IE startup page hijack and delaybuff.dll trojan

A couple of days ago, my IE startup page started being switched to "angelsf***ed.com/se.htm". Resetting the startup would only last for a few minutes before it was switched again. I also noticed extremely slow system startup and freezing during startup at the same time.

A websearch for the symptom turned up a post by 118morpheus in your forum with a hires.dat file that seemed to be related. I renamed that file and the startup page stopped changing for a couple days before a new hires.dat file turned up and the switching began again.

I am going through your recommended cleanup protocol, and at the first scanning step the online trend micro scan found a "trojan small.sb" virus in "C:\winnt\system32\delaybuf.dll". However, it was unable to delete saying that file is in use. This dll file also has a time stamp very close to that of the original hires.dat file. I followed the recommended protocol booting up in safe mode with networking, but can't delete the file.

Any recommendations?

Thanks

 

I hope that you have completed all steps in the READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal and not just a select few.

What is your OS (operating system)??

Please download HijackThis 1.99 read the tutorial in this Sticky thread < Hijack This Tutorial And How To Post Your Log File > then attach it as a file. To do this save the log file and select manage attachments in a new thread to upload it. All running programs should be closed, including your web browser, e-mail, items in the tray, anything you can close... Close before running Hijack This!

Do NOT run Hijack This from the Desktop, a temp folder or choose run from the download. Place it in its own folder, for example C:\Program Files\HJT

I am not that experienced yet in reading the HJT (Hijackthis) log but after you attach it one of the more experienced users will be able to help you further.