Last updated 14/05/2005
Copyright © 1999 - 2004, Sandra Hardmeier, All Rights Reserved Worldwide

Spyware Home Page

Internet Explorer hijacked by www.whazit.com.  BHODemon should get rid of a lot of it - run that, disable the DLLs it finds,  then reboot.

 

Causes the error:  {run time error "9" Subscript out of range}in a popup window with the title WHAIMAGER.
 

There will be an entry in Control Panel, Add/Remove Programs.

 

Whazit installs some/all of the following files:

 

wanobsi.exe, msbb.exe, bho.dll, qogjuosk.dll, rgjwoyfh.dll, newones.dll, whattt.dll - rename all (deleting after testing your computer for a while).

 

Delete the following registry keys:

 

{D5B72AED-E54A-11D6-B1B2-444553540000} pointing to QOGJUOSK.dll

{D5B72AED-E54A-11D6-B1B2-444553540000} pointing to bho.dll

{C9176930-9C9F-4cba-9723-0F58C3E7CED6} pointing to RGJWOYFH.dll

HKEY_CURRENT_USER\Software\180solutions
HKEY_LOCAL_MACHINE\SOFTWARE\wms

 

Search for, export and delete any keys referring to:

 

whazit, whaimage or whareder;

all files mentioned above (wanobsi.exe, msbb.exe etc)

 

Reboot and rename (deleting after testing your computer for a while):

 

c:\WINDOWS\fiz1
c:\WINDOWS\kyf.dat
c:\WINDOWS\msbb.exe
c:\WINDOWS\ncmyb.dll
c:\WINDOWS\WANOBSI.exe
c:\WINDOWS\cards.ico
Desktop\Riviera Gold Casino!.url
C:\WINDOWS\FLEOK

 

Reboot and reset your search engine as per this link.