Re: Internet Explorer has been hijacked by "About:Blank"
Brian Mullan
07-09-2005, 11:13 PM
Thankyou very much,I had tried everything,tech support etc.I received 75
Trojan Horses and Bloodhounds yesterday.None of the various spywares helped
but following your instructions everything is great,a big relief.
Many Thanks Brian Mullan
"H Leboeuf" wrote:
> You have some parasites in your computer. The new version of AdAware may be
> the only tool you will need. If not then get them all and clean your
> computer.
>
> Try this: Tools > Internet Options > Advanced > Browsing
> Uncheck the Enable 3rd party browser extensions
>
> If this clears your problem then find out who the culprit(s) is/are with
> these tools.
>
> Let AD-Aware Scan your system for advertising Spyware
> http://www.lavasoftusa.com
>
> If you use a HOSTS file, beware of this new issue.
> Ad-Aware has decided to include a new detection when scanning the HOSTS
> file. This now creates a "Bad hosts file entry" in the log file generated at
> the end of a scan. The best thing to do is to place a check in each entry,
> right-click and select: "Add selection to ignorelist". Otherwise if you let
> AWW "fix" these items it will trash the HOSTS file! Even if you have it
> "locked" by [example] SpywareBlaster or Winpatrol. It does not return the
> attributes and renames the HOSTS file incorrectly to hosts.
>
> and:
>
> SpyBot-S&D
> http://security.kolla.de/
>
> p.s Reset the 3rd party browser setting.
>
> More: This may be caused by a third-party program (adware, spyware,
> parasite).
> Get AdAware and SpyBot and run them both. Keep them up to date.
> Dealing with Unwanted Spyware, Parasites, Toolbars and Search Engines
> http://mvps.org/winhelp2002/unwanted.htm
>
> Additional link:
> http://aumha.org/a/quickfix.htm
>
> You may need this removal tool.
> More: Complete list by variant with up-to-date information.
> http://www.spywareinfo.com/~merijn/cwschronicles.html
> More: Removal tool: http://www.spywareinfo.com/~merijn/files/CWShredder.exe
>
> CWShredder - Tutorial
> http://www.bleepingcomputer.com/forums/index.php?showtutorial=47
>
> IMPORTANT:
> Before trying to remove spyware, download a copy of LSPFIX from
> the URL below - some malware may kill your internet connection when it is
> removed, this program will enable you to regain your connection.
> http://www.cexx.org/lspfix.htm
> http://www.spychecker.com/program/winsockxpfix.html (if your OS is Win2k or
> XP)
>
>
> Important: "So how did I get infected in the first place?"
> http://forums.net-integration.net/index.php?showtopic=3051
>
> --
>
> Henri Leboeuf
> Web page: http://www.colba.net/~hlebo49/index.htm
> ===
> "KMB" <KMB@discussions.microsoft.com> wrote in message
> news:FC51CDDF-FE38-4E59-A5D5-586BD083D612@microsoft.com...
> > I added "about:blank" to the restricted list - don't know if it worked. I
> found the following in my trusted sites.
> > http://*.63.219.181.7
> > I didn't put it there, I don't know what it is and when I remove it, it
> comes back. Think it's related to about:blank?
> > Thanks for any help...KMB
> >
> > "Courtney" wrote:
> >
> > > Sam wrote:
> > > > Here are some other methods that may assist.
> > > >
> > > > http://www.securiteam.com/securityreviews/5RP0L0UD5U.html
> > > >
> > > > http://www.softwarepatch.com/tips/about-blank-adware.html
> > > >
> > > > Sam
> > > > "Lloyd Wolf" <lloyd.wolf@wolfconsulting.com> wrote in message
> > > > news:ODo%23t6RaEHA.3016@tk2msftngp13.phx.gbl...
> > > >
> > > >>Hello. Looking for a little help....
> > > >>
> > > >>I have a customer running Internet Explorer v6, on a computer running
> > > >>Windows 2000 Professional.
> > > >>
> > > >>Internet Explorer has been hijacked by "About:Blank"
> > > >>
> > > >>We have run the Ad-aware 6 and also Spybot Search & Destroy software.
