Results 1 to 4 of 4

Thread: Firefox hijacker bdiwn.dll

  1. #1
    Junior Member
    Join Date
    Jan 2007
    Posts
    2

    Default Firefox hijacker bdiwn.dll

    I would like to report a Firefox hijacker that I have been fighting for several months now. This little nasty uses Firefox to hijack IE to display spam on your computer. It was installed in /windows/system. It only hijacks Firefox. I could leave IE running all day and no popups would appear. It also was constantly updating an ini file: nwidb.ini (anagram).

    I scanned my computer with Avast anti-virus, Spybot, Ad-Aware, and Hijack-this. Nothing seemed to be able to find the root problem. TeaTimer and the virus scanner were able to keep the hijacker at bay by preventing regitry changes and stopping trojans.

    Today I just got sick of the problem and stared searching for files that had changed in the last 24hours. bdiwn.dll was the only one I could not delete. I googled the file and got zero hits. I was amazed ZERO hits. Thats when I knew I had found the source of my headaches.

    Windows safemode would not let me delete the file. I tried removing the references from the registry but they just came back after each re-boot. So finally I booted up on a Windows XP boot CD and was able to delete the dll from the restore feature. With the dll was gone I was able to clean out the references from the registry. Once the bdiwn.dll was gone, all my hijackings went away.

    I have a copy of the dll if Spybot would like to analyze the file

    I hope this helps someone else.

  2. #2
    Security Expert-Emeritus
    Join Date
    Oct 2005
    Posts
    5,025

    Default

    Hello

    Please zip up a copy and send to both myself and Team SpyBot
    Send to submitlonnyATsubratam.org
    Replace AT with @ , include a link back to this thread.
    and
    detectionsatspybot.info

    Thanks
    ~~~~~~~~~~~~~~~~~~~~~~~
    Microsoft MVP Windows-Security 2006

  3. #3
    Junior Member
    Join Date
    Jan 2007
    Posts
    2

    Default

    Another forum suggested I submit the file to totalvirus.com. I got a hit with 25% of the scanners. I have sent the email you requested.

    Thanks

  4. #4
    Security Expert-Emeritus
    Join Date
    Oct 2005
    Posts
    5,025

    Default

    Thanks for sending that Vundo file
    So hows your PC running now, any problems ?
    ~~~~~~~~~~~~~~~~~~~~~~~
    Microsoft MVP Windows-Security 2006

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •