G
Guest
Hi all
Have had problem of browser being hijacked and PopUps then telling me that
system is infected with Spyware etc. I have run each of the following
multiple times (in both normal and safe mode) : Ad-Aware SE, CWS, Hijackthis,
SpybotSD, Spywarescanner, BHODemon, SpywareBlaster, SpySubtract, NoAdware. My
OS is XP Professional. Ad-Aware always lists at least 20 critical objects,
which I delete.I investigated in detail each entry returned by HijackThis -
fixed those that were suspect. The other apps tell me all is in order. But
then,when I start IE again, the BHO returns and the problem reoccurs. Info
gleaned from BHODemon is as follows:
Registry Entry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser
Helper Objects\{EEE866F9-E8F2-4342-8A40-A1E63330417D}. A dll (each time with
a different name). eg C:\Windows\System32\aoapi.dll is picked up by BHODemon.
This is also picked up by Hijackthis, but only after IE has started. I fix it
using HijackThis, but the prob just comes back again.
Any assistance would be greatly appreciated. Thanks.
Have had problem of browser being hijacked and PopUps then telling me that
system is infected with Spyware etc. I have run each of the following
multiple times (in both normal and safe mode) : Ad-Aware SE, CWS, Hijackthis,
SpybotSD, Spywarescanner, BHODemon, SpywareBlaster, SpySubtract, NoAdware. My
OS is XP Professional. Ad-Aware always lists at least 20 critical objects,
which I delete.I investigated in detail each entry returned by HijackThis -
fixed those that were suspect. The other apps tell me all is in order. But
then,when I start IE again, the BHO returns and the problem reoccurs. Info
gleaned from BHODemon is as follows:
Registry Entry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser
Helper Objects\{EEE866F9-E8F2-4342-8A40-A1E63330417D}. A dll (each time with
a different name). eg C:\Windows\System32\aoapi.dll is picked up by BHODemon.
This is also picked up by Hijackthis, but only after IE has started. I fix it
using HijackThis, but the prob just comes back again.
Any assistance would be greatly appreciated. Thanks.