I am suffering a res://<random>.dll/<random>.html#<random> browser hijacker.
It keeps pulling down viruses, including:
I have read and followed the advice here, which is excellent and a very valuable resource. However, I had to be pragmatic and make a cost-based decision. Spend 3 days trying to extract this nasty malware (and learn in the process), or wipe the client machine a rebuilt from ghost image. I an not a sysadmin, but I have to look after the computers in a small business.
I went for the rebuild. But, getting to the point:
The user profile which got the browser hijack originally in on a windows server 2003 domain. I believe the server is not compromised. The client machine was toast, so that got rebuilt. Other accounts now work fine on this client machine and all is well.
The infected user account has been quarantined, and instinct tells me to delete it. But in order to justify this action, I'd be grateful of some technical advice.
If I allow this infected account to be used on any client on the network, the chances are it's going to spread the hijacker.
I'd be grateful of any thoughts.
E.g. Is there any hope in salvaging the user account without having to log in with it somewhere in order to run diagnostic tools?
Edited by BFG, 27 June 2004 - 06:08 AM.