Re: RES:// Homepage Hijacker
From: Lawrence Abrams (grinler-AT=bleepingcomputer.com)
Date: Thu, 12 Aug 2004 00:34:47 -0400
Safe mode and manually digging around the registry is not going to fix this
problem. This particular infection installs helper programs that monitor
each other and replace deleted and removed items.
The best way to remove this is to do a manual removal in addition to using
about:buster. About:buster alone is only successful some of the time.
Create a directory on your hardrive to save HijackThis.exe. A directory
like c:\hijackthis. If you do not do this, you will not be able to use the
Download HijackThis from:
Save this file into the directory you made previously and then run the
program named hijackthis.exe. When the program opens click on the Config
button, then click on the Misc Tools button, and click on the Check for
update online button. When it completes checking/applying updates press the
Now click on the Scan button and when it is finished click on the Save Log
button. A Notepad window will open with the contents of this log. Click on
Edit then click on Select all. Then click on Edit and then Click on Copy.
Register an account at http://www.bleepingcomputer.com and post this created
log into the Hijackthis Logs forum at that site. To do this, once you are
registered, create a new post, right click in message area and select paste
to paste the log into the post.
An expert will reply to you after reading this post. DO NOT fix any entries
unless you are absolutely sure you know what you are doing as you may cause
more damage to the system
To see a tutorial on using HijackThis you can click on the link below.
-- Lawrence Abrams http://www.bleepingcomputer.com Source for Original Content, Tutorials, and Support for the beginning computer user. -------------------- "Michael D. Alligood" <email@example.com> wrote in message news:OCLIOD%23fEHA.1652@TK2MSFTNGP09.phx.gbl... I am having the hardest time removing this res://random.dll/index.htm homepage hijacker from IE 6.0. I have used CWShedder, HiJackThis, Spybot 1.3, Ad-Aware, About:Buster, and Pest Patrol. I have used the removal instruction on http://www.pchell.com/support/onlythebest.shtml to no avail. Any suggestion (except for replacing IE with Mozilla) would be greatly appreciated. -- Best of luck! Michael D. Alligood MCSA, MCP, CCNA, A+, Network+, i-Net+, CIW A, CIW CI