0

Hey notryt ,

I had the same thing and I managed to get rid of it. Here's what I did (on Windows 98 SE):

* Install and Run Spyware Guard
* Navigate to C:\Windows\System32 (possibly C:\Windows\System if in Windows XP)
* I deleted any Programs that look like they "shouldn't" be there. They all had icons for the files and ones I had were labelled "Britney Spears", "Monster C*cks" and things to that affect. There must have been about 10 files in all.
* In the same directory, there was also a file called param.dll (or something to that effect - I deleted before noting down what it was but it was the only *.dll file in that directory). If you try and delete it in Windows, it won't let you saying that it is being used.
* I then went into "pure" DOS mode (if you're using a Windows XP, try a Windows 98 SE Boot Disk - You can get one from www.bootdisk.com)
* Once in DOS mode, I navigated to the directory in DOS and typed "attrib -r -a -s -h" to remove any file permissions and then deleted the file manually using "del param.dll" (if that was the file name)
* After this, I rebooted the machine, went to Internet Options and changed the default homepage (a note from Spyguard popped up asking me if I was sure and said "Keep Value".

...and I haven't had any problems since.

I hope that helps. If you not sure or you're having trouble, feel free to drop me a line and I'll see if I can walk you through it in more detail.

tav

hey yer basically i got this special goods info virus on my computer , ive found the param file but as u say u cnt delete from system folder , im not a computer whizz atall so i dnt actually no how to navigate in DOS. i have windows xp and i downloaded a boot disk from the website. could please send a message back talking me throught the process literally step by step , thank u very much
angelus

2
Contributors
1
Reply
2
Views
12 Years
Discussion Span
Last Post by dlh6213
0

Hi angelus88, welcome to DaniWeb :D

I've split your post into a new thread to prevent confusion with the other one.

Get the Pocket Killbox from here:
http://bleepingcomputer.com/files/spyware/KillBox.zip

Unzip the file to your desktop.

Go offline until this is completed (you may wish to print these instructions).

Boot into Safe Mode and do a search for these files and delete any instances found:

param32.dll
guninst.exe
popup_bl.dll
systr.dll
svrhost.exe

If any could not be deleted, (most likely param32.dll), run Pocket Killbox and paste the full file path of file in the box and click on Delete on Reboot. Click on the button with the red circle and an X in the middle; you will get a message saying File will be deleted on next reboot, Process and Reboot now?, Click Yes to reboot (normal reboot, not Safe Mode). Note: the 'file path' will be something like C:\WINDOWS\System32\param32.dll

Delete any unwanted icons from your desktop (icons you didn't put there).

Empty your Recycle Bin.

Get the self-extracting version of HijackThis from here (in line 2):
http://www.malwareremoval.com/downloads.html

Close any open browser windows, 'Scan and Save Log' with hijackthis, copy the log, and paste it here in this thread. (See this thread before posting the log -- http://www.daniweb.com/techtalkforums/thread24085.html)

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.