Moir said:
Thanks Carey for all those suggestions. BUT, I have updated and run
Ad-aware, also Spybot Search and Destroy, neither of which have removed the
offending files/folders. I have updated and run my antivirus program eTrust
ezAntivirus and I still have the hijacker! I have also run HiJack This which
shows the browser hijacker but does not let you delete the item. All of
these have been run in Safe Mode. Any more ideas appreciated - thanks.
Here's how to get rid of it: Go to your C disk, and access system32 in
Windows. You'll find a thing there called param32.dll -- that's the
bad guy.
Note the date and time when it installed itself. Then delete all the
files that installed at the same time as param. Param32.dll won't
delete on demand like the other programs will. You will need to go
into safemode to remove it.
Then check your other files to get rid of the hotoffers icons, and
clear your desktop of all the hotoffers shortcuts by tossing them in
the recycle bin.
Before you get back on line,you will need to reset the homepage on your
browser or it will open a page that will dump Hotoffers on your hard
drive again.
Hotoffers also affects Mozilla, so if you have their browser, you will
need to reset the home page on it offline as well.