Hi GB -
I'm informed that the 01R325 AdAware update of 6/28 or later supposedly
completely removes this for some variants/malware implimentations; however,
I haven't been able to independently verify this and have also heard
contrary info. Try it first (from Safe mode), and if it doesn't work then,
See these threads first:
http://zerosrealm.com/index.php?page=dllfix (Read very carefully!)
<
http://forums.spywareinfo.com/index.php?showtopic=7447>
<
http://forums.spywareinfo.com/index.php?showtopic=7261>
<
http://forums.spywareinfo.com/index.php?showtopic=7281>
Then from merijn, here: <
http://www.spywareinfo.com/~merijn/index.html>
June 18, 2004:
Please stop emailing me about the new CWS variant that hijacks you to
res://<random>.dll/sp.html#96676. I am aware of this new thing, but it's a
beast to remove.
A solution is being worked on, see this thread on the SWI forums
<
http://forums.spywareinfo.com/index.php?showtopic=7447>.
If it's not working for you, or it's too complicated, I heard from several
people that this workaround works as well:
Open the DLL you get hijacked to in Notepad
Select all content (Ctrl-A) and delete it
Save the file and exit Notepad
Find the file in Explorer, right-click it, select Properties, put a
checkmark in 'Read-Only' and click OK.
If you can't find the DLL file, make sure your settings allow you to view
"Hidden files". Open up any explorer windows and click on "Tools", "Folder
Options", "View" and be sure to check off "Show Hidden Files and Folders".
--
Please respond in the same thread.
Regards, Jim Byrd, MS-MVP
In
