Adware: How To Remove Media Finder
What is Media Finder / Gencrawler?
Media Finder (Mediafinder / Adware.Mediafinder / Gencrawler) is malware, categorized as adware or spyware also defined as a Trojan downloader. Media Finder is manually installed but may be done without knowledge and uses browser helper objects (integraded search, tools, etc.) and extensions (add ons) to monitor for access to certain websites, mainly associated with file sharing, freeware, or shareware. Media Finder also creates registry entries (listed below), that in turn, run Media Finder everytime Windows is started (HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\”Media Finder” = “”%ProgramFiles%\Media Finder\MF.exe” /opentotray” ).
Media Finder is known to associate with Babylon and may have infected your computer alongside Babylon and Rewardsarcade.
Operating Systems Affected:
Windows 95, Windows 98, Windows XP, Windows Me, Windows Vista, Windows NT, Windows Server 2003, Windows 2000
Media Finder Symptoms
- If a web page is visited by the infected user, a HTTP request could be directed to the following location and the result may be injected into the Web page, depending on the extension of the URL: 1mediafindergeneral-cralwer.com
- Internet settings may change, such as home page or start up page.
- Browser search using the URL address bar at the top of the window may redirect searches to unwanted drive by websites.
How to remove Media Finder Malware
Media Finder is large and is only recently recognized by computer antivirus and security databases. Therefore removal may be a daunting task. Chose one of the steps below, they vary from easy to technical.
Antivirus/Security software
Perform a complete system scan and remove/delete the malicious results. Below are antivirus and anti-malware applications which are reported to scan and remove the media finder virus
Symantec (Norton) was the one of the first programs to include Media Finder removal
Replace infected system files. For all Window’s directions click here.
Restore – Recover Computer
Perform a system restore to a date and time before infection. Window’s automatically creates restore points once a week and during system updates, including new installations.
- We have written a post about the Sony Vaio Recovery Center, if that’s your rig.
Start Menu Restore
Standard directions to quickly access Window’s System Restore Wizard.
1. Access windows Start menu and click All Programs.
2. Click and open Accessories, click System Tools, and then click System Restore.
If you are prompted for an administrator password or confirmation, type the password or provide confirmation.
3. Restore your computer to a date and time before infection.
Safe Mode With Command Prompt Restore
If you can not access your operating system, this is the suggested step. If it is difficult to start windows in safe mode, via Windows’s brings up a black screen, with “safe mode” in the four corners – Move your cursor to the lower left corner, where the Search box is usually visible in Windows Start Menu and it will come up, including the “Run” box.
1. Restart/reboot your computer system. Unplug if necessary.
2. Enter your computer in “safe mode with command prompt”. To properly enter safe mode,repeatedly press F8 upon the opening of the boot menu.
3. Once the Command Prompt appears you only have few seconds to type “explorer” and hit Enter.
4. Once Windows Explorer shows up browse to:
- Win XP: C:\windows\system32\restore\rstrui.exe and press Enter
- Win Vista/Seven: C:\windows\system32\rstrui.exe and press Enter
5. Follow all steps to restore or recover your computer system to an earlier time and date, before infection to complete.
- Remove all Media Finder created files from your computer
Below is a command prompt to stop Media Finder from re-generating and a list of all files Media Finder is known to create on Windows, including directory files and registry entries. Remove remove all associated files and entries.
Manual Removal
Remove start up prompt, delete files, and delete registry values.
1. Remove Media Finder registry start up prompt
- Step 1: Open a command prompt: Enter “cmd” on Window’s search or visit your Start Menu>All Programs>Accessories>Command Prompt
- Step 2: Copy and paste the command line below into the prompt and press enter. (Image example below)
echo Start echo # echo ######################## Default dirctory for x86 x64 ######################## echo # echo this command is default system32 directory for x86 OS or x64 OS cd %windir% & cd system32 reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "Media Finder" /f reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "Media Finder" /f echo # echo ######################## Change the dirctory for x64 ######################## echo # echo this command is x86 application's registry for x64 OS cd %windir% & cd syswow64 reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "Media Finder" /f reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "Media Finder" /f echo End
- The command will run automatically when pasted into the command prompt.
2. Manually remove Media Finder directory files
- Below are the directory files Media Finder creates. Simply browse/search your computer and remove each file.
