Hi, I keep getting an about:blank search page on loading IE. CWS Shredder detected 
CWS.HiddenDll but didn't state it was deleted. Also the HijackThis load is full of 
about:blank Search pages, I can post the log. I wonder which entries I should delete.

thanks, 
lina

Tip: Run a free scan for common Windows errors ad

re: CWS Shredder found CWS.HiddenDll Friday, May 13, 2005 at 7:48 am Posted by lina (209 messages posted) Logfile of HijackThis v1.99.0 Scan saved at 15:35:51, on 13/05/05 Platform: Windows 98 Gold (Win9x 4.10.1998) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/spage.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/spage.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank O2 - BHO: (no name) - {E7CE3C61-C390-11D9-ACE4-444593C49B3E} - C:\WINDOWS\SYSTEM\DOOL.DLL O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!MESSENGER\YPAGER.EXE O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!MESSENGER\YPAGER.EXE O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab O18 - Filter: text/html - {5BD27AE0-C3C3-11D9-ACE4-852134D1512B} - C:\WINDOWS\SYSTEM\DOOL.DLL O18 - Filter: text/plain - {5BD27AE0-C3C3-11D9-ACE4-852134D1512B} - C:\WINDOWS\SYSTEM\DOOL.DLL [Reply or follow-up to this message] re: CWS Shredder found CWS.HiddenDll Friday, May 13, 2005 at 12:56 pm Posted by Ms. Eagle (33640 messages posted) I fail to understand how your system continually gets reinfected with malware and hijackers, Lina. I've given you advice on how to help prevent these problems. BTW, it's not acceptable to post unsolicited HJT logs on this forum, as I'm sure you're aware. About blank is one of the advanced variants of the CWSearch hijacker. You need to get help on a malware support forums. Follow the same procedure you did previously. This is a newer forum and won't be nearly as busy as some of the others: http://forum.malwareremoval.com/ Dealing with Unwanted Spyware and Parasites [Reply or follow-up to this message] re: CWS Shredder found CWS.HiddenDll Friday, May 13, 2005 at 1:18 pm Posted by Ms. Eagle (33640 messages posted) You may be able to clear this up yourself. If you have About Buster on hand, just boot into Safe mode, run AB first. Then run HJT and select those R0 and R1 entries and that BHO. Fix them. Then run a search for this DLL and delete it, if found: C:\WINDOWS\SYSTEM\DOOL.DLL. Reboot normally and run AB again. Note: I'm unsure, if that'll take care of it. If not, post on that other forum. Dealing with Unwanted Spyware and Parasites [Reply or follow-up to this message] re: CWS Shredder found CWS.HiddenDll Friday, May 13, 2005 at 2:21 pm Posted by MrCharlie (4474 messages posted) Here's how to get that hijacker: Download SpSeHjfix into a folder. (don't run it yet) Download CW-Shredder: http://cwshredder.net/bin/CWShredder.exe Make sure you know how to boot into - SafeMode Clean out temporary and TIF files. Go to Start > Run and type in the box: cleanmgr. Let it scan your system for files to remove. Make sure these 3 are checked and then press *ok* to remove: Temporary Files Temporary Internet Files Recycle Bin --------------------------------------------------------------------------- Reboot into safe mode Disconnect from the net and Close ALL OPEN PROGRAMS. Run 'SpSeHjfix'. and click on "Start Disinfection". When it's finished it will reboot your machine to finish the cleaning process. The tool creates a log of the fix which will appear in the folder. Repeat the process above until you get a log like this - 'not infected' Then run CW-Shredder - hit the FIX button. 3-26-05 18:08:05) SPSeHjFix started v1.1.0 (3-26-05 18:08:05) OS: Win (4.10.2222) (3-26-05 18:08:05) Language: svenska (3-26-05 18:08:07) Disinfect started (3-26-05 18:08:07) Bad-Dll(IEP): (not found) <------ (3-26-05 18:08:07) Bad-Dll(IEP) in BHO: (not found) <------ (3-26-05 18:08:07) UBF: 4 (3-26-05 18:08:07) UBB: 2 (3-26-05 18:08:07) UBR: 17 (3-26-05 18:08:07) Bad IE-pages: (3-26-05 18:08:07) Stealth-String not found: <------ (3-26-05 18:08:07) Not infected->END <------ Open up Internet Explorer , Tools, General Tab, reset your home page to what you want, now the Programs Tab, click Reset Web Settings That will change everything back to the default settings. Reboot and post a fresh HJT log using the newest version of HJT. http://tools.radiosplace.com/HijackThis.exe Thanks, MrC [Reply or follow-up to this message] re: CWS Shredder found CWS.HiddenDll Saturday, May 14, 2005 at 4:28 am Posted by lina (209 messages posted) Hi Mr Charlie, I had not used the SpSeHjfix, no one had suggested it before, i guess it's a new thing. It worked, the disinfection was successful. Followed the rest of the instructions as well. Below is the new hjt log, it seems clear and the search page is gone too. Thanks, lina :) Logfile of HijackThis v1.99.1 Scan saved at 11:39:48, on 14/05/05 Platform: Windows 98 Gold (Win9x 4.10.1998) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE C:\WINDOWS\NOTEPAD.EXE O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O8 - Extra context menu item: Add to AD Black List - C:\PROGRAM FILES\AVANT BROWSER\AddToADBlackList.htm O8 - Extra context menu item: Block All Images from the Same Server - C:\PROGRAM FILES\AVANT BROWSER\AddAllToADBlackList.htm O8 - Extra context menu item: Search - C:\PROGRAM FILES\AVANT BROWSER\Search.htm O8 - Extra context menu item: Highlight - C:\PROGRAM FILES\AVANT BROWSER\Highlight.htm O8 - Extra context menu item: Open All Links in This Page... - C:\PROGRAM FILES\AVANT BROWSER\OpenAllLinks.htm O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!MESSENGER\YPAGER.EXE O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!MESSENGER\YPAGER.EXE O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab [Reply or follow-up to this message] re: CWS Shredder found CWS.HiddenDll Saturday, May 14, 2005 at 5:44 am Posted by MrCharlie (4474 messages posted) Well Done! Please look at My Preventive Maintenance to avoid being reinfected. Thanks, MrC [Reply or follow-up to this message] Tip: Use one of the [Reply or follow-up to this message] links above to add a message to this thread Search this forum Start a new thread on a different subject Report abuse of the forum Return to the Windows 98 Discussion Forum