Spyware, viruses, & security : About:Blank problem
About:Blank problem
by le81 - 3/29/05 11:40 AMI wonder if there is anyone out there who can help me with this problem. I have an about:blank home page which I can't get rid of. I believe it is a virus.It's driving me nuts as every time I change my home page it reverts back to this about:blank. My Norton Antivirus has ran out and I can't access the subscription page, I don't know if this is to do with this virus???!! Is this compromising my security and how can i get it off. Many thanks
Tim
Tim, you've GOT to have
by roddy32
- 3/29/05 11:53 AM
In reply to: About:Blank problem by le81
an antivirus program nowdays, although I don't think Norton would remove that particular one anyway. There are an awful lot of variations for about blank with different methods of removing it. If you don't have AV, I would assume that you also don't have any adware or spyware removers either so I would start here.
Spybot S&D (download, check for updates, read the tutorial and scan often, it also does some blocking)
http://www.safer-networking.org/en/home/index.html
SpywareBlaster (a blocker only, download it, check for updates, enable it and leave it alone except for checking for updates occasionally)
http://www.javacoolsoftware.com/spywareblaster.html
SpywareGuard (similiar to SpywareBlaster but works in a different way and does not update as often for that reason.
http://www.javacoolsoftware.com/spywareguard.html
Ad-Aware SE (a scanner, download, check for updates, read the directions and scan.
http://www.lavasoftusa.com/
cwshredder (stand alone unit)(another small scanner for certain things, ALL other windows should be closed)
http://www.intermute.com/spysubtract/cwshredder_download.html
Also do an online scan at one or all of these.
Housecall (using IE with Active-X)
http://housecall.trendmicro.com/housecall/start_corp.asp
Housecall (all browsers using java)
http://uk.trendmicro-europe.com/enterprise/products/housecall_launch.php
PandaActivescan
http://www.pandasoftware.com/activescan/com/activescan_principal.htm
Tim, In Addition To Roddy's List Of Suggestions..One More...
by Grif Thomas - 3/29/05 3:36 PM
In reply to: About:Blank problem by le81
Download the program below. It's a standalone program which can be downloaded to a "clean" computer, updated there, then loaded on a floppy, if need be, and run on the infected compute from there.:
About:Buster
http://www.malwarebytes.biz/index.php?page=downloads
Hope this helps.
Grif
(NT) & 1 more: Get AVG Free AV from Grisoft!
by tobeach - 3/30/05 11:01 PM In reply to: Tim, In Addition To Roddy's List Of Suggestions..One More... by Grif Thomas
Here's a good article on how to remove this nuisance
by lokey - 3/31/05 8:39 AM In reply to: About:Blank problem by le81same problem
by hazrae - 5/23/05 11:15 AM In reply to: Here's a good article on how to remove this nuisance by lokeyokay, i am having the same problem, and i have tried almost all of you solutions regarding the "about:blank" homepage problem. hi-jack this, adware away, going to the registry - my problem with this is that there is nothing in the "value" area, when i the applnit_DDls key. it says there should be a dll file there, but there is not, and i am still having this problem.
can anybody help ??
You said you tried HijackThis, which
by roddy32 - 5/23/05 11:38 AM
In reply to: same problem by hazrae
HJT expert forum did you post your log at? HijackThis is a great tool but is dangerous if used without knowing exactly what to delete with it so there are forums that have experts that have been trained in using it so I would suggest bring your log to one of them. Please be patient with whoever you bring your log to, they are very busy. You'll have to join whichever forum you decide to bring it to but that is not a big deal and is the same as joining CNET.
HijackThis download locations:
http://castlecops.com/zx/Merijn/hijackthis.zip
http://www.spywareinfo.com/~merijn/files/HijackThis.exe
http://www.spywareinfo.com/~merijn/files/hijackthis.zip
http://downloads.subratam.org/hijackthis.zip
Current version of HijackThis is 1.99.1 (released Feb. 16, 2005)
Where to put and how to use HijackThis:
It is important that you run HijackThis.exe in its own folder so the backup files that HijackThis creates will not be accidentally deleted.
