RES:// Homepage Hijacker

[Michael D. Alligood]

I am having the hardest time removing this res://random.dll/index.htm homepage hijacker from IE 6.0. I have used CWShedder, HiJackThis, Spybot 1.3, Ad-Aware, About:Buster, and Pest Patrol. I have used the removal instruction on http://www.pchell.com/support/onlythebest.shtml to no avail. Any suggestion (except for replacing IE with Mozilla) would be greatly appreciated.

--
Best of luck!

Michael D. Alligood
MCSA, MCP, CCNA, A+,
Network+, i-Net+, CIW A, CIW CI

 

[RaYzor]

This might be the one that buries itself into the registry, and then insters itself as a explorer process, then disappears. you will never find it this way ... .. I had a bitch of a time finding the responsible DLL ...

What I do is reboot in safe mode, and view all folders and file hidden or system. Then I go into Windows\system32 directory and sort by date. Most likely you will find a gret many recently installed garbage EXE and DLL files ...

It can get pretty complex and u should seek pro help if you are not capable, these kind of things are sensitive and removing the wrong thing can wreak havoc.
I am having the hardest time removing this res://random.dll/index.htm homepage hijacker from IE 6.0. I have used CWShedder, HiJackThis, Spybot 1.3, Ad-Aware, About:Buster, and Pest Patrol. I have used the removal instruction on http://www.pchell.com/support/onlythebest.shtml to no avail. Any suggestion (except for replacing IE with Mozilla) would be greatly appreciated.

--
Best of luck!

Michael D. Alligood
MCSA, MCP, CCNA, A+,
Network+, i-Net+, CIW A, CIW CI

 

[Jim Byrd]

Hi Michael - This one is indeed a difficult removal. I'm informed that the
01R325 AdAware update of 6/28 or later (and hopefuly the new AdAwareSE
version) supposedly completely removes this for some variants/malware
implimentations; however, I haven't been able to independently verify this
and have also heard some contrary info. Try it first (from Safe mode), and
if it doesn't work then,

See these threads first:
http://www.pchell.com/support/lookfor.shtml and
http://www.pchell.com/support/onlythebest.shtml for manual removal
instructions

http://zerosrealm.com/index.php?page=dllfix (Read very
carefully!)http://forums.spywareinfo.com/index.php?showtopic=7447
http://forums.spywareinfo.com/index.php?showtopic=7261

http://forums.spywareinfo.com/index.php?showtopic=7281


Then from merijn, here: <http://www.spywareinfo.com/~merijn/index.html>


June 18, 2004:
Please stop emailing me about the new CWS variant that hijacks you to
res://<random>.dll/sp.html#96676. I am aware of this new thing, but it's a
beast to remove.
A solution is being worked on, see this thread on the SWI forums
http://forums.spywareinfo.com/index.php?showtopic=7447.

If it's not working for you, or it's too complicated, I heard from several
people that this workaround works as well:
Open the DLL you get hijacked to in Notepad
Select all content (Ctrl-A) and delete it
Save the file and exit Notepad
Find the file in Explorer, right-click it, select Properties, put a
checkmark in 'Read-Only' and click OK.
If you can't find the DLL file, make sure your settings allow you to view
"Hidden files". Open up any explorer windows and click on "Tools", "Folder
Options", "View" and be sure to check off "Show Hidden Files and Folders".



--
Please respond in the same thread.
Regards, Jim Byrd, MS-MVP
I am having the hardest time removing this res://random.dll/index.htm
homepage hijacker from IE 6.0. I have used CWShedder, HiJackThis, Spybot
1.3, Ad-Aware, About:Buster, and Pest Patrol. I have used the removal
instruction on http://www.pchell.com/support/onlythebest.shtml to no avail.
Any suggestion (except for replacing IE with Mozilla) would be greatly
appreciated.

--
Best of luck!

Michael D. Alligood
MCSA, MCP, CCNA, A+,
Network+, i-Net+, CIW A, CIW CI

 

[Guest]

This Forum > The About Buster Forum > seems to helping people get rid of the RES://. Try his self-help fix & if that doesn't work, post a log.

http://www.malwarebytes.biz/forums/index.php?showforum=5
I am having the hardest time removing this res://random.dll/index.htm homepage hijacker from IE 6.0. I have used CWShedder, HiJackThis, Spybot 1.3, Ad-Aware, About:Buster, and Pest Patrol. I have used the removal instruction on http://www.pchell.com/support/onlythebest.shtml to no avail. Any suggestion (except for replacing IE with Mozilla) would be greatly appreciated.

--
Best of luck!

Michael D. Alligood
MCSA, MCP, CCNA, A+,
Network+, i-Net+, CIW A, CIW CI

 

[wayne]

Safe mode usage is the key to remove any spyware and make sure you check the
Windows and the System32 folders. I had one where files were installed in
both when you tried to delete the files in one the program running from the
other folder put them back!