C:\Documents and Settings\All Users\Desktop\Media Finder.lnk C:\Documents and Settings\All Users\Start Menu\Programs\Media Finder\Get the Media Finder License.URL C:\Documents and Settings\All Users\Start Menu\Programs\Media Finder\Media Finder on the Web.url C:\Documents and Settings\All Users\Start Menu\Programs\Media Finder\Media Finder.lnk C:\Documents and Settings\All Users\Start Menu\Programs\Media Finder\Uninstall Media Finder.lnk %UserProfile%\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\@ themediafinder.com\chrome\content\brs.js %UserProfile%\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\@ themediafinder.com\chrome\content\brs.xul %UserProfile%\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\@ themediafinder.com\chrome\content\dm_intercept.js %UserProfile%\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\@ themediafinder.com\chrome\content\dm_intercept.xul %UserProfile%\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\@ themediafinder.com\chrome.manifest %UserProfile%\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\@ themediafinder.com\install.rdf %UserProfile%\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com\chrome\content\icon.png %UserProfile%\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com\chrome\content\main.js %UserProfile%\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com\chrome\content\overlay.xul %UserProfile%\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com\chrome.manifest %UserProfile%\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com\install.rdf %UserProfile%\Application Data\Media Finder\Extensions\gencrawler_gc.crx %UserProfile%\Application Data\Media Finder\Extensions\gencrawler_gc.dll %UserProfile%\Application Data\Media Finder\Extensions\IEPlugin32.dll %UserProfile%\Application Data\Media Finder\Extensions\mf_plugin_gc.crx %UserProfile%\Application Data\Media Finder\link.cfg %UserProfile%\Application Data\Media Finder\Sett.cfg %UserProfile%\Application Data\Media Finder\Temp\downloads.xml %ProgramFiles%\Media Finder\borlndmm.dat %ProgramFiles%\Media Finder\borlndmm.dll %ProgramFiles%\Media Finder\hook.html %ProgramFiles%\Media Finder\MF.exe %ProgramFiles%\Media Finder\mf.ico %ProgramFiles%\Media Finder\Plugins\depositfiles.dll %ProgramFiles%\Media Finder\Plugins\extabit.dll %ProgramFiles%\Media Finder\Plugins\filepost.dll %ProgramFiles%\Media Finder\Plugins\furk.dll %ProgramFiles%\Media Finder\Plugins\hotfile.dll %ProgramFiles%\Media Finder\Plugins\letitbit.dll %ProgramFiles%\Media Finder\Plugins\madshare.dll %ProgramFiles%\Media Finder\Plugins\rapidshare.dll %ProgramFiles%\Media Finder\Plugins\turbobit.dll %ProgramFiles%\Media Finder\Plugins\unibytes.dll %ProgramFiles%\Media Finder\Plugins\uploading.dll %ProgramFiles%\Media Finder\Plugins\uploadstation.dll %ProgramFiles%\Media Finder\Plugins\wupload.dll %ProgramFiles%\Media Finder\Plugins\_4shared.dll %ProgramFiles%\Media Finder\unins000.dat %ProgramFiles%\Media Finder\unins000.exe
3. Manually remove Media Finder registry values:
- Step 1: Type regedit in the search query on your start menu, press enter (picture below).
- Step 2: Browse for each entry (detailed below image) and delete them.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\IEPlugin.DLL\"AppID" = "{3F39D17D-50C7-4AC4-A63A-CDF6CDBD0C61}" HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{3F39D17D-50C7-4AC4-A63A-CDF6CDBD0C61}\"" = "IEPlugin" HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2}\VersionIndependentProgID\"" = "IEPlugin.IEWebHook" HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2}\TypeLib\"" = "{71E3A30E-9444-49D9-ABDB-B4B531D0BBA3}" HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2}\ProgID\"" = "IEPlugin.IEWebHook.1" HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2}\InprocServer32\"" = "%UserProfile%\Application Data\Media Finder\Extensions\IEPlugin32.dll" HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2}\InprocServer32\"ThreadingModel" = "Apartment" HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2}\"" = "Plugin for Media Finder" HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CA4520F3-AE13-4FB1-A513-58E23991C86D}\ProgID\"" = "gencrawler_gc.GenCrawler" HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CA4520F3-AE13-4FB1-A513-58E23991C86D}\InprocServer32\"" = "%UserProfile%\Application Data\MEDIAF~1\EXTENS~1\GENCRA~1.DLL" HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CA4520F3-AE13-4FB1-A513-58E23991C86D}\InprocServer32\"ThreadingModel" = "Apartment" HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CA4520F3-AE13-4FB1-A513-58E23991C86D}\"" = "Help