs:
atpartners.dll, benceed.dll, casldr.dll, emesx.dll, f1.dll, favboot.dll, favman.dll, favorite.dll, fone.dll, gig.dll, iaicm.dll, iaint.dll, im64.dll, lwz.dll, ofrg.dll, ss32.dll, trk.dll, zz.dll
HELP:
how to unregister malicious DLLs

Delete files:
atpartners.dll, benceed.dll, casldr.dll, emesx.dll, f1.dll, favboot.dll, favman.dll, favorite.dll, fone.dll, gig.dll, iaicm.dll, iaint.dll, im64.dll, lwz.dll, ofrg.dll, ss32.dll, trk.dll, zz.dll
HELP:
how to remove harmful files

Misc:
The parasite doesn't install all listed files and registry entries, but adds only few of them. Listed objects belong to several widely spread FavoriteMan variants.

All FavoriteMan files can be found in the default system directory, which is one of the following: C:\Windows\System, C:\Windows\System32 or C:\Winnt\System32.

Other programs to remove FavoriteMan:

• SUPERAntiSpyware - Review - Download
• CounterSpy - Review - Download
• Windows Defender - Review - Download

Information added: 19/03/04
Information updated: 14/09/05

Additional resources related to FavoriteMan:

Attention: If you know or you have a website or page about FavoriteMan removal, feel free to add a link to this list: add url



more resources

Post Comment:

Attention: Use this form only if you have additional information about FavoriteMan parasite, its removal instructions, additional resources or behavior. By clicking "post comment" button you agree not to post any copyrighted, unlawful, harmful, threatening, abusive, harassing, defamatory, vulgar, obscene, profane, hateful, racially, ethnically or otherwise objectionable material of any kind.



Enter security code:


Comments from visitors:

1. by Tester. 2004-03-04 19:46:51
FavoriteMan attempts to find your e-mail address from Outlook or Outlook Express and sends it on first use. Unlike the other parasites from Mindset, however, it does not seem to send a log of URLs browsed.

Update: They seems to be releasing more and more different variants, seemingly programmed to install other spyware/adware remotely.

2. by Guest. 2004-04-01 03:04:36
It is the biggest pest - and if I knew who it was supported by, I would NEVER use them
Related news:
Similar parasites:
Related articles:
Latest Spyware Threats: VirusProtect Pro | VirusLocker | SpyCrush | ContraVirus | SpyLocked | SpyDawn | AntiVerminser | SpywareQuake | VirusBurst | AntiVermins | AntiVermeans | Zlob | PopCorn.net | MovieLand | TagASaurus | BraveSentry | VirusBurster | SystemDoctor | VirusRescue | MalwareWipe | SpySheriff | CmdService | Smitfraud | SpywareStrike | WinFixer | WinHound | PestTrap | UnSpyPC
Agreement of Use | Privacy policy | Webmasters | Contact us | RSS Feeds
© 2001-2008 2-spyware.com All Rights Reserved. Reproduction in part or whole without written permission is prohibited. Powered by: eSolutions.