Wayne


I am having the hardest time removing this res://random.dll/index.htm
homepage hijacker from IE 6.0. I have used CWShedder, HiJackThis, Spybot
1.3, Ad-Aware, About:Buster, and Pest Patrol. I have used the removal
instruction on http://www.pchell.com/support/onlythebest.shtml to no avail.
Any suggestion (except for replacing IE with Mozilla) would be greatly
appreciated.

--
Best of luck!

Michael D. Alligood
MCSA, MCP, CCNA, A+,
Network+, i-Net+, CIW A, CIW CI

 

[mysticpain]

I too had a hell of a time removing that one. I used all the major spy and adaware programs as well. You really need to not the path of the infected files and manually remove them. It is a daunting task. I also made several manual registry deletions. So far I have found no simple solution on this one. Just good old fashioned detective work and a hell of a lotta frustration!!!
I am having the hardest time removing this res://random.dll/index.htm homepage hijacker from IE 6.0. I have used CWShedder, HiJackThis, Spybot 1.3, Ad-Aware, About:Buster, and Pest Patrol. I have used the removal instruction on http://www.pchell.com/support/onlythebest.shtml to no avail. Any suggestion (except for replacing IE with Mozilla) would be greatly appreciated.

--
Best of luck!

Michael D. Alligood
MCSA, MCP, CCNA, A+,
Network+, i-Net+, CIW A, CIW CI

 

[Haus]

Have you tried Bazooka it is good about finding stuff in the registry.
I use it a lot to clean up puters, have had good luck so far.
http://www.kephyr.com/spywarescanner/supportus.phtml

--
Good Day
Haus



I am having the hardest time removing this res://random.dll/index.htm
homepage hijacker from IE 6.0. I have used CWShedder, HiJackThis, Spybot
1.3, Ad-Aware, About:Buster, and Pest Patrol. I have used the removal
instruction on http://www.pchell.com/support/onlythebest.shtml to no avail.
Any suggestion (except for replacing IE with Mozilla) would be greatly
appreciated.

--
Best of luck!

Michael D. Alligood
MCSA, MCP, CCNA, A+,
Network+, i-Net+, CIW A, CIW CI

 

[Lawrence Abrams]

Safe mode and manually digging around the registry is not going to fix this
problem. This particular infection installs helper programs that monitor
each other and replace deleted and removed items.

The best way to remove this is to do a manual removal in addition to using
about:buster. About:buster alone is only successful some of the time.

Create a directory on your hardrive to save HijackThis.exe. A directory
like c:\hijackthis. If you do not do this, you will not be able to use the
backup/restore features.

Download HijackThis from:

http://www.spywareinfo.com/~merijn/files/hijackthis.zip

or here:

http://www.bleepingcomputer.com/files/spyware/hijackthis.zip

Save this file into the directory you made previously and then run the
program named hijackthis.exe. When the program opens click on the Config
button, then click on the Misc Tools button, and click on the Check for
update online button. When it completes checking/applying updates press the
back button.

Now click on the Scan button and when it is finished click on the Save Log
button. A Notepad window will open with the contents of this log. Click on
Edit then click on Select all. Then click on Edit and then Click on Copy.

Register an account at http://www.bleepingcomputer.com and post this created
log into the Hijackthis Logs forum at that site. To do this, once you are
registered, create a new post, right click in message area and select paste
to paste the log into the post.

An expert will reply to you after reading this post. DO NOT fix any entries
unless you are absolutely sure you know what you are doing as you may cause
more damage to the system

To see a tutorial on using HijackThis you can click on the link below.
http://www.bleepingcomputer.com/forums/index.php?showtutorial=42

--
Lawrence Abrams
http://www.bleepingcomputer.com
Source for Original Content, Tutorials, and Support for the beginning
computer user.

--------------------
I am having the hardest time removing this res://random.dll/index.htm
homepage hijacker from IE 6.0. I have used CWShedder, HiJackThis, Spybot
1.3, Ad-Aware, About:Buster, and Pest Patrol. I have used the removal
instruction on http://www.pchell.com/support/onlythebest.shtml to no avail.
Any suggestion (except for replacing IE with Mozilla) would be greatly
appreciated.

--
Best of luck!

Michael D. Alligood
MCSA, MCP, CCNA, A+,
Network+, i-Net+, CIW A, CIW CI

 

[PsyB]

You should also remember that you will FIRST have to turn off System
Restore (rghtclk My Computer, Select Properties, click System Restore
tab, put a check in Turn of System Restore) After you you have followed
the other good advice given here and you have verified that the Spyware
has been removed, turn System Restore back on.

PsyB