Some new developments have arisen since posting my previous message.
WinPatrol keeps popping up and trying to delete d3lx.dll and DeskAdServ.exe.
Sometimes it also tries to delete atlgw32.exe. I always tell it to delete
them. I hope this means that we can narrow down the problem to those files.
If I try to go into IE6 *right after* WinPatrol tries to delete the
programs, then I have a glorious "about:blank" screen without the hijacked
material. A few seconds later the obnoxious hijacked opening screen
reappears.
I am now receiving frequent error reports for IE6 and Outlook Express (the
program has encountered a problem and must close...).
David Grossman
----- Original Message -----
From: "David Grossman" <[log in to unmask]>
To: <[log in to unmask]>
Sent: Wednesday, January 12, 2005 6:13 AM
Subject: Hijacked browser
> My browser (IE6) has been hijacked.
>
> Ad-Aware 6 gave it a clean slate, but only after running it several times
> both in normal mode and in Safe mode.
>
> SpyBot Search and Destroy shows DSO Exploit that keeps coming back. It
says
> that it is removed, and then it returns.
>
> WinPatrol found programs that keep coming back. It keeps removing them,
yet
> they keep returning. The programs that keep returning are
> c:\windows\d3lx.dll; c:\program files\Desk Ad Service\DeskAdServ.exe;
> Syslog32.exe (no path is indicated); c:\windows\system32\atlgw32.exe. It
> reports a hijacked home page as res://c:\windows\ajtoe.dll\ssp.html#12345
>
> All of these programs were updated today.
>
> I also get a message that I have to put in my Windows XP CD since some
files
> have been replaced. When I do so, it gives me the usual opening screen for
> Windows XP. Apparently it does not replace the files, and it asks for the
CD
> the next time I reboot.
>
> The computer is an Intel 2.4 GHz, 512MB, 80 MB hard drive with a dialup
> connection. I am using Windows XP without the service pack.
>
> Since these programs have not been able to remove the problem, is there
> another program that can do it?
>
> David Grossman
>
>
Do you want to signoff PCSOFT or just change to
Digest mode - visit our web site:
http://freepctech.com/pcsoft.shtml
|