I would like to report a Firefox hijacker that I have been fighting for several months now. This little nasty uses Firefox to hijack IE to display spam on your computer. It was installed in /windows/system. It only hijacks Firefox. I could leave IE running all day and no popups would appear. It also was constantly updating an ini file: nwidb.ini (anagram).

I scanned my computer with Avast anti-virus, Spybot, Ad-Aware, and Hijack-this. Nothing seemed to be able to find the root problem. TeaTimer and the virus scanner were able to keep the hijacker at bay by preventing regitry changes and stopping trojans.

Today I just got sick of the problem and stared searching for files that had changed in the last 24hours. bdiwn.dll was the only one I could not delete. I googled the file and got zero hits. I was amazed ZERO hits. Thats when I knew I had found the source of my headaches.

Windows safemode would not let me delete the file. I tried removing the references from the registry but they just came back after each re-boot. So finally I booted up on a Windows XP boot CD and was able to delete the dll from the restore feature. With the dll was gone I was able to clean out the references from the registry. Once the bdiwn.dll was gone, all my hijackings went away.

I have a copy of the dll if Spybot would like to analyze the file

I hope this helps someone else.