Alg32 browser hijack

[webtalk]

Hello,

Has anyone seen and fixed a browser hijack (coolweb variant) which changes
the opening page to "default:blank" un-noticed by Antispyware. However the
browser on opening shows its destination as "shdoclc.dll/navcancl.htm"

2 files seem to drive it

Alg32.exe and Spoolsvu.exe.

Deleting these in safemode is possible only to see them reinstall the next
time the browser is started.

Antispyware does not pick this up and neither does Adaware.

HijackThis does not show up any anomalies on the registry.

Are there any suggestion anyone can make.

Kind regards and thanks

 

[webtalk]

I should add I have already done the "Boot into Safe Mode (F8) at startup;
Empty your temporary files AND your Temporary Internet Files C:\Documents
and Settings\Username\Local Settings\Temporary Internet Files folder ;
Run the scan while in safe mode;
If you are running SP2, open IE--->Tools--->Manage Add-ons, and uncheck any
BHO's that you don't recognize."

I also ran Adaware in safe mode.

So any suggestions are greatly appreciated.


Thank you for any assistance

John

 

[webtalk]

Just to let you know that I fixed it.

See Trojan.StartPage.K @ Symantec.

Kind regards and thank you to anyone who was putting their minds to this.

I should add I have already done the "Boot into Safe Mode (F8) at startup;
Empty your temporary files AND your Temporary Internet Files C:\Documents
and Settings\Username\Local Settings\Temporary Internet Files folder ;
Run the scan while in safe mode;
If you are running SP2, open IE--->Tools--->Manage Add-ons, and uncheck any
BHO's that you don't recognize."

I also ran Adaware in safe mode.

So any suggestions are greatly appreciated.


Thank you for any assistance

John

 

[Ron Chamberlin]

Hi John,

Good workout for you eh? Glad you got it squared away!

Ron Chamberlin
MS-MVP

Just to let you know that I fixed it.

See Trojan.StartPage.K @ Symantec.

Kind regards and thank you to anyone who was putting their minds to this.