• %System%\ctrlpan.dll (the library—detected as Adware.CWSMSConfd.B)
• %Windir%\hh.htt (a stylesheet that opens an adult-orientated Web page)
• %Windir%\Favorites\*.url (Windows 9x adult-oriented links)
• %UserProfile%\Favorites\*.url (Windows NT adult-oriented links)
• %Windir%\Favorites\Links\*.url (Windows 9x adult-oriented links)
• %UserProfile%\Favorites\Links\*.url (Windows NT adult-oriented links)
  
  Notes:
  • %Userprofile% is a variable that refers to the current user's profile folder. By default, this is C:\Documents and Settings\<Current User> (Windows NT/2000/XP).
  • %Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows (Windows 95/98/Me/XP)or C:\Winnt (Windows NT/2000).
  • %System% is a variable that refers to the System folder. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
    
    

Removal instructions from Symantec Security Response Team

The following instructions pertain to all Symantec antivirus products that support Security Risk detection.

• Exclude (Not recommended): If you click this button, it will set the threat so that it is no longer detectable. That is, the antivirus program will keep the security risk on your computer and will no longer detect it to remove from your computer.
  
  
• Ignore or Skip: This option tells the scanner to ignore the threat for this scan only. It will be detected again the next time that you run a scan.
  
  
• Cancel: This option is new to Norton Antivirus 2005. It is used when Norton Antivirus 2005 has determined that it cannot delete a security risk. This Cancel option tells the scanner to ignore the threat for this scan only, and thus, the threat will be detected again the next time that you run a scan.
  
  To actually delete the security risk:
  • Click its file name (under the Filename column).
  • In the Item Information box that displays, write down the full path and file name.
  • Then use Windows Explorer to locate and delete the file.
    
    
• Delete: This option will attempt to delete the detected files. In some cases, the scanner will not be able to do this.
  • If you see a message, "Delete Failed" (or similar message), manually delete the file.
  • Click the file name of the threat that is under the Filename column.
  • In the Item Information box that displays, write down the full path and file name.
  • Then use Windows Explorer to locate and delete the file.
    

• If the pane that opens looks similar to this picture:
  
  
  
  
  
  click the word Customize. Then skip to step h.
  
  
• If the pane that opens has the words "Search Companion" at the top, and the center looks similar to this picture:
  
  
  
  
  
  click the Change preferences link as shown above. Proceed with step d.
  
  

• If you were using (or want to continue using) the "Classic Internet Search" panel, stop here (or proceed with the next section).
• If you want to go back to the "Search Companion" search (it usually has an animated character at the button), proceed with step n.
  
  

• Start Microsoft Internet Explorer.
• Click Favorites > Organize Favorites.
• Delete the Favorites that the threat added.
  

• Windows 95/98/Me/NT/2000
• Click Start, point to Find or Search, and then click Files or Folders.
• Make sure that "Look in" is set to (C:) and that "Include subfolders" is checked.
• In the "Named" or "Search for..." box, type:
  
  hosts
  
  
• Click Find Now or Search Now.
• For each Hosts file that you find, right-click the file, and then click Open With.
• Deselect the Always use this program to open this program check box.
• Scroll through the list of programs and double-click Notepad.
• When the file opens, delete the line:
  "205.177.124.66 auto.search.msn.com"
• Close Notepad and save your changes when prompted.
  
  
• Windows XP
• Click Start > Search.
• Click All files and folders.
• In the "All or part of the file name" box, type:
  
  hosts
  
  
• Verify that "Look in" is set to "Local Hard Drives" or to (C:).
• Click More advanced options.
• Check Search system folders.
• Check Search subfolders.
• Click Search.
• Click Find Now or Search Now.
• For each Hosts file that you find, right-click the file, and then click Open With.
• Deselect the Always use this program to open this program check box.
• Scroll through the list of programs and double-click Notepad.
• When the file opens, delete the line:
  "205.177.124.66 auto.search.msn.com"
  
• Close Notepad and save your changes when prompted.