> > > >>Neither one seems to be able to get rid of "About:Blank" permanently.
> > > >>
> > > >>Doing a Google search, I have seen lots of people having lots of
> problems
> > > >>with this one.
> > > >>
> > > >>Does anyone have a solid solution for getting rid of the "About:Blank"
> > > >>hijacker ?
> > > >>
> > > >>Thanks in advance.
> > > >>
> > > >>Lloyd Wolf
> > > >>Wolf Consulting, Inc.
> > > >>
> > > >>
> > > >
> > > >
> > > >
> > > Tools/Internet Options/Security/Restricted Sites.
> > >
> > > Add "about:blank" to the restricted list.
> > >
> > > courtney sends....
> > >
>
>
TammyM
07-09-2005, 11:13 PM
I worked most of this past weekend trying to get rid of about:blank, internet
optimizer and "abetterinternet." I used xoftspy and though it reported that
it removed everything (132 various baddies!), about:blank persisted, and now
I cannot use Internet Explorer at all! when I type in a url, it just sends
me a page error. I'm about at the end of my rope, and am considering a clean
install of the OS after backing up all of my data. Short of that, anyone
have any other suggestions?????
"Brian Mullan" wrote:
> Thankyou very much,I had tried everything,tech support etc.I received 75
> Trojan Horses and Bloodhounds yesterday.None of the various spywares helped
> but following your instructions everything is great,a big relief.
> Many Thanks Brian Mullan
>
> "H Leboeuf" wrote:
>
> > You have some parasites in your computer. The new version of AdAware may be
> > the only tool you will need. If not then get them all and clean your
> > computer.
> >
> > Try this: Tools > Internet Options > Advanced > Browsing
> > Uncheck the Enable 3rd party browser extensions
> >
> > If this clears your problem then find out who the culprit(s) is/are with
> > these tools.
> >
> > Let AD-Aware Scan your system for advertising Spyware
> > http://www.lavasoftusa.com
> >
> > If you use a HOSTS file, beware of this new issue.
> > Ad-Aware has decided to include a new detection when scanning the HOSTS
> > file. This now creates a "Bad hosts file entry" in the log file generated at
> > the end of a scan. The best thing to do is to place a check in each entry,
> > right-click and select: "Add selection to ignorelist". Otherwise if you let
> > AWW "fix" these items it will trash the HOSTS file! Even if you have it
> > "locked" by [example] SpywareBlaster or Winpatrol. It does not return the
> > attributes and renames the HOSTS file incorrectly to hosts.
> >
> > and:
> >
> > SpyBot-S&D
> > http://security.kolla.de/
> >
> > p.s Reset the 3rd party browser setting.
> >
> > More: This may be caused by a third-party program (adware, spyware,
> > parasite).
> > Get AdAware and SpyBot and run them both. Keep them up to date.
> > Dealing with Unwanted Spyware, Parasites, Toolbars and Search Engines
> > http://mvps.org/winhelp2002/unwanted.htm
> >
> > Additional link:
> > http://aumha.org/a/quickfix.htm
> >
> > You may need this removal tool.
> > More: Complete list by variant with up-to-date information.
> > http://www.spywareinfo.com/~merijn/cwschronicles.html
> > More: Removal tool: http://www.spywareinfo.com/~merijn/files/CWShredder.exe
> >
> > CWShredder - Tutorial
> > http://www.bleepingcomputer.com/forums/index.php?showtutorial=47
> >
> > IMPORTANT:
> > Before trying to remove spyware, download a copy of LSPFIX from
> > the URL below - some malware may kill your internet connection when it is
> > removed, this program will enable you to regain your connection.
> > http://www.cexx.org/lspfix.htm
> > http://www.spychecker.com/program/winsockxpfix.html (if your OS is Win2k or
> > XP)
> >
> >
> > Important: "So how did I get infected in the first place?"
> > http://forums.net-integration.net/index.php?showtopic=3051
> >
> > --
> >
> > Henri Leboeuf
> > Web page: http://www.colba.net/~hlebo49/index.htm
> > ===
> > "KMB" <KMB@discussions.microsoft.com> wrote in message
> > news:FC51CDDF-FE38-4E59-A5D5-586BD083D612@microsoft.com...