Open 'My Computer', then double-click to open C:\ (or the drive letter that your Windows is installed on)
In the menu bar, click File-->New-->Folder.
That will create a folder named New Folder, which you can rename to "HJT" or "HijackThis". Now you have C:\HJT\ or C:\HijackThis\ folder. Put your HijackThis.exe there, and double click to run it.
Click 'Scan' button. Click 'Save log' button. Save the 'hijackthis.log' in your desktop. Copy and paste the content of 'hijackthis.log' and post it at one of these forums. Just follow the links on these for HJT.
http://www.computercops.biz/
http://forums.spywareinfo.com/
Other forums that offer HijackThis analysis can be found on this link in the recommended sites section on the left side of the page.
http://asap.maddoktor2.com/
How I got rid of this.....
by JohnSP - 4/1/05 8:51 AM In reply to: About:Blank problem by le81Just follow these steps and this will work, just a simple rename will take care of it.
http://www.justtext.com/remove-about-blank/about-blank-remover.html
remove aboutblank
by jim603 - 4/2/05 3:43 AM In reply to: About:Blank problem by le81I used Hyjack this program it worked great but be carfull useing it only use it to remove what you know for sure is a problem .
About:Blank Removal
by jmac0225 - 4/2/05 7:45 AM In reply to: About:Blank problem by le81I have fixed this problem from here:
http://www.pchell.com/support/aboutblank.shtml
AdAware
by BHarris - 4/2/05 10:16 AM In reply to: About:Blank problem by le81AdAware is free for personal use and can be downloaded directly from their website. As generous as it is for someone to offer to send you an executable and a key for it, that in itself presents some risk. Any file you download from an unverified source should be treated as suspect.
Any executable you accept (with or without a key) from someone other than an authorized distributor has the potential to contain embedded viruses or spy/ad -ware. Additionally it may be a violation of copyright and cold fall in the realm of illegal downloading. For your computer's safety as well as ethical computing you should only use legitimately sourced software.
About:Blank problem
by PFurball - 4/4/05 1:45 AM In reply to: About:Blank problem by le81Howdy le81
Yes, this hijacker DOES affect your security settings,firewall, AV and spycheckers. It changed files in Spybot Search and Destroy and the only way I got round that was to remove then reinstall the app using a CD version from a computer magazine as the about:blank stops you scanning your machine with online AV, getting updates etc. I tried everything I could and it kept creating more bad dll extensions to stuff things up and even HijackThis couldn't get rid of it. In the end it was writing to winit.ini and bootconfig and I could hardly use the machine. I ended up backing up what I hadn't already backed up then reformatting the drive as that was the only way I could finally get rid of it.Regards Paula 
I have it also. But have identified origins. and working
by gcanavaggio - 4/4/05 5:02 AM In reply to: About:Blank problem by le81I have been working on this one for 2 weeks , it kills Ad Aweare program. stops most removal attempts.
My attack entered the pc through the MSMedia Palyer.
When you try to play a file which you downloaded or got in an e mail. It triggers the media player's licence aquisition feature which then dwonloads the virus. Therefore as a first step to all STOP the media player from accesing the internet without your permission.
Media player leaves a log. Go to the C:\ directory and look for a file OUT.TXT if or other inocent name.
The log looks like this.
