Re: RES:// Homepage Hijacker

From: Lawrence Abrams (grinler-AT=bleepingcomputer.com)
Date: 08/12/04


Date: Thu, 12 Aug 2004 00:34:47 -0400

Safe mode and manually digging around the registry is not going to fix this
problem. This particular infection installs helper programs that monitor
each other and replace deleted and removed items.

The best way to remove this is to do a manual removal in addition to using
about:buster. About:buster alone is only successful some of the time.

Create a directory on your hardrive to save HijackThis.exe. A directory
like c:\hijackthis. If you do not do this, you will not be able to use the
backup/restore features.

Download HijackThis from:

http://www.spywareinfo.com/~merijn/files/hijackthis.zip

or here:

http://www.bleepingcomputer.com/files/spyware/hijackthis.zip

Save this file into the directory you made previously and then run the
program named hijackthis.exe. When the program opens click on the Config
button, then click on the Misc Tools button, and click on the Check for
update online button. When it completes checking/applying updates press the
back button.

Now click on the Scan button and when it is finished click on the Save Log
button. A Notepad window will open with the contents of this log. Click on
Edit then click on Select all. Then click on Edit and then Click on Copy.

Register an account at http://www.bleepingcomputer.com and post this created
log into the Hijackthis Logs forum at that site. To do this, once you are
registered, create a new post, right click in message area and select paste
to paste the log into the post.

An expert will reply to you after reading this post. DO NOT fix any entries
unless you are absolutely sure you know what you are doing as you may cause
more damage to the system

To see a tutorial on using HijackThis you can click on the link below.
http://www.bleepingcomputer.com/forums/index.php?showtutorial=42

-- 
Lawrence Abrams
http://www.bleepingcomputer.com
Source for Original Content, Tutorials, and Support for the beginning
computer user.
--------------------
"Michael D. Alligood" <michael@noemail.com> wrote in message
news:OCLIOD%23fEHA.1652@TK2MSFTNGP09.phx.gbl...
I am having the hardest time removing this res://random.dll/index.htm
homepage hijacker from IE 6.0. I have used CWShedder, HiJackThis, Spybot
1.3, Ad-Aware, About:Buster, and Pest Patrol. I have used the removal
instruction on http://www.pchell.com/support/onlythebest.shtml to no avail.
Any suggestion (except for replacing IE with Mozilla) would be greatly
appreciated.
-- 
Best of luck!
Michael D. Alligood
MCSA, MCP, CCNA, A+,
Network+, i-Net+, CIW A, CIW CI


Relevant Pages

  • Re: RES:// Homepage Hijacker
    ... Safe mode and manually digging around the registry is not going to fix this ... log into the Hijackthis Logs forum at that site. ...
    (microsoft.public.windows.inetexplorer.ie6.browser)
  • Re: RES:// Homepage Hijacker
    ... Safe mode and manually digging around the registry is not going to fix this ... log into the Hijackthis Logs forum at that site. ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: RES:// Homepage Hijacker
    ... Safe mode and manually digging around the registry is not going to fix this ... log into the Hijackthis Logs forum at that site. ...
    (microsoft.public.windowsxp.network_web)
  • Re: internet properties problem
    ... See if a restriction is found at this Registry Key: ... Search2 variant) MiniRemoval tool, and HijackThis. ... DO NOT have HijackThis fix *anything* until you've been advised ... In the "General" tab, they disables the ...
    (microsoft.public.windows.inetexplorer.ie6.browser)
  • Re: Updates are downloaded but fail to install
    ... So I applied the fix for that (see ... and then applied the below quoted registry fix. ... dl'd it) but when I again tried to install the update from the MS Update ... Windows Updates problem" on a few computers that I have worked on....The ...
    (microsoft.public.windowsupdate)