> > > I added "about:blank" to the restricted list - don't know if it worked. I
> > found the following in my trusted sites.
> > > http://*.63.219.181.7
> > > I didn't put it there, I don't know what it is and when I remove it, it
> > comes back. Think it's related to about:blank?
> > > Thanks for any help...KMB
> > >
> > > "Courtney" wrote:
> > >
> > > > Sam wrote:
> > > > > Here are some other methods that may assist.
> > > > >
> > > > > http://www.securiteam.com/securityreviews/5RP0L0UD5U.html
> > > > >
> > > > > http://www.softwarepatch.com/tips/about-blank-adware.html
> > > > >
> > > > > Sam
> > > > > "Lloyd Wolf" <lloyd.wolf@wolfconsulting.com> wrote in message
> > > > > news:ODo%23t6RaEHA.3016@tk2msftngp13.phx.gbl...
> > > > >
> > > > >>Hello. Looking for a little help....
> > > > >>
> > > > >>I have a customer running Internet Explorer v6, on a computer running
> > > > >>Windows 2000 Professional.
> > > > >>
> > > > >>Internet Explorer has been hijacked by "About:Blank"
> > > > >>
> > > > >>We have run the Ad-aware 6 and also Spybot Search & Destroy software.
> > > > >>Neither one seems to be able to get rid of "About:Blank" permanently.
> > > > >>
> > > > >>Doing a Google search, I have seen lots of people having lots of
> > problems
> > > > >>with this one.
> > > > >>
> > > > >>Does anyone have a solid solution for getting rid of the "About:Blank"
> > > > >>hijacker ?
> > > > >>
> > > > >>Thanks in advance.
> > > > >>
> > > > >>Lloyd Wolf
> > > > >>Wolf Consulting, Inc.
> > > > >>
> > > > >>
> > > > >
> > > > >
> > > > >
> > > > Tools/Internet Options/Security/Restricted Sites.
> > > >
> > > > Add "about:blank" to the restricted list.
> > > >
> > > > courtney sends....
> > > >
> >
> >
Jan Il
07-09-2005, 11:13 PM
Hi Tammy :-)
Here is what you ahve:
About:Blank - What is it? How to remove it
http://www.adwarereport.com/mt/archives/000068.html
http://www.pchell.com/support/aboutblank.shtml
http://www.whizatpc.com/kbase/ka10148.html
CoolWebSearch Chronicles
http://www.spywareinfo.com/~merijn/cwschronicles.html
In order to fully remove it, do the following. Some variants can replicate
themselves continually until they are properly removed. Follow the
instructions for the information below and it should clean your system.
Make sure you run the scans in Safe Mode and with Hidden files enabled in
order to keep the scumware from hiding in Windows files that are in use.
NOTE: If you can not download these programs from the Internet, if your PC
has CD read capabilities, go to another computer with CD-ROM burning
capabilities. Create a folder on the hard drive of the other computer called
HOLD, download the programs to that folder, then burn that folder to a CD.
Copy the HOLD folder to your HD and then install the programs from there
and run them. After you have IE access again, update all programs where
possible to get the latest definitions and run them again in Safe Mode to be
sure there are no lingering items on the system.
Most importantly, download and run CWShredder, download from here:
http://www.majorgeeks.com/download3019.html
and this program, which searches for hidden .dlls that recreate the malware.
About Buster:
http://www.majorgeeks.com/download4289.html
Then visit these two sites to test for parasites and help basic cleaning:
On-Line Check
http://aumha.org/a/noads.htm
and
Quick-Fix Protocol.
http://aumha.org/a/quickfix.php
Basically, throw everything here at your "infection".
Also download and install HiJackThis -
How to download and install HiJackThis:
http://www.bleepingcomputer.com/forums/topict309.html
Please DO NOT post your log to this newsgroup. It is important that you go
to one of the HiJackThis Support Forums below and allow the experts there
to analyze it for youPlease DO NOT post your log to this newsgroup. It is
important that you go to one of the HiJackThis Support Forums below and
allow the experts there to analyze it for you.