the General-Search Project" HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AE9908C1-3400-4B10-9061-C6C04D96E3D2}\TypeLib\"" = "{71E3A30E-9444-49D9-ABDB-B4B531D0BBA3}" HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AE9908C1-3400-4B10-9061-C6C04D96E3D2}\TypeLib\"Version" = "1.0" HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AE9908C1-3400-4B10-9061-C6C04D96E3D2}\ProxyStubClsid32\"" = "{00020424-0000-0000-C000-000000000046}" HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AE9908C1-3400-4B10-9061-C6C04D96E3D2}\ProxyStubClsid\"" = "{00020424-0000-0000-C000-000000000046}" HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AE9908C1-3400-4B10-9061-C6C04D96E3D2}\"" = "IIEWebHook" HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{71E3A30E-9444-49D9-ABDB-B4B531D0BBA3}\1.0\0\win32\"" = "%UserProfile%\Application Data\Media Finder\Extensions\IEPlugin32.dll" HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{71E3A30E-9444-49D9-ABDB-B4B531D0BBA3}\1.0\HELPDIR\"" = "%UserProfile%\Application Data\Media Finder\Extensions" HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{71E3A30E-9444-49D9-ABDB-B4B531D0BBA3}\1.0\FLAGS\"" = "0" HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{71E3A30E-9444-49D9-ABDB-B4B531D0BBA3}\1.0\"" = "IEPlugin 1.0 Type Library" HKEY_LOCAL_MACHINE\SOFTWARE\Classes\gencrawler_gc.GenCrawler\Clsid\"" = "{CA4520F3-AE13-4FB1-A513-58E23991C86D}" HKEY_LOCAL_MACHINE\SOFTWARE\Classes\gencrawler_gc.GenCrawler\"" = "Help the General-Search Project" HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IEPlugin.IEWebHook\CurVer\"" = "IEPlugin.IEWebHook.1" HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IEPlugin.IEWebHook\CLSID\"" = "{AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2}" HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IEPlugin.IEWebHook\"" = "Plugin for Media Finder" HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IEPlugin.IEWebHook.1\CLSID\"" = "{AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2}" HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IEPlugin.IEWebHook.1\"" = "Plugin for Media Finder" HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MF\shell\open\command\"" = ""%ProgramFiles%\Media Finder\MF.exe" "%1"" HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MF\shell\"" = "open" HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MF\DefaultIcon\"" = ""%ProgramFiles%\Media Finder\MF.exe",0" HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MF\"URL Protocol" = "" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA4520F3-AE13-4FB1-A513-58E23991C86D}\"NoExplorer" = "1" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2}\"" = "IEWebHook" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2}\"NoExplorer" = "1" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\%UserProfile%\Application Data\Media Finder\Extensions\"IEPlugin32.dll" = "1" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\%UserProfile%\Application Data\Media Finder\Extensions\"gencrawler_gc.dll" = "1" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{414C790F-E24E-461B-983A-2AD84474DE4B}_is1\"Inno Setup: Setup Version" = "5.4.2 (u)" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{414C790F-E24E-461B-983A-2AD84474DE4B}_is1\"Inno Setup: App Path" = "%ProgramFiles%\Media Finder" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{414C790F-E24E-461B-983A-2AD84474DE4B}_is1\"InstallLocation" = "%ProgramFiles%\Media Finder\" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{414C790F-E24E-461B-983A-2AD84474DE4B}_is1\"Inno Setup: Icon Group" = "Media Finder" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{414C790F-E24E-461B-983A-2AD84474DE4B}_is1\"Inno Setup: User" = "User" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{414C790F-E24E-461B-983A-2AD84474DE4B}_is1\"Inno Setup: Selected Tasks" = "desktopicon" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{414C790F-E24E-461B-983A-2AD84474DE4B}_is1\"Inno Setup: Deselected Tasks" = "" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{414C790F-E24E-461B-983A-2AD84474DE4B}_is1\"Inno Setup: Language" = "english" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{414C790F-E24E-461B-983A-2AD84474DE4B}_is1\"DisplayName" = "Media Finder 1.0.9.20" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{414C790F-E24E-461B-983A-2AD84474DE4B}_is1\"UninstallString" = "%ProgramFiles%\Media Finder\unins000.exe" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{414C790F-E24E-461B-983A-2AD84474DE4B}_is1\"QuietUninstallString" = ""%ProgramFiles%\Media