Red Dragon NZ

This is a persistent b'tard! But, I managed to resolve this issue on a customers Win98 computer in the following way: I installed Ad-Aware 6, SpywareBlaster 3.2, SpyBot S&D 1.3, updated them all and ran the scans/clean outs - but NONE of them removed this little devil permanently! However, they did help me track it down. 1) Spyware Blaster alerted me to the sp.html file being the cause of the about:blank homepage alteration. In the 'Tools' section, it showed the file sp.html as having been inserted as a search page - so I renamed all of these to Google using the 'change' function. (this can also be done in the registry, of course). It also alerted me to the location of the sp.html file in the C:\Windows\Temp folder, so I deleted it from there along with another file that seems to have been generated. 2) I re-ran SpyBot S&D and, in Advanced Mode, had a look at the BHO's listed in SpyBots 'Tools' section. There were two there - SpyBot's own SDhelper.dll and another unnamed and unidentified BHO. Clicking on it revealed the file and its location: ilcam.dll located in the C:\Windows\System folder. I deleted the BHO object from within SpyBot 3) Of course, trying to delete the source file in Windows was impossible as it was 'in use', so I rebooted into DOS and deleted it using the command line. And then the home page was no longer hijacked 3 seconds after you launched Internet Explorer So far, three days later, the customer has not got back to me so I assume that all is still well. I guess that this .dll file may come in various names - but having a search for this particular file may be of help. Also, of course, where sp.html and ilcam.dll may be located in a Windows XP environment may be slightly different, ie in the usernametemp folder and in C:\Windows\System32. But in principle, this method should work. Look forward to some feedback on variations of this BHO as it is the most persistent piece of spyware that I have yet encountered. And all the more irritating as it presents itself as advertising for anti-spyware software! Clearly, its origins are from one of the many bogus anti-spyware software programs that have sprung up of late - if anyone finds out which one, please let me know. Christopher http://www.red-dragon.net.nz