CastleCops HiJackThis Forum
http://castlecops.com/f67-Hijackthis_Spyware_Viruses_Worms_Trojans_Oh_My.html
or Bleeping Computer Forum
http://www.bleepingcomputer.com/forums/forum22.html
to allow the experts there to evaluate your log and advise you of any
necessary steps to clean your system.
(Note: You will have to Register before posting on these Forums. Please
follow all posting instructions carefully to avoid having your log deleted
or ignored.)
Please post a link to the forum where you post your HJT log back to this
thread so that we can follow your progress there.
CAUTION!!!!! Before you try to remove spyware using any of the programs
below, download a copy of LSPFIX from any of the following sites:
http://www.cexx.org/lspfix.htm
http://www.spychecker.com/program/winsockxpfix.html
(if your OS is Win2k or XP) The process of removing certain malware may kill
your internet connection. If this should occur, this program, LSPFIX, will
enable you to regain your connection.
You should also get a copy of WINSOCKXPFIX available at:
http://www.spychecker.com/program/winsockxpfix.html
and
WinsockXP Fix- WinXP
http://www.spychecker.com/program/winsockxpfix.html
with instructions, at
http://www.iup.edu/house/resnet/winfix.shtm
also….. From LavaSoft- all versions of Windows-
http://digital-solutions.co.uk/lavasoft/whndnfix.zip
(NOTE: It is reported that in XP SP2, the command netsh winsock reset
will fix this problem without the need for these programs.)
or Winsock Fix Utility
http://www.dfwonline.net/files/WinsockFix.zip
How to Restart in Safe Mode
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406
How to Show Hidden Files
http://snipurl.com/6rl8
Finally, go to Windows Update and ensure that ALL Critical updates are
installed.
Hope this helps :-)
Jan :)
Smiles are meant to be shared,
that's why they're so contagious.
Replies are posted only to the newsgroup for the benefit or other readers.
How to make a good newsgroup post:
http://www.dts-l.org/goodpost.htm
>I worked most of this past weekend trying to get rid of about:blank,
>internet
> optimizer and "abetterinternet." I used xoftspy and though it reported
> that
> it removed everything (132 various baddies!), about:blank persisted, and
> now
> I cannot use Internet Explorer at all! when I type in a url, it just
> sends
> me a page error. I'm about at the end of my rope, and am considering a
> clean
> install of the OS after backing up all of my data. Short of that, anyone
> have any other suggestions?????
>
>
>
> "Brian Mullan" wrote:
>
>> Thankyou very much,I had tried everything,tech support etc.I received 75
>> Trojan Horses and Bloodhounds yesterday.None of the various spywares
>> helped
>> but following your instructions everything is great,a big relief.
>> Many Thanks Brian Mullan
>>
>> "H Leboeuf" wrote:
>>
>> > You have some parasites in your computer. The new version of AdAware
>> > may be
>> > the only tool you will need. If not then get them all and clean your
>> > computer.
>> >
>> > Try this: Tools > Internet Options > Advanced > Browsing
>> > Uncheck the Enable 3rd party browser extensions
>> >
>> > If this clears your problem then find out who the culprit(s) is/are
>> > with
>> > these tools.
>> >
>> > Let AD-Aware Scan your system for advertising Spyware
>> > http://www.lavasoftusa.com
>> >
>> > If you use a HOSTS file, beware of this new issue.
>> > Ad-Aware has decided to include a new detection when scanning the HOSTS
>> > file. This now creates a "Bad hosts file entry" in the log file
>> > generated at
>> > the end of a scan. The best thing to do is to place a check in each
>> > entry,
>> > right-click and select: "Add selection to ignorelist". Otherwise if you
>> > let
>> > AWW "fix" these items it will trash the HOSTS file! Even if you have it
>> > "locked" by [example] SpywareBlaster or Winpatrol. It does not return
>> > the
>> > attributes and renames the HOSTS file incorrectly to hosts.
>> >
>> > and:
>> >
>> > SpyBot-S&D
>> > http://security.kolla.de/
>> >
>> > p.s Reset the 3rd party browser setting.