Log ……
module 0 0
Old name C:\WINNT\Downloaded Program Files\update.exe New name C:\WINNT\system32\dwlbr.exe
RemoveFromHider -> C:\WINNT\Downloaded Program Files\update.exe
AddToHider -> C:\WINNT\system32\dwlbr.exe
UpdateHider
module 7a0000 1b
Work in C:\Program Files\Internet Explorer\iexplore.exe
LockFile C:\WINNT\system32\dwlbr.exe -> 6c
WorkExplorer
InternetOpenUrl cc000c
InternetReadFile 374
InternetReadFile 374
Downloading file http://69.50.166.98/users/alberto/web/lodctrpd.exe
InternetOpenUrl cc000c
InternetReadFile 33792
InternetReadFile 33792
Executing file C:\WINNT\system32\lodctrpd.exe
Downloading file http://69.50.166.98/users/alberto/web/diantzpt.exe
InternetOpenUrl cc000c
InternetReadFile 11264
InternetReadFile 11264
Executing file C:\WINNT\system32\diantzpt.exe
Downloading file http://69.50.166.98/users/alberto/web/dosxpd.exe
InternetOpenUrl cc000c
InternetReadFile 47077
InternetReadFile 47077
Executing file C:\WINNT\system32\dosxpd.exe
Downloading file http://69.50.166.98/users/alberto/web/audissrp.exe
InternetOpenUrl cc000c
InternetReadFile 10752
InternetReadFile 10752
Executing file C:\WINNT\system32\audissrp.exe
Downloading file http://69.50.166.98/users/alberto/web/fixmapirs.exe
InternetOpenUrl cc000c
InternetReadFile 3733
InternetReadFile 3733
Executing file C:\WINNT\system32\fixmapirs.exe
Downloading file http://69.50.166.98/users/alberto/web/autodmfp.exe
InternetOpenUrl cc000c
InternetReadFile 46592
InternetReadFile 46592
Executing file C:\WINNT\system32\autodmfp.exe
Downloading file http://69.50.166.98/users/alberto/web/chkntfsfat.exe
InternetOpenUrl cc000c
InternetReadFile 19456
InternetReadFile 19456
Executing file C:\WINNT\system32\chkntfsfat.exe
All files downloaded successfully...
Removing downloader...
RemoveFromHider -> C:\WINNT\system32\dwlbr.exe
OR SOMETHING SYMILAR , THESE ARE THE INFECTED FILES THAT CHANGED YOUR SYSTEM.
At this time there is not much you can do. Ad Aware will include a removal shortly.
There is a Dll file you can change to . old in the mean time. In my case it was DISKFUOUI.dll CHANGED TO .OLD
This malaware is vicious, it hides,re infects, stops updates. You can damage your system easyly careful and be patient until a safe solution is available.
good day
Guy
Make about:blank "about face"
by davidldawson - 4/5/05 2:52 PM In reply to: About:Blank problem by le81Tim,
I had the same problem back in fall of '04. I ran the latest Spybot over and over. The message said that it solved the problem, but it didn't. Each time I would reboot, the very same about:blank hijacker came back. Finally I downloaded, installed, and ran Microsoft's AntiSpyware (purchased from Giant Software) program. This DID solve the problem. I haven't seen this hijacker since. Also the MS AntiSpy pgm allows you options to prevent malware from changing your default webpage (without your consent). PS, I concur with the user who advised you to get the free version of AVG anti-virus software. I too had my subscription run out on Norton Antivirus, and decided to try a free alternative. AVG has been a sound choice. You didn't mention it, but if you don't have a firewall, install the latest free version of Zonealarm.
DavetheRave
About:Blank problem
by bgshah - 4/6/05 12:05 AM In reply to: About:Blank problem by le81Dear User,
First check out your page step by step
1.Check font colour is White?
2.Your page should be save in your system.
3. save it and reopen your page.
4. After this no problem arising
5. Update your Virus software early as possible.
6. Configure your virus setting so that your internate browusing start, Antivirus search effective all file of Internet.
Please try my advice
Thanks
Yours co-ordinator
bgshah
| Forum legend: | |
 |
Locked thread |
 |
Moderator |
 |
CNET staff |
 |
Samsung staff |
 |
Norton Authorized Support team |
 |
AVG staff |
 |
Windows Outreach team |
 |
Dell staff |
 |
Intel staff |
