오래간만에 애드웨어 설치
2012.05.31 14:01
앗 하는 사이에 외산 애드웨어를 설치해버렸군요 -_-
외국산 셰어웨어를 설치하는데 설마 첫 페이지부터 바로 설치하기 메뉴가 있을 줄이야...
뒤늦게 알아채고 크롬 띄워보니 바로 첫페이지부터 babylon.com 이 뜨더군요 -_-
아 짜증나 하면서 시작페이지 변경하고 북마크 찾아봤는데 없데요?
아 되었나... 하고 새탭 페이지 띄우니 또 바빌론 -_-
아 짜증나 하면서 새탭 페이지 변경하고 혹시 몰라 프로그램 삭제 띄우니 역시 바빌론 2개 깔려있더군요.
제 컴에 설치되어 있는 웹브라우저가 2개라서 IE랑 크롬 둘다 설치되어 있더군요.
둘 다 지우고 IE 쪽에서도 설정 바꿔주었습니다.
그리고 좀 쓰다가 주소창으로 검색해보니 또 바빌론 -_-
아놔 하면서 보니 검색 엔진도 바꾸었더군요. 또 다 바꿔주었습니다.
이쯤 되니 이건 애드웨어 수준이 아니라 툴킷으로 보여서 검색해보니 레지스트리까지 소거해야 한다더군요.
그래서 검색해서
You can use regedit.exe (included in Windows) to locate and delete these registry entries.
A key in HKEY_CLASSES_ROOT\ named "Babylon.dskBnd.*", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "Babylon.dskBnd", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "bbylnApp.appCore.*", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "bbylnApp.appCore", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "bbylntlbr.bbylntlbrHlpr.*", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "bbylntlbr.bbylntlbrHlpr", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "bbylntlbr.xtrnl.*", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "bbylntlbr.xtrnl", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "escort.escortIEPane.*", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "escort.escortIEPane", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "escort.escrtBtn.*", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "esrv.BabylonESrvc.*", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "esrv.BabylonESrvc", plus associated values.
Delete the registry key "{09C554C3-109B-483C-A06B-F14172F1A947}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{2EECD738-5844-4a99-B4B6-146BF802613B}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{2EECD738-5844-4a99-B4B6-146BF802613B}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
Delete the registry key "{3718D0AF-A3B8-4F5E-86F3-FAD8D02043BE}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{6E8BF012-2C85-4834-B10A-1B31AF173D70}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{706D4A4B-184A-4434-B331-296B07493D2D}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{78868069-5D96-4B47-BE52-3D625EE3D7CB}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{78888F8B-D5E4-43CE-89F5-C8C18223AF64}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{8B8558F6-DC26-4F39-8417-34B8934AA459}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{94C0B25D-3359-4B10-B227-F96A77DB773F}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{98889811-442D-49dd-99D7-DC866BE87DBC}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{9E393F82-2644-4AB6-B994-1AD39D6C59EE}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{A3A2A5C0-1306-4D1A-A093-9CECA4230002}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{AD25754E-D76C-42B3-A335-2F81478B722F}" at "HKEY_CLASSES_ROOT\AppID\".
Delete the registry key "{AD25754E-D76C-42B3-A335-2F81478B722F}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{B12E99ED-69BD-437C-86BE-C862B9E5444D}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{B173667F-8395-4317-8DD6-45AD1FE00047}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{B8276A94-891D-453C-9FF3-715C042A2575}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}" at "HKEY_CLASSES_ROOT\AppID\".
Delete the registry key "{BFE569F7-646C-4512-969B-9BE3E580D393}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{C2996524-2187-441F-A398-CD6CB6B3D020}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{D7EE8177-D51E-4F89-92B6-83EA2EC40800}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{E047E227-5342-4D94-80F7-CFB154BF55BD}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{E46C8196-B634-44a1-AF6E-957C64278AB1}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{E77EEF95-3E83-4BB8-9C0D-4A5163774997}" at "HKEY_CLASSES_ROOT\Interface\".
Delete the registry key "{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "BabylonToolbar" at "HKEY_CURRENT_USER\Software\".
Delete the registry key "BabylonToolbar" at "HKEY_LOCAL_MACHINE\SOFTWARE\".
Delete the registry key "dhkplhfnhceodhffomolpfigojocbpcb" at "HKEY_LOCAL_MACHINE\SOFTWARE\Google\chrome\Extensions\".
Delete the registry key "escort.DLL" at "HKEY_CLASSES_ROOT\AppID\".
Delete the registry key "esrv.EXE" at "HKEY_CLASSES_ROOT\AppID\".
Delete the registry value "{98889811-442D-49dd-99D7-DC866BE87DBC}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\".
을 지워주었습니다 -____________________-
파폭까지 쓰고 있었다면 더 악독하게 설치되었을 거라는 군요. 파폭용 제거 도움팁은 여기에..
http://www.intowindows.com/remove-babylon-search-from-firefox-chrome-and-internet-explorer/
아놔... 보통은 IE 에만 감염되는 애드웨어인데 시대가 시대다 보니 이젠 IE,파폭,크롬 까지 골고루 전염시키는군요 ㄷㄷㄷ
찜찜해 죽겠습니다 ㄷㄷ
저도 2일 전에 프로그램 좀 다운 받다가...
흠...설치파일인 줄 알고 클릭했드만....별별 프로그램이 다 깔려서...
지우느라 고생좀 했네요....
순식간에 프로그램이 10여개가 깔리더군요.....찾아내서 삭제하고 바이러스 검사하니까 바이러스 몇개 걸린게 있어서 삭제하고
정밀검사 하고...지금도 찜찜해요....