Help with BHO removal

IOStream, while it is nice to try to help, please do not just guess. There are 1000's of BHO's out there. Some good some bad. Just point to random link that has nothing to do with Fishhead's problem will not help.

First we need to identify the BHO. But before we even do that, procedures must be followed.


Fishhead,

Please follow all the steps in this Sticky thread < READ ME FIRST: Basic Spyware, Trojan And Virus Removal > If you already have any of the programs linked in the tutorial please double check your version to make sure you have the latest one and that you have any/all updates for the programs.

NOTE: In order to resolve the issues you are having it is very important that you at least try to perform all the steps as outlined. If you have any difficulty please post back letting us know what steps you have completed, what you found while doing the scans if anything and details about any problems you have encountered in completing the steps. The more details you can provide the better.

After following those steps, let me know if you still have a problem and we will see how to proceed. It may be that a HijackThis log will be needed but I will tell you when I want that.

You can read up on HJT posting requirements too. Read the tutorial in this Sticky thread < Hijack This Tutorial And How To Post Your Log File > Do not post a HijackThis log until we ask you to and when we do it must be text document attachment to your message.

Update! Due to Hijack This logs destroying search engine and web site searches, we now ask you do not post your Hijack This log file unless requested by us. It is for advanced users, so if you do not understand how to use it, you do not need it....yet. Instead, please tell us in your post what symptoms you are experiencing so we can try and resolve it that way. When, and if, we ask you to post your log file, please attach it as a file. To do this save the log file and select manage attachments in a new thread to upload it. All running programs should be closed, including your web browser, e-mail, items in the tray, anything you can close... Close before running Hijack This!


Do NOT run Hijack This from the Desktop, a temp folder or choose run from the download. Place it in its own folder, for example C:\Program Files\HJT

 

You have the either the HSA or About:Blank hijacker. The NSS is not a normal process that should be running. You can try just running About:Buster as indicated on the Readme First link I gave you but it may or may not work to completely remove this. If that is the case, my Generic Solution thread my help:
http://forums.majorgeeks.com/showthread.php?t=38772

 

Glenn,

About:Blank and HSA hijacks cannot be fixed too easily. As part of the Generic Solution I point to, system restore (for WinMe or XP) is disabled in the first step. But the "remove the bug" part is not so simple as you will see by looking at the link I gave.

 

No problem! It's good to learn! You never know when you may need to use some of these procedures.