Saturday, May 31, 2014

Remove www_getwindowinfo Homepage, Is It Virus?

  • Why anti-virus program will not remove www_getwindowinfo?
  • Attention
  • Effective Solution
  • What www_getwindowinfo serves for?
  • How www_getwindowinfo spreads?

Anti-virus Program Doesn’t Remove 

People get scary when seeing (the recent emergence) hijacking homepage without permission and it does not display the content. People thus could habitually consider it as virus and thus run the anti-virus program for removal. When it fails, people get scarier as they would thus take it as an advanced virus that manages to dodge automatic removal.

The fact is just on the contrary. is no more than a browser hijacker and the industry would call it as PUP (potentially unwanted program) due to the troubles thereof:
  1. PC performance is slowed down.
  2. Page-loading speed is also degraded.
  3. Additional web applications will be detected to install on the machine without permission.
  4. Other infections might be detected before long.
The last scene is the reason why “PUP” was created to group this type of items. However, without typical vicious attribute code, www_getwindowinfo is not a virus and thus cannot be removed by anti-virus program.

Potential Dangers from

Judging from the interface, it can be easily told that does not own a strict structure, which is true according to Global PC Support Center. As a consequence, bug will be readily exploited by infections embedded on the Internet. Also, there are plenty of browser hijackers alive on the Internet, which indicates several facts that:
  1. it is easy for online operators with certain level of techniques to create PUP.
  2. PUP has been taken as a quick way to make money and most operator do focus on money only without the conscious of making a brand name, thus they will make a big deal over
Because of the loose structure, all the techniques adopts are imposing potential dangers to targets. Usually speaking, BHO and JS techniques are basic in building a web page and they are inevitable in helping with persistent hijacking by modifying DNS settings and hooking DOM. Once is capitalized by infections, the two techniques can be utilized in preload vicious code into system configuration smoothly and record any in-put information, including log-in credentials, which would result in identity theft and thus money loss.

Solution to – Manual Removal Thread

Depending on the Operating System installed, the images, directories displayed in this document might differ from what you observe when following these instructions on your computer. This is why certain level of computer skills and knowledge is required to carry out the above offered steps.

1. Reset browser settings.

Internet Explorer
Tools menu > Internet Options > Advanced tab > Restore Defaults button > OK.

Mozilla Firefox
Firefox button > Help > Troubleshooting information > ‘Reset Firefox’ button.

Google Chrome
‘Customize and Control Google Chrome’ menu > ‘Options’ > ‘Under the Hood’ > ‘Reset to Defaults’ button.

Show hidden files and folders (explicit instruction shown in Step2) > navigate to "C:\Users\user_name\AppData\Roaming\Opera\Opera\" > remove Operapref.ini.

Safari menu > ‘Reset Safari’ > tick all given options > ‘Reset’ button.

2. Remove all the Temp files under the following directories.

Windows 7/XP/Vista
Click open ‘Control Panel’ > search for ‘Folder Options’ > tap View tab > tick ‘Show hidden files and folders' and non-tick 'Hide protected operating system files (Recommended)’.

Windows 8
Start screen > open any folder > open Windows Explorer > select View tab > Tick ‘File name extensions’ and ‘Hidden items’ options.
navigate to the following directories and remove all the files and folders:
C:\Documents and Settings\[user name]\Local Settings\Temp
C:\Documents and Settings\[user name]\Local Settings\Temporary Internet File

Mac OS X
Finder > Utilities folder > terminal:
access Macs Terminal
  1. type
    cd ~/Library/Logs
    sudo rm -rf ~/Library/Logs/*
    and press Return button.

  2. type
    rm -rf ~/Library/Safari/Downloads.plist
    cd ~/Library/Caches
    sudo rm -rf ~/Library/Caches/*
    and press Return button.

3. Manage start up items top from popping up randomly and automatically by using in-built utility.

Windows 7/XP/Vista
Start Menu -> select ‘Run’ -> type ‘MSCONFIG’ -> tap Startup tab -> find > press ‘Disable all’.

Windows 8
Start screen > type ‘Task’ > tap Startup tab > find > press ‘Disable’.

Mac OS X
Apple icon > 'System Preference' > 'Users & Groups'> choose the user account that is harassed by > locate the right pane > tick the related items generated according to directories > hit on minus icon.

4. End's service to disable the item.

Win+R key combination > “services.msc” > Enter key > services window > remove/disable the service of www_getwindowinfo.

Windows 8
Windows Explorer > Administrative tools > Services icon > remove/disable the service of www_getwindowinfo.

Mac OS X
Finder menu >“Services” > “Services Preferences” >“Services” on the left pane > locate www_getwindowinfo (or the service created on the day when it was firstly detected) on the right > non-tick the box.

Purpose of

By frequently hijacking your browser, manages to intercept huge traffic without knowledge. With the traffic, the PUP is capable of:
  1. directing traffic to its partners’ site for money.
  2. Enhancing PageRank of other products for more CTR and thus promote business.
  3. Convincing online operators to advertise on the platform made by the same creator.
All these direct to one ultimate goal which is money.’s Dissemination Routine 

Apps are always on for today’s people. Bundling with apps/programs is one of the quick ways to get exposed to as many people as possible. As a web application, propagating via other web applications is another major way for its dissemination. All in all, drive-by download from apps and web apps should draw attention from PC users. Thus always giving priority to custom installation method is highly recommended all the time.
get expert help in removing www_getwindowinfo


No comments: