browser possessed: res:shdoclc.dll/dnserror.htm

  • Thread starter Thread starter Keith J
  • Start date Start date
K

Keith J

My browser defaults to the following home page, even
though I manually select a different home page:
C:\WINDOWS\SYSTEM32\hp.uti

When I type over the above address with something like:
http://www.yahoo.com the browser refreshes but changes
the address to res:shdoclc.dll/dnserror.htm and the "The
page cannot be displayed" screen appears.

My system: Windows XP home edition, Norton Anti-Virus
2004 installed and enabled, Norton Firewall and Internet
Security 2004 installed and enabled, 1GB processor, 512Mb
RAM, 20GB+ avail hard drive space. I am connected via
ethernet directly into the cable/modem - Motorola
SBG900...the Motorla set-up software indicates the
ethernet connection is fine. Adelphia, the service
provider indicates that their local server is up and
working fine (100 customers on my local server, but I'm
the only one who can't get on-line).

I have done several full-system scans using the Norton
Anti-virus software, but only 6 "at-risk" files are found
and Norton does not recommend deleting them.

Anyone recognize this problem?
Thanks
 
Hi Keith :-)

This is what you have -

SHDOCLC.DLL
shdoclc.dll/dnserror.htm - malware
http://www.generation.net/~hleboeuf/shdoclc.htm

Here is how you should remove it -

Download and install, then you *MUST* update the programs prior to running
to be sure they have the latest definitions, then run the programs below.
They are free and very effective. Be sure to run both SpyBot and Adaware,
as what one does not detect the other may. It is important that you do all
the steps and follow all directions carefully:

#########IMPORTANT#########
Before you try to remove spyware using any of the programs below, download a
copy of LSPFIX from any of the following sites:

http://www.cexx.org/lspfix.htm
http://www.spychecker.com/program/winsockxpfix.html (if your OS is Win2k or
XP) The process of removing certain malware may kill your internet
connection. If this should occur, this program, LSPFIX, will enable you to
regain your connection.
#########IMPORTANT#########

Also, get a copy of WINSOCKFIX available at:
http://www.spychecker.com/program/winsockxpfix.html

It is important that you run the programs in the order that they are listed
here. The first three programs will clear your machine of all other items so
that you can have a clear HiJackThis Log for the experts to read and analyze
for you.

(NOTE: If you can not download these programs from the Internet, if your PC
has CD read capabilities, go to another computer with CD-ROM burning
capabilities. Create a folder on the hard drive of the other computer called
HOLD, download the programs to that folder, then burn that folder to a CD.
Copy the HOLD folder to your HD and then install the programs from there
and run them. After you have IE access again, update all programs where
possible to get the latest definitions and run them again to be sure there
are no lingering items on the system.

IMPROTANT!! -
RUN ALL PROGRAMS OFF LINE IN SAFE MODE AND SHOW HIDDEN FILES. THEN REBOOT
AND RUN THEM AGAIN TO BE SURE ALL FILES ARE ACCESSED, DELETING ALL ITEMS
DISPLAYED IN RED IN SPYBOT.

HOW TO Restart in Safe Mode
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406

HOW TO Enable Hidden Files
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2002092715262339

CWShredder: Free
http://tinyurl.com/2l9kl

SpyBot Search & Destroy: Free
http://download.com.com/3000-8022-10289035.html?tag=lst-0-2

AdAware: Free
http://www.lavasoftusa.com/support/download/
HOW TO: Reconfigure Ad-aware for a Full Scan
http://forum.aumha.org/viewtopic.php?t=5877

HiJackThis:

Unzip the Download file in a NEW FOLDER that you can create before you start
the download.
DO NOT install in your Desktop folder.
DO NOT use any of the TEMP folders that are presently in your computer.
Double-click "HijackThis.exe" and Press "Scan".

Go to:
http://computercops.biz/downloads-cat-14.html ,
or
http://www.aumha.org/a/parasite.php#hjt
(If you get a 404 error or Access denied, try:
http://216.180.252.218/~spywareinfo.com/downloads/tools/hijackthis.zip)

and download HiJackThis to the new folder. Unzip to a folder other than your
Desktop or the Temp folder, doubleclick HiJackThis.exe, and hit "Scan".

When the scan is finished, the "Scan" button will change into a "Save Log"
button. Press that, save the log some place you remember where it is.
Most of what it lists will be harmless or even required, so DO NOT fix
anything yet.

Open the copy of your log in NotePad and make a copy. Then you can go to one
of the following to post your log:

Spyware and Hijackware Removal Support, here:
http://216.180.233.162/~swicom/forums/

or Net-Integration here:
http://www.net-integration.net/cgi-...86d536d57b5f65b6e40c55365e;act=ST;f=27;t=6949

or Tom Coyote here:
http://forums.tomcoyote.org/index.php?act=idx


<<DO NOT POST YOUR LOG FILE TO THIS NEWSGROUP>>

You will need to register to open a new thread to post you log. It is free,
and no one will Spam you, it is one of many that provides this service. Once
registered, go to the HiJackThis section on the forum list and click to
open. Then start a new post and post your log. The experts there will
analyze the log and report back the results. Please allow at least a few
hours or a days time for a response, depending on when you post the log

Remember, you must return to the HJT site to get your answer. It is a good
idea to click the "Notify" box so that you will get an electronic
notification by e-mail to let you know when a response has been posted.
But, you must still return to the site of your answer

HJT Tutorial
http://www.bleepingcomputer.com/forums/index.php?showtutorial=42


Hope this helps.

Jan :)

Smiles are meant to be shared,
that's why they're so contagious.

Please reply to the newsgroup so others may benefit.
Replies are posted only to the newsgroup for the benefit or other readers.

How to make a good newsgroup post:
http://www.dts-l.org/goodpost.htm
http://home.satx.rr.com/badour/html/post.html
 
Keith -

Try this method as posted below:

This has been a very vexing problem for some time now, and most recent
research into it seems to indicate that running Ad-Aware with the latest
updates *should* fix it.

Ad-Aware
http://www.lavasoftusa.com/support/download/
Ad-Aware Tutorial
http://www.bleepingcomputer.com/forums/index.php?showtutorial=48

Install Ad-Aware, and then search for updates using the GUI updates button.
Most recent reference file is
01R329 06.07.2004 Run the program, and have it clean whatever it finds (an
exception may be Alexa related links; that's entirely up to you).

Run it a second time, and also try a scan in safe-mode as well.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Below is a copy and paste, courtesy of Jim Byrd MS-MVP:
<paste>

<http://forums.spywareinfo.com/index.php?showtopic=7447>
<http://forums.spywareinfo.com/index.php?showtopic=7261>
<http://forums.spywareinfo.com/index.php?showtopic=7281>

Then from merijn, here: <http://www.spywareinfo.com/~merijn/index.html>

Lastly, there is this:
http://zerosrealm.com/index.php?page=dllfix (Read very carefully!)
</paste>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Another tool which has shown itself to be somewhat effective is CWShredder
from Merijn
http://www.spywareinfo.com/~merijn/cwschronicles.html

CWShredder
http://www.spywareinfo.com/~merijn/downloads.html
CWShredder Tutorial
http://www.bleepingcomputer.com/forums/index.php?showtutorial=47

Hope this helps to remedy your woes.
--

LuckyStrike
(e-mail address removed)

How to make a good newsgroup post:
http://www.dts-l.org/goodpost.htm
http://home.satx.rr.com/badour/html/post.html
--------------------------------------------------------------------
 
Back
Top