Safe mode and manually digging around the registry is not going to fix this
problem. This particular infection installs helper programs that monitor
each other and replace deleted and removed items.
The best way to remove this is to do a manual removal in addition to using
about:buster. About:buster alone is only successful some of the time.
Create a directory on your hardrive to save HijackThis.exe. A directory
like c:\hijackthis. If you do not do this, you will not be able to use the
backup/restore features.
Download HijackThis from:
http://www.spywareinfo.com/~merijn/files/hijackthis.zip
or here:
http://www.bleepingcomputer.com/files/spyware/hijackthis.zip
Save this file into the directory you made previously and then run the
program named hijackthis.exe. When the program opens click on the Config
button, then click on the Misc Tools button, and click on the Check for
update online button. When it completes checking/applying updates press the
back button.
Now click on the Scan button and when it is finished click on the Save Log
button. A Notepad window will open with the contents of this log. Click on
Edit then click on Select all. Then click on Edit and then Click on Copy.
Register an account at
http://www.bleepingcomputer.com and post this created
log into the Hijackthis Logs forum at that site. To do this, once you are
registered, create a new post, right click in message area and select paste
to paste the log into the post.
An expert will reply to you after reading this post. DO NOT fix any entries
unless you are absolutely sure you know what you are doing as you may cause
more damage to the system
To see a tutorial on using HijackThis you can click on the link below.
http://www.bleepingcomputer.com/forums/index.php?showtutorial=42
--
Lawrence Abrams
http://www.bleepingcomputer.com
Source for Original Content, Tutorials, and Support for the beginning
computer user.
--------------------
I am having the hardest time removing this res://random.dll/index.htm
homepage hijacker from IE 6.0. I have used CWShedder, HiJackThis, Spybot
1.3, Ad-Aware, About:Buster, and Pest Patrol. I have used the removal
instruction on
http://www.pchell.com/support/onlythebest.shtml to no avail.
Any suggestion (except for replacing IE with Mozilla) would be greatly
appreciated.
--
Best of luck!
Michael D. Alligood
MCSA, MCP, CCNA, A+,
Network+, i-Net+, CIW A, CIW CI