Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Res://shdochta.d11/blank.html


  • Please log in to reply
4 replies to this topic

#1 barns1

barns1

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:48 PM

Posted 22 March 2006 - 12:11 PM

I'm fairly new to computers, kinda know my way around, but can't get rid of this on my home page. Normally had "my yahoo" on it. Downloaded Spybot S & D and ran that which did take care of some other problems, but the above is still there. Any help would be great. Thank you.

Edited by barns1, 22 March 2006 - 12:15 PM.


BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,608 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:48 PM

Posted 22 March 2006 - 02:52 PM

Sounds like a browser hijack. Try this.

Download and scan with CWShredder. - zipped version.
Stand-alone Exe
Stand-alone Exe
1. Double-click on cwshredder.exe to start the program.
2. Click the "Check for Update" button to ensure you have the latest version.
3. Click the "Fix" button (not "Scan Only").
4. Let it run completely and fix whatever if finds.
5. When the scan is completed and all files are removed, close the program.

Download and run About:Buster.
About:Buster Tutorial (recommended to run in "Safe Mode")

Note: If you receive any error messages please open the readme file in the AboutBuster folder and follow the directions provided for correcting that error.

Download Ad-Aware SE Personal and install it. If you already have Ad-Aware SE, please configure it as indicated below here. If you have a previous version, please uninstall it and install the newest version SE 1.06.

Post back if your still having problems afterwards.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:04:48 AM

Posted 22 March 2006 - 03:02 PM

Don't know whether you saw this Russ, but i think the user replaced the l's in .dll with 1's.

I think we are dealing with the following error:
Res://shdochta.d11/blank.html

I think it comes with this in the HijackThis log:
O4 - HKLM\..\Run: [SHHTA] C:\WINDOWS\system32\shdochta.exe

I saw this page here:
http://www.virus-protect.org/artikel/spyware/delf.html

...and saw that HJT entry listed as the windelf trojan....
We might try win32delfkil.exe if quietmann's instructions do not fix that problem.

David

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,608 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:48 PM

Posted 22 March 2006 - 05:04 PM

These two (q1905171.dll, q632281.dll) were definitely windelf but I don't recognize shdochta.exe and its not on my list here: http://castlecops.com/t144205-.html (don't know if you have access to that forum.

I had found this entry.
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://C:\WINDOWS\system32\shdochta.dll/shdocHTA.htm#security;dll;x32;
http://www.antispywareoffensief.nl/forum/s...ead.php?t=12886
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:04:48 AM

Posted 22 March 2006 - 05:14 PM

Good catch. Well i'm just compiling possible causes as there is limited info on the problem. I'll be interested to see how this pans out.
David




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users