NEWS
PARASITES
SOFTWARE
FORUM
DIRECTORY

 
 
 
 
 
 
  

Remove WinHound. Description and removal instructions

 
Title: WinHound
Type: Trojans
Severity scale:WinHound severity is 69  (69 / 100)
 
WinHound is a trojan, which silently installs itself to vulnerable computers by exploiting certain system or web browser security flaws. It can also be dropped by some parasites. Once executed, WinHound installs several other dangerous threats, changes the Internet Explorer default home page and the desktop wallpaper. The new wallpaper warns the user that the system is infected with spyware and asks to download and install WinHound, which is a corrupt illegally distributed anti-spyware program. The modified start page may redirect the user to insecure advertising web sites. The trojan can use a rootkit to cloak its files, running processes and other related objects. WinHound automatically runs on every Windows startup.

FORUM:
Discuss WinHound in
spyware removal forum

Related files: html.exe, intell32.exe, links.exe, ll.exe, shdochp.exe, sywsvcs.exe, winhound.exe, bhoimpl.dll, birdihuy.dll, cwrapper.dll, mtc.dll, oleext.dll, shdochp.dll, st3.dll, zlbw.dll, wl.dll, mtc.ini

WinHound properties:
• Changes browser settings
• Shows commercial adverts
• Connects itself to the internet
• Hides from the user
• Stays resident in background

Automatic WinHound removal:

remover for WinHound

WinHound manual removal:

Kill processes:
html.exe, intell32.exe, links.exe, ll.exe, shdochp.exe, sywsvcs.exe, winhound.exe
HELP:
how to kill malicious processes

Delete registry values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\FHPage
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\intell32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\links
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WinHound
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\{F33812FB-F35C-4674-90F6-FD757C419C51}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\links
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WinHound
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page=[local address]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page=[site address]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{784aa380-13f2-422e-8540-f2280f1dd4f1}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9EAC0102-5E61-2312-BC2D-4D54434D5443}
HKEY_CLASSES_ROOT\Tubby.ToolBandObj.1
HKEY_CURRENT_USER\Software\MTC MTC
HKEY_LOCAL_MACHINE\SOFTWARE\WinHound.com
HELP:
how to remove registry entries

Delete files:
html.exe, intell32.exe, links.exe, ll.exe, shdochp.exe, sywsvcs.exe, winhound.exe, bhoimpl.dll, birdihuy.dll, cwrapper.dll, mtc.dll, oleext.dll, shdochp.dll, st3.dll, zlbw.dll, wl.dll, mtc.ini
HELP:
how to remove harmful files

Delete directories:
C:\Program Files\WinHound
Misc:
WinHound doesn't create all listed objects, but installs only some of them. Its typical installation depends on several factors and often varies.

[local address] is a path to the shdochp.dll file. It is usually C:\Windows\System32.
[site address] is an adress of an insecure web site. Sometimes it is a page on the makemesearch.com domain.

Exact file location:
winhound.exe, cwrapper.dll, wl.dll - C:\Program Files\WinHound
html.exe - C:\Windows\Downloaded Program Files or C:\Winnt\Downloaded Program Files
intell32.exe, ll.exe, shdochp.exe, sywsvcs.exe, bhoimpl.dll, birdihuy.dll, mtc.dll, oleext.dll, shdochp.dll, st3.dll, zlbw.dll, mtc.ini - C:\Windows\System, C:\Windows\System32 or C:\Winnt\System32

Other programs to remove WinHound:

• SUPERAntiSpyware - Review - Download
• CounterSpy - Review - Download
• Windows Defender - Review - Download

Information added: 08/12/05
Information updated: 18/12/07

Additional resources related to WinHound:

Attention: If you know or you have a website or page about WinHound removal, feel free to add a link to this list: add url



more resources

Post Comment:

Attention: Use this form only if you have additional information about WinHound parasite, its removal instructions, additional resources or behavior. By clicking "post comment" button you agree not to post any copyrighted, unlawful, harmful, threatening, abusive, harassing, defamatory, vulgar, obscene, profane, hateful, racially, ethnically or otherwise objectionable material of any kind.



Enter security code:


Comments from visitors:

1. by Guest. 2006-02-18 00:02:51
all entries deleted except for registry.how do i remove this?

2. by Guest. 2006-01-08 14:01:54
ANyone have any idea how to get Winhound out of the msconfig startup tab?? Everything else is gone.

3. by Guest. 2006-01-02 02:01:13
I just performed a xp syystem recovery. Everything seems to be fine, no remainders found.

4. by Guest. 2005-12-29 08:12:35
WinHound did not help my Internet Explorer at all. It still does not open.

5. by Guest. 2005-12-20 00:12:01
all entries deleted except for the reg entry \"HKEY_LOCAL_MACHINE\\SOFTWARE\\WinHound.com\"
cant you give a hint how to delete this entry?

6. by Guest. 2005-12-18 07:12:23
same problem, the winhound thing doesnt let me download files, wont let me install winxp so I can format my windows XP, and its just cant install ActiveX and it made my system very slow...

7. by Guest. 2005-12-17 17:12:40
same problem!
all entries deleted except for the reg entry "HKEY_LOCAL_MACHINE\SOFTWARE\WinHound.com"
cant you give a hint how to delete this entry?

8. by Guest. 2005-12-15 18:12:43
Internet Explorer ropens some times--but not others. Can not install ActiveX. Many unusual Icons on my screen--system very slow---systems are disabled by this virus---the same systems that are required to load the solution!!

9. by Guest. 2005-12-14 17:12:58
this winhound thing doesnt let me download files...so i cant download the links you gave me to download

10. by Guest. 2005-12-12 13:12:41
thx!

11. by Guest. 2005-12-11 22:12:41
good info - thanks!

12. by Guest. 2005-12-10 07:12:24
all entries deleted except for the reg entry "HKEY_LOCAL_MACHINESOFTWAREWinHound.com"
Related news:
Similar parasites:
Related articles:
Related discussions:
Latest Spyware Threats: VirusProtect Pro | VirusLocker | SpyCrush | ContraVirus | SpyLocked | SpyDawn | AntiVerminser | SpywareQuake | VirusBurst | AntiVermins | AntiVermeans | Zlob | PopCorn.net | MovieLand | TagASaurus | BraveSentry | VirusBurster | SystemDoctor | VirusRescue | MalwareWipe | SpySheriff | CmdService | Smitfraud | SpywareStrike | WinFixer | WinHound | PestTrap | UnSpyPC
Agreement of Use | Privacy policy | Webmasters | Contact us | RSS Feeds
© 2001-2008 2-spyware.com All Rights Reserved. Reproduction in part or whole without written permission is prohibited. Powered by: eSolutions.