Finder\unins000.exe" /SILENT" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{414C790F-E24E-461B-983A-2AD84474DE4B}_is1\"DisplayVersion" = "1.0.9.20" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{414C790F-E24E-461B-983A-2AD84474DE4B}_is1\"URLInfoAbout" = "http://www.media-finder.net/" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{414C790F-E24E-461B-983A-2AD84474DE4B}_is1\"HelpLink" = "http://www.media-finder.net/" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{414C790F-E24E-461B-983A-2AD84474DE4B}_is1\"URLUpdateInfo" = "http://www.media-finder.net/" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{414C790F-E24E-461B-983A-2AD84474DE4B}_is1\"NoModify" = "1" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{414C790F-E24E-461B-983A-2AD84474DE4B}_is1\"NoRepair" = "1" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{414C790F-E24E-461B-983A-2AD84474DE4B}_is1\"InstallDate" = "20080303" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{414C790F-E24E-461B-983A-2AD84474DE4B}_is1\"MajorVersion" = "1" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{414C790F-E24E-461B-983A-2AD84474DE4B}_is1\"MinorVersion" = "0" HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai\"version" = "1.1.0" HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai\"path" = "%UserProfile%\Application Data\Media Finder\Extensions\mf_plugin_gc.crx" HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel\"version" = "2.5" HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel\"path" = "%UserProfile%\Application Data\Media Finder\Extensions\gencrawler_gc.crx" HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai\"version" = "1.1.0" HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai\"path" = "%UserProfile%\Application Data\Media Finder\Extensions\mf_plugin_gc.crx" HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel\"version" = "2.5" HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel\"path" = "%UserProfile%\Application Data\Media Finder\Extensions\gencrawler_gc.crx" HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder\"Contexts" = 0x00000022 HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder\"" = "%ProgramFiles%\Media Finder\hook.html" HKEY_CURRENT_USER\Software\Classes\MF\shell\open\command\"" = ""%ProgramFiles%\Media Finder\MF.exe" "%1"" HKEY_CURRENT_USER\Software\Classes\MF\shell\"" = "open" HKEY_CURRENT_USER\Software\Classes\MF\DefaultIcon\"" = ""%ProgramFiles%\Media Finder\MF.exe",0" HKEY_CURRENT_USER\Software\Classes\MF\"URL Protocol" = "" HKEY_CURRENT_USER\Software\Classes\MF\"" = "URL:Media Finder" HKEY_CURRENT_USER\Software\MediaFinder\"IEPluginEnabled" = "1" HKEY_CURRENT_USER\Software\MediaFinder\"FFPluginEnabled" = "1" HKEY_CURRENT_USER\Software\MediaFinder\"GCPluginEnabled" = "1" HKEY_CURRENT_USER\Software\MediaFinder\"ClipboardEnabled = "1" HKEY_CURRENT_USER\Software\MediaFinder\"FileShares" = "[DATA]" HKEY_CURRENT_USER\Software\MediaFinder\"Extensions" = "|7z|ace|arj|avi|bin|doc|exe|fml|grs|gz|hqx|iso|lzh|mp3|mp4|mpeg|mpg|msi|pdf|psd|r0|rar|sit|tar|tgz|txt|xls|z|zip|" HKEY_CURRENT_USER\Software\MediaFinder\"NotSupported" = "[DATA]" HKEY_CLASSES_ROOT\MF\shell\open\command\"" = ""%ProgramFiles%\Media Finder\MF.exe" "%1"" HKEY_CLASSES_ROOT\MF\shell\"" = "open" HKEY_CLASSES_ROOT\MF\DefaultIcon\"" = ""%ProgramFiles%\Media Finder\MF.exe",0" HKEY_CLASSES_ROOT\MF\"URL Protocol" = "" HKEY_CLASSES_ROOT\MF\"" = "URL:Media Finder"
Finally…. thank you… have a long slog deleting files ahead… but at least now I know I’ll no longer be desturbed by these most irritating people… I hope that somewhere along the line one day… people who develop these kinds of intrusive programs get bashed over the head!!! (just putting it politely) 🙂
Thanks so much for your help!!!
Regards
Jax
Thanks a lot for the very easy removal instructions.
c:\WINDOWS>reg delete reg delete “HKCU\Software\Microsoft\Windows\CurrentVersion\Run” /v “Media Finder” /f
come back with –> Error: Too many command-line parameters
reg delete “HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run” /v “Media Finder” /f
come back with –> Error: Too many command-line parameters
echo End
Any solution to that ?
Tkx,
Great post!
Malware Bytes is really good for people who don’t want to commit to Norton.
There are so many different Media Finders, but this post is dead on. Thank you.
For the people that without permission and installed software on to your computer, you are not welcome.
On the other hand, because their action; it make the people helping the innocent and defenseless computer user look even better.
You guys and gals Rock !!