[dvk01]

If your browser has been hijacked to drxcount.biz, real-yellow-page.com or list2004.com:
We are working on a fix for this one and drawing near to a solution. This is by far the most sophisticated CWS variant seen to date, and it will take some time before CWShredder will be able to remove it automatically.

So far, the following manual fix should work:
First download FAR explorer from here:

http://www.rarlab.com/far/Far1705.exe

Install it, then start FAR.
Hit Alt-F1 and drive list should come up, go to '0 process list'.

Scroll to Iexplore.exe in the left panel, highlight it and hit F5.
Now go to the right pane of FAR and double click 'iexplore.exe.txt', it should open in notepad.

Look for a file with this size and beginning to it. The filename will always be different:
61C00000 F000 c:\windows\system32\wingn.dll

This part indicates the bad file:
61C00000 F000
It will always start with that header.
Write down the filename behind it.

Now download KillBox:
http://download.broadbandmedic.com/
Unzip and run it.
Paste the filename you wrote down into the white kill line, then hit the red KILL FILE button beside it,then reboot. Once it reboots, make sure the file is gone.

 

[Flrman1]

Thanks DereK :up:

 

[winchester73]

O^E has changed things a little: http://download.broadbandmedic.com/VbStuff/images/Killbox_info.jpg

Same functions as before, but things are in different places now ...

See this link for update information: http://forums.broadbandmedic.com/cgi-bin/ib3/ikonboard.cgi?;act=ST;f=1;t=3

 

[Flrman1]

^^^^

 

[dvk01]

I've edited to account for the changes in killbox

I will keep an eye out as killbox is improving all the time

 

[Flrman1]

^^^^