G
Guest
hi, everyone i'm lee... my friend's IE6 (probably) got hijacked and we
can't figure out what to do anymore.
anyway, here's what he told me to post about the problem...
first of all, when he tries to access the any website, he gets redirected to:
res://C:\WINDOWS\System32\shdoclc.dll/navcancl.htm
then, this particular program gets loaded to his cpu's memory: CSRSSU.Exe
when you try to terminate it, it does for a few seconds then runs again...
he also noted that during the time that the hijack probably took place,
there was a program called SWPLO.exe that wanted to access the internet.
now, when he wants to access any website, say hotmail, instead of
http://hotmail.com, the URL gets appended as such ->
http://ehttp.cc/?hotmail.com and the browser will tell you that there's a
"possible virus threat" message on the main window (yeah, we know that
harhar) afterwards, the browser wants to access another site,
"www.e-finder.cc/hp/.." (from what he can read from the status bar)
he uses a firewall and he has norton running but it still got through...
we've tried virus scans, adaware, and spybot to name a few but so far,
nothing's worked... i really hope you guys can help coz he's on the verge of
reformatting his pc again and hopefully it won't get stuck in the registry
^^;
any help will be appreciated thanks!
lee
can't figure out what to do anymore.
anyway, here's what he told me to post about the problem...
first of all, when he tries to access the any website, he gets redirected to:
res://C:\WINDOWS\System32\shdoclc.dll/navcancl.htm
then, this particular program gets loaded to his cpu's memory: CSRSSU.Exe
when you try to terminate it, it does for a few seconds then runs again...
he also noted that during the time that the hijack probably took place,
there was a program called SWPLO.exe that wanted to access the internet.
now, when he wants to access any website, say hotmail, instead of
http://hotmail.com, the URL gets appended as such ->
http://ehttp.cc/?hotmail.com and the browser will tell you that there's a
"possible virus threat" message on the main window (yeah, we know that
harhar) afterwards, the browser wants to access another site,
"www.e-finder.cc/hp/.." (from what he can read from the status bar)
he uses a firewall and he has norton running but it still got through...
we've tried virus scans, adaware, and spybot to name a few but so far,
nothing's worked... i really hope you guys can help coz he's on the verge of
reformatting his pc again and hopefully it won't get stuck in the registry
^^;
any help will be appreciated thanks!
lee