Archived from groups: microsoft.public.windowsxp.help_and_support (
More info?)
Moir wrote:
> Thanks Carey for all those suggestions. BUT, I have updated and run
> Ad-aware, also Spybot Search and Destroy, neither of which have
removed the
> offending files/folders. I have updated and run my antivirus program
eTrust
> ezAntivirus and I still have the hijacker! I have also run HiJack
This which
> shows the browser hijacker but does not let you delete the item. All
of
> these have been run in Safe Mode. Any more ideas appreciated -
thanks.
>
Here's how to get rid of it: Go to your C disk, and access system32 in
Windows. You'll find a thing there called param32.dll -- that's the
bad guy.
Note the date and time when it installed itself. Then delete all the
files that installed at the same time as param. Param32.dll won't
delete on demand like the other programs will. You will need to go
into safemode to remove it.
Then check your other files to get rid of the hotoffers icons, and
clear your desktop of all the hotoffers shortcuts by tossing them in
the recycle bin.
Before you get back on line,you will need to reset the homepage on your
browser or it will open a page that will dump Hotoffers on your hard
drive again.
Hotoffers also affects Mozilla, so if you have their browser, you will
need to reset the home page on it offline as well.