re: Cannot remove "ABOUT BLANK" homepage
Sunday, May 2, 2004 at 6:50 am
Windows 95 Annoyances Discussion Forum
Posted by Darla
(1 messages posted)
Please help. I have been hijacked by about:blank. I have ran CWSchredder and spybot
and ad-aware still have problem. Just ran Hijackthis, and have no idea what to delete.
Here is my log:
Logfile of HijackThis v1.97.7
Scan saved at 6:42:09 AM, on 5/2/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\LEXPPS.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\CMMPU.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\0FERYA0W\HIJACKTHIS[1].EXE
C:\WINDOWS\SYSTEM\JEOJNPAE.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\MaiThe recipe for riding yourself
of about:blank search hijacker is as follows. There are two malicious .dll files
on you computer. One is visible and can be easily deleted. The other is HIDDEN. The
hidden .dll regenerates the viewable .dll if it is deleted or changed. The hidden
file is the problem. To rid your self of the hidden .dll, which is the core of the
problem, do the following. Download three free programs and install them. 1. Taskinfo
2. Killbox 3. CWSShredder http://www.iarsn.com/taskinfo.html (trial version works
for this) http://download.broadbandmedic.com/VbStuff/KillBox.zip http://www.spywareinfo.com/~merijn/downloads.html
Open Internet Explorer with the about:blank page. Then open taskinfo program. Look
for “Internet Explorer” on the left side and highlight it.
On the right side, open the “Modules” tab. You will see a list of .dll files. Sort
the files by Company. You should see a few .dll files that don't belong to any company
or don’t have any description. In the list should be both the malicious secondary
.dll that is generated by the malicious core .dll AND the malicious core dll. Again,
they should not have any legitimate company name or description. Run CWSShredder.
It will delete the secondary .dll that is generated by the hidden core .dll and all
associated registry entries. Run Killbox. In the "Paste Full Path of File to Delete"
box, copy and paste the following: c:\windows\system32\(whatever your identified
core filename is).dll Note: One will not find the malicious core .dll if one searches
for it using windows explorer or the file search engine. It is hidden. IMPORTANT:
Click on the Action menu and choose "Delete on Reboot". On the next screen, click
on the File menu and choose "Add File". Then it should show up in the window. If
that's successful, choose the Action menu and select "Process and Reboot". You'll
be prompted to reboot, do so. After reboot, use the Taskinfo program again to check
to see if the identified malicious .dlls are gone. Don’t forget to open Internet
Explorer to do this. Run CWSShredder again and/or updated ADWARE program to remove
remaining garbage. DONE!
On Wednesday, April 7, 2004 at 1:53 am, ken the spyware hater wrote:
>I had the same problem. Ad aware and spybot s&d did not fix it. What helped me was
>hijackthis. I found it at http://www.spychecker.com/program/hijackthis.html
>You have to be careful when u use it because you could screw up legit programs.
>The problem is that Internet explorer has bho's or browser helper objects. On my
>pc (2000 pro) some of these were good like spybot, popup blocker, and something
to
>do with Norton. You have to read what each bho is before you check them.
>I guessed and got lucky. I checked the others (I think that there were 2) and my
>google search was good to go with no more about:blank. There are all sorts of other
>things to check, but I left those alone. You should look at the ones that begin
with
>bho. Good luck. I thought fer sure I was going to screw something up, but every
thing
>seems ok.
>
>
>
n,Local Page =
F1 - win.ini: run=C:\WINDOWS\SYSTEM\cmmpu.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LexStart] Lexstart.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\SYSTEM\LXSUPMON.EXE RUN
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O16 - DPF: {861DB4B6-3838-11D2-8E50-002018200E57} (MrSIDI Control) - http://images.myfamily.net/isfiles/downloads/MrSIDI.cab
O16 - DPF: {75565ED2-1560-4F15-B841-20358DE6A0D1} (ImageControl Class) - http://content.ancestry.com/asfiles/files/install/MFImgVwr.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Could someone please help me. Thanks.
On Wednesday, April 28, 2004 at 8:45 am, David Dokmanovich wrote:
>The recipe for riding yourself of about:blank search hijacker is as follows.
>
>There are two malicious .dll files on you computer. One is visible and can be easily
>deleted. The other is HIDDEN. The hidden .dll regenerates the viewable .dll if
it
>is deleted or changed. The hidden file is the problem.
>
>To rid your self of the hidden .dll, which is the core of the problem, do the following.
>
>Download three free programs and install them.
>
>
>1. Taskinfo
>
>2. Killbox
>
>3. CWSShredder
>
>http://www.iarsn.com/taskinfo.html (trial version works for this)
>
>http://download.broadbandmedic.com/VbStuff/KillBox.zip
>
>http://www.spywareinfo.com/~merijn/downloads.html
>
>
>
>Open Internet Explorer with the about:blank page.
>
>Then open taskinfo program.
>
>Look for “Internet Explorer” on the left side and highlight it.
>
|
All messages in this thread [show all]
 |  | |  | re: Cannot remove "ABOUT BLANK" homepage (Darla: Sun, May 2, 2004, 6:50 am) |
| |
| |
Return to the Windows 95 Discussion Forum
|
|
