ShopNav is a search-hijacker implemented as an Internet Explorer Browser Helper Object, with an updater process run at startup.

Address bar searches, the Search explorer bar, unknown domains, and, in some variants, non-www server names entered into the address bar without the preceding 'http://' will be sent to Srng's controlling server www.srng.net, which redirects to a search service at apps.webservicehost.com.

Also known as

Srng , after the folder name and domain name used by ShopNav.

Variants

ShopNav/IE was the initial variant, using separate DLLs for its BHO (IEHelper.dll) and search hijacker (SearchHook.dll).

ShopNav/SN is an update using only one BHO DLL, SNHelper.dll.

Distribution

Distributed with versions of Grokster from March 2003. Not mentioned in (the over 30,000 words of) licence agreement.

Advertising

No.

Privacy violation

Minor. When installed it sends details including your Windows account name and your previous search settings to its controlling server.

Security issues

Yes. Can download and install arbitrary code from its controlling server, as an update feature.

Stability problems

None known.

Removal

Open the registry (click 'Start', choose 'Run', and type 'regedit'), and find the key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run. In the list of values on the right, delete the 'srng' entry.

Next, open a DOS command prompt window (from Start->Programs->Accessories) and enter the following commands, for the IE variant:

Or for the SN variant:

Restart the machine and you should be able to delete the 'Srng' folder inside the Program Files folder. You can also open the registry (Start->Run->regedit) and delete key HKEY_LOCAL_MACHINE\SOFTWARE\Srng, and delete the 'words.lst' file in the Windows folder to clean up if you like.

Finally, restore the normal search settings (Internet Options->Programs->Reset Web Settings).