Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.



  • Please log in to reply
1 reply to this topic

#1 focosi


  • Members
  • 1 posts
  • Local time:05:01 PM

Posted 02 May 2005 - 02:43 PM

If your PC starts adding icons to your desktop (about themes such as credit card, cigarettes, pornography, viagra, and casino online) while your Windows bar shows a red cross at right bottom and new IE windows are continuously opened targeting to newgenlookwebpages, you're likely to have found this nasty virus. You'll also note it changes your home page on IE and you cannot set it back ! Very disturbing... Please note it passess scan with the up-to-date Norton Antivirus completely undetected.
Don't panic : you can find the virus and all icon images it easily under your C://Windows/system32/ directory. I strongly recommend you to list file details by date so you can easily track them.
You'll find you can delete the icon images and one of the 2 .dll files, but not the virus itself (param32.dll) : restart, F8 and temporary modality start are required to enter prompt command. Track the file again and delete it using DOS commands ("Del").
Everything will be ok again (I have just tried on my own PC!).
Please let me know if any of you has ever encountered this "virus" (it described itself a spyware, but I'm not so sure it is actually so).
Hope this can help!

Mod Edit: Link removed for the saftey of other members.

Edited by scarlett, 03 May 2005 - 12:15 PM.

BC AdBot (Login to Remove)


#2 Scarlett


    Bleeping Diva

  • Members
  • 7,479 posts
  • Gender:Female
  • Location:As always I'm beside myself ;)
  • Local time:05:01 PM

Posted 03 May 2005 - 12:19 PM

There is also some related info. concerning param32.dll available at these links below.

How to remove the www.jimbutt.com and www.hotoffers.info, Self-Help Guide

hxxp://www.globolook.com/v179/dropper.chm Malware Analysis

Edited by scarlett, 03 May 2005 - 12:23 PM.

Posted Image

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users