Browser Hijack

[Moir]

Using OE6 (on our family computer). Hijacked by hotoffers.info/278/ Can't
seem to get rid of it. Appreciate any help to rid ourselves of this
hijacker. Quite happy to edit registry if I know what I am looking for.

 

[Carey Frisch [MVP]]

Unexplained computer behavior may be caused by deceptive software
http://support.microsoft.com/?­id=827315

Download Ad-aware SE and scan your PC for the presence of sp­yware:
http://www.download.com/3000-2144-10045910.html?part=69274&subj=dlpage&tag=button

Symantec Security Check
http://security.symantec.com/s­scv6/default.asp?langid=ie&ven­id=sym

Microsoft Windows AntiSpyware
http://www.microsoft.com/downloads/...a2-6a57-4c57-a8bd-dbf62eda9671&displaylang=en

3 Simple Steps to Help Ensure the Protection of Your PC
http://www.microsoft.com/athom­e/security/protect/default.msp­x

Utilize the following maintenance programs, at least monthly,
to maintain the optimum performance of Windows XP:

Description of the Disk Cleanup Tool in Windows XP
http://support.microsoft.com/default.aspx?scid=kb;en-us;310312&Product=winxp

How to Perform Disk Error Checking in Windows XP
http://support.microsoft.com/default.aspx?scid=kb;en-us;315265&Product=winxp

HOW TO: Analyze and Defragment a Disk in Windows XP
http://support.microsoft.com/default.aspx?scid=kb;en-us;305781&Product=winxp

--
Carey Frisch
Microsoft MVP
Windows XP - Shell/User
Microsoft Newsgroups

Get Windows XP Service Pack 2 with Advanced Security Technologies:
http://www.microsoft.com/athome/security/protect/windowsxp/choose.mspx

-------------------------------------------------------------------------------------------

:

| Using OE6 (on our family computer). Hijacked by hotoffers.info/278/ Can't
| seem to get rid of it. Appreciate any help to rid ourselves of this
| hijacker. Quite happy to edit registry if I know what I am looking for.

 

[Moir]

Thanks Carey for all those suggestions. BUT, I have updated and run
Ad-aware, also Spybot Search and Destroy, neither of which have removed the
offending files/folders. I have updated and run my antivirus program eTrust
ezAntivirus and I still have the hijacker! I have also run HiJack This which
shows the browser hijacker but does not let you delete the item. All of
these have been run in Safe Mode. Any more ideas appreciated - thanks.

 

[quondam1]

Thanks Carey for all those suggestions. BUT, I have updated and run
Ad-aware, also Spybot Search and Destroy, neither of which have removed the
offending files/folders. I have updated and run my antivirus program eTrust
ezAntivirus and I still have the hijacker! I have also run HiJack This which
shows the browser hijacker but does not let you delete the item. All of
these have been run in Safe Mode. Any more ideas appreciated - thanks.

Here's how to get rid of it: Go to your C disk, and access system32 in
Windows. You'll find a thing there called param32.dll -- that's the
bad guy.

Note the date and time when it installed itself. Then delete all the
files that installed at the same time as param. Param32.dll won't
delete on demand like the other programs will. You will need to go
into safemode to remove it.

Then check your other files to get rid of the hotoffers icons, and
clear your desktop of all the hotoffers shortcuts by tossing them in
the recycle bin.

Before you get back on line,you will need to reset the homepage on your
browser or it will open a page that will dump Hotoffers on your hard
drive again.

Hotoffers also affects Mozilla, so if you have their browser, you will
need to reset the home page on it offline as well.