Copyright © 1999 - 2006, Sandra Hardmeier, All Rights Reserved Worldwide
Last updated 20/08/2006

Internet Explorer hijacked by www.whazit.com.  BHODemon should get rid of a lot of it - run that, disable the DLLs it finds,  then reboot.

Causes the error:  {run time error "9" Subscript out of range}in a popup window with the title WHAIMAGER.
 

There will be an entry in Control Panel, Add/Remove Programs.

Whazit installs some/all of the following files:

wanobsi.exe, msbb.exe, bho.dll, qogjuosk.dll, rgjwoyfh.dll, newones.dll, whattt.dll - rename all (deleting after testing your computer for a while).

Delete the following registry keys:

{D5B72AED-E54A-11D6-B1B2-444553540000} pointing to QOGJUOSK.dll

{D5B72AED-E54A-11D6-B1B2-444553540000} pointing to bho.dll

{C9176930-9C9F-4cba-9723-0F58C3E7CED6} pointing to RGJWOYFH.dll

HKEY_CURRENT_USER\Software\180solutions
HKEY_LOCAL_MACHINE\SOFTWARE\wms

Search for, export and delete any keys referring to:

whazit, whaimage or whareder;

all files mentioned above (wanobsi.exe, msbb.exe etc)

Reboot and rename (deleting after testing your computer for a while):

c:\WINDOWS\fiz1
c:\WINDOWS\kyf.dat
c:\WINDOWS\msbb.exe
c:\WINDOWS\ncmyb.dll
c:\WINDOWS\WANOBSI.exe
c:\WINDOWS\cards.ico
Desktop\Riviera Gold Casino!.url
C:\WINDOWS\FLEOK

Reboot and reset your search engine as per this link.