>> >
>> > More: This may be caused by a third-party program (adware, spyware,
>> > parasite).
>> > Get AdAware and SpyBot and run them both. Keep them up to date.
>> > Dealing with Unwanted Spyware, Parasites, Toolbars and Search Engines
>> > http://mvps.org/winhelp2002/unwanted.htm
>> >
>> > Additional link:
>> > http://aumha.org/a/quickfix.htm
>> >
>> > You may need this removal tool.
>> > More: Complete list by variant with up-to-date information.
>> > http://www.spywareinfo.com/~merijn/cwschronicles.html
>> > More: Removal tool:
>> > http://www.spywareinfo.com/~merijn/files/CWShredder.exe
>> >
>> > CWShredder - Tutorial
>> > http://www.bleepingcomputer.com/forums/index.php?showtutorial=47
>> >
>> > IMPORTANT:
>> > Before trying to remove spyware, download a copy of LSPFIX from
>> > the URL below - some malware may kill your internet connection when it
>> > is
>> > removed, this program will enable you to regain your connection.
>> > http://www.cexx.org/lspfix.htm
>> > http://www.spychecker.com/program/winsockxpfix.html (if your OS is
>> > Win2k or
>> > XP)
>> >
>> >
>> > Important: "So how did I get infected in the first place?"
>> > http://forums.net-integration.net/index.php?showtopic=3051
>> >
>> > --
>> >
>> > Henri Leboeuf
>> > Web page: http://www.colba.net/~hlebo49/index.htm
>> > ===
>> > "KMB" <KMB@discussions.microsoft.com> wrote in message
>> > news:FC51CDDF-FE38-4E59-A5D5-586BD083D612@microsoft.com...
>> > > I added "about:blank" to the restricted list - don't know if it
>> > > worked. I
>> > found the following in my trusted sites.
>> > > http://*.63.219.181.7
>> > > I didn't put it there, I don't know what it is and when I remove it,
>> > > it
>> > comes back. Think it's related to about:blank?
>> > > Thanks for any help...KMB
>> > >
>> > > "Courtney" wrote:
>> > >
>> > > > Sam wrote:
>> > > > > Here are some other methods that may assist.
>> > > > >
>> > > > > http://www.securiteam.com/securityreviews/5RP0L0UD5U.html
>> > > > >
>> > > > > http://www.softwarepatch.com/tips/about-blank-adware.html
>> > > > >
>> > > > > Sam
>> > > > > "Lloyd Wolf" <lloyd.wolf@wolfconsulting.com> wrote in message
>> > > > > news:ODo%23t6RaEHA.3016@tk2msftngp13.phx.gbl...
>> > > > >
>> > > > >>Hello. Looking for a little help....
>> > > > >>
>> > > > >>I have a customer running Internet Explorer v6, on a computer
>> > > > >>running
>> > > > >>Windows 2000 Professional.
>> > > > >>
>> > > > >>Internet Explorer has been hijacked by "About:Blank"
>> > > > >>
>> > > > >>We have run the Ad-aware 6 and also Spybot Search & Destroy
>> > > > >>software.
>> > > > >>Neither one seems to be able to get rid of "About:Blank"
>> > > > >>permanently.
>> > > > >>
>> > > > >>Doing a Google search, I have seen lots of people having lots of
>> > problems
>> > > > >>with this one.
>> > > > >>
>> > > > >>Does anyone have a solid solution for getting rid of the
>> > > > >>"About:Blank"
>> > > > >>hijacker ?
>> > > > >>
>> > > > >>Thanks in advance.
>> > > > >>
>> > > > >>Lloyd Wolf
>> > > > >>Wolf Consulting, Inc.
>> > > > >>
>> > > > >>
>> > > > >
>> > > > >
>> > > > >
>> > > > Tools/Internet Options/Security/Restricted Sites.
>> > > >
>> > > > Add "about:blank" to the restricted list.
>> > > >
>> > > > courtney sends....
>> > > >
>> >
>> >
Re: Internet Explorer has been hijacked by "About:Blank"
Powered by vBulletin. Related Links: