呵呵，国内对这类恶意程序好象没正式命名，我觉得叫“网页绑架者”比较好听。这一类的东西很多，有专门针对拨号用户的，也有普及型的，特点都是：用户网页打开后会自动跳转到一个国外网站去。单单更改注册表是不解决问题的，今天搞了好几个小时，又到国外站点上查了资料才搞定，很奇怪的是国内的站点上很少看到相关报道；金山有类似的介绍，但在清除方法上却不肯透露，而让人去选择在线服务，哎~~~~~~
我来跟大家贴贴吧，没准谁还可以用上呢。
金山的介绍（只说了其中一种）：
Trojan.Aswnk 　★★ 传播：文件　网络

　　 该木马病毒特点是：

　　 病毒会释放一个DLL文件件，并且病毒会每隔15秒使用regsvr32.exe来加载此DLL文件来DLL来将用户的网页连接指向此类网站： 204.177.*.*/ ; 从而导至网络资源的浪费。

　　如发现可疑文件，请email至:virus@kingsoft.net

　　数据修复急救，请登陆：http://support.kingsoft.net

国外站点上找的帖子（我试过，管用）：
Description
AutoSearch is an IE Browser Helper Object that hijacks address-bar searches. It knows about some of the other prevalent search-hijackers — IGetNet, CommonName and NewDotNet — and will steal back any address bar searches they take over
Also known as
AutoSearchBHO\Hijacker by Ad-Aware. MSInfoSys after its filename.
Distribution
As yet unknown.
What it does
Advertising
No, though Wink/ASWnk does. (See below.)
Any address bar search you do is sent to a single page at www.tunders.com (which includes only static adverts, no search results).
Privacy violation
No.
Security issues
No.
Stability problems
None known.
Removal
Open a DOS command prompt window (from Start->Programs->Accessories) and enter the following commands:
cd "%WinDir%\System"
regsvr32 /u msinfosys.dll
You should now be able to delete the 'msinfosys.dll' file in your System folder (inside the Windows folder; called 'System32' on Windows NT/2000/XP).
It is believed that AutoSearch is installed with or by Wink/ASWnk — check your system for this parasite.
Wink removal
Wink is a family of parasites based around dialler software. It cannot be detected by the script at this site. Some variants of Wink are actual diallers; others have had this function enabled and act as adware. Wink can download and execute arbitrary unsigned code from its controlling server at 204.177.92.204. It also puts an entry in Add/Remove Programs to run a file '[variant name]_uninstall.exe' in the Windows System folder, which fails to work.
Wink can be spotted by opening the registry (click 'Start', choose 'Run', enter 'regedit') and finding the key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run; Wink variants have a characteristic run string ending in '/noconnect'. This entry should be deleted, along with the keys HKEY_CLASSES_ROOT\.WINK, HKEY_CLASSES_ROOT\WINK File and HKEY_CURRENT_USER\Software\SiteIcons. Then restart and delete the program file, which lives in a folder called 'dialers' in 'C:\Program Files'.
Wink/ASWnk: not a dialler. Opens pop-up ads from fassia.net. Program file is ASWnk.exe in a Program Files folder called 'primesoft\ASWnk' (instead of the usual 'dialers').
Wink/nsdlua: not a dialler. Opens pop-up ads from (deep breath) 0-ol1oiz-xolxii1-oxli10ozl1l1-o-l-11-iizxp-l-0o-oll11iz0oil-ol.com. Program file is 'dialers\nsdlua\nsdlua.exe'. This is known to be loaded as a fake pop-up-killer application (which claims it has failed to run), by stopannoyingpopups.com; exploitation of an IE security hole is suspected here.
Wink/hot: various diallers: at least hot_swiss, hot_canada and hotsurprise_in have been seen. Program file is in the form 'dialers\hot_swiss\hot_swiss.exe' (and so on for the other variants).
Wink/UKVideo2: another dialler, program file 'dialers\ukvideo2\ukvideo2.exe'.
Wink/DateMaker: more diallers: at least datemakerspain and datemakerintl have been seen. Program file in the form 'dialers\datemakerspain\datemakerspain.exe' and so on. Uses registry key 'HKEY_CLASSES_ROOT\dting File' instead of 'WINK file'. Detected by Sophos anti-virus as Dial/Datemake and by Panda anti-virus as Trj/Pornspa.