The following instructions have been created to help you to get rid of "Naupoint" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:
  • hijacker

Description:
Some variants are silently downloaded and installed by an active-X application as BHO for Internet Explorer. It can download and run software from the controlling server (naupoint.com). It also adds favorites , adds the site as startpage thus beeing a browser hijacker , redirects to its searchsite.
Supposed Functionality:
The Naupoint Toolbar is a toolbar for Internet Explorer that offers a popup blocker, web search, a dictionary, zoom function and some other features.
Privacy Statement:
12. UPDATES. You grant Naupoint.com permission to add/remove features and/or functions to the existing software and/or service, or to install new applications, at any time, in its sole discretion with or without your knowledge and/or interaction. You also grant
Naupoint.com permission to make any changes to the software and/or service provided at any time.,

13. SERVER INTERACTION. You understand and accept that when the software is installed, it periodically comminutes with a server operated by Naupoint.com and/or third party servers.

14. INFORMATION COLLECTION. You understand and grant Naupoint.com permission to assign each copy of the software an unique software identify code. You grant Naupoint.com permission to collect and store information on which toolbar buttons you click on and the search terms you entered on the toolbar.

15. WEB SITES OPT OUT. You accept that persons who make information available on the Web do so with the expectation that such information will be publicly and widely available and will be indexed by information location tools such as search engines. You also accept that making links to publicly accessible web pages available from our Service is legally permissible and consistent with the common, customary expectations of those who make use of the Web. If access to a particular Web site is restricted, we will remove the link to that site from the Service at the site operatorís request. If, however, the operator of the site does not take steps to prevent it, Naupoint.com is likely to find it and index it again. Site operators should e-mail support@naupoint.com to have the link remove.
Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.
  • A file with an unknown location named "iEBINST.dll".
  • A file with an unknown location named "iEBINST.ini".
  • The file at "<$WINDIR>\Downloaded Program Files\sp1.dll".
  • A file with an unknown location named "iEBINST2.dll".
Make sure you set your file manager to display hidden and system files. If Naupoint uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.
  • Delete the registry key "{0036F389-FEF8-43AC-9220-16430E0012ED}" at "HKEY_CLASSES_ROOT\CLSID\".
  • Delete the registry key "{0036F389-FEF8-43AC-9220-16430E0012ED}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
  • Delete the registry key "{D97EF13D-5746-4EA8-AD5C-9EE95E60016F}" at "HKEY_LOCAL_MACHINE\CLSID\".
  • Delete the registry key "{D97EF13D-5746-4EA8-AD5C-9EE95E60016F}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
  • Delete the registry key "{44FD0AF8-9D30-4E96-8ECE-306446B5E0D3}" at "HKEY_CLASSES_ROOT\CLSID\".
  • Delete the registry key "{44FD0AF8-9D30-4E96-8ECE-306446B5E0D3}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
If Naupoint uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Browser:

There are more browser plugins or items that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,
  1. Please read these instructions before requesting assistance,
  2. Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.