Computer Help and Spyware Removal Computer Help and Spyware Removal Computer Help and Spyware Removal Computer Help Forums Windows Startup Programs Database Virus, Spyware, and Malware Removal Guides Computer Tutorials Uninstall Database File Database Computer Glossary Computer Resources
 

Welcome Guest ( Log In | Click here to Register a free account now! )



Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

> How to use the self-help guides

This forum contains self-help guides on removing common malware and viruses. These guides can be advanced so please use them at your own risk.

If after following the self-help guide, or you can not find an appropriate guide, then you can receive step-by-step instructions directly from one of our experts by following the instructions in this topic: Preparation Guide For Use Before Posting A Hijackthis Log

 
Reply to this topicStart new topic
> How To Remove Www.jimbutt.com / Systr.dll / Param32.dll, Self-Help Guide
Grinler
post Apr 5 2005, 12:13 PM
Post #1


Bleep Bleep!
******

Group: Admin
Posts: 31,509
Joined: 24-January 04
From: USA
Member No.: 3

How to remove the www.jimbutt.com start page


What this infection does:
  • Changes your Internet Explorer start page to http:://www.jimbutt.com/stuffs/ or http:://www.hotoffers.info/179/
  • Delivers popups
Tools Needed for this fix: Related Tutorials: Symptoms in a HijackThis Log (Will be different file names):

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = -http:://www.jimbutt.com/stuffs/

Removal Instructions:


Manual Removal:
  1. Print out these instructions as you should not start Internet Explorer until they are completed.

  2. Download Killbox from the above and link and extract it to c:\killbox

  3. Navigate to the c:\killbox directory and double-click on Killbox.exe

  4. When it is open enter c:\windows\system32\systr.dll, or c:\windows\system\systr.dll if you are using Windows 95/98/ME, into the field labeled Full path of file to delete. This infection has recently morphed, so if the previously mentioned file does not exist, killbox param32.dll instead. They will be in the same directories.

  5. Select the Delete on reboot option.

  6. Then press the button that looks like a red circle with a white X in it. When it asks if you would like to reboot, allow it to do so.

  7. When your computer has rebooted and your back at your desktop, download HijackThis from the above link and extract it to c:\hijackthis.

  8. Navigate to the c:\hijackthis directory and double-click on HijackThis

  9. Run HijackThis and press the Scan button.

  10. Put a checkmark next to the following entries:

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http:://www.jimbutt.com/stuffs/

  11. Once those entries are checked, press the Fix button.

  12. Exit HijackThis.

  13. In this step we are going to clean out your temp files. Click on Start and then run, and type %temp% and press the ok button.

    This should open up the temp directory that your machine uses. Please delete all files that are found there. If you get an error when deleting a file, skip that file and delete all the others. If you had trouble deleting a file, reboot into Safe Mode and follow this step again. You should now be able to delete all the files.

  14. Disable and reenable System restore using the instructions found here:

    Windows XP System Restore Guide

    Managing Windows Millenium System Restore

  15. Reboot your computer
Now your computer should no longer be infected with the Jimbutt or Hotoffers infection. You should read and follow the instructions found in the following tutorial: Simple and easy ways to keep your computer safe and secure on the Internet


This is a self-help guide. Use at your own risk.



BleepingComputer.com can not be held responsible for problems that may occur by using this information. If you would like help with any of these fixes, you can post a HijackThis log in our HijackThis Logs and Analysis forum.

If you have any questions about this self-help guide then please post those questions in our AntiVirus, Firewall and Privacy Products and Protection Methods forum and someone will help you.


--------------------
Lawrence
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Go to the top of the page
 
+Quote Post
« Next Oldest · Spyware and Malware Removal Guides and Reading Room · Next Newest »
 

Reply to this topicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Lo-Fi Version Time is now: 8th November 2009 - 11:16 AM


Advertise   |   About Us   |   Terms of Use   |   Privacy Policy   |   Contact Us   |   Site Map   |   Chat   |   Tutorials   |   Uninstall List
Discussion Forums   |   The Computer Glossary   |   Resources   |   RSS Feeds   |   Startups   |   The File Database   |   Virus Removal Guides

© 2003-2009 All Rights Reserved Bleeping Computer LLC.

Powered By IP.Board © 2009  IPS, Inc.