Hi! Like many people I have been hit by the about:blank redirection scumware. I have done all the preliminary things, deep scan in safe mode (Nortons), CWshredder, SybotSD and adaware. I also have Webroot spysweeper running. I have done the routine with HJT and fixed some things as instructed by one site, but the problem keeps coming back. Is it a hidden DLL that may lurking? Last night I ran Panda activescan (to check an alternate virus scanner) and it found and deleted exploit/urlspoof (code) and Start.Page.FH (trojan). Immediately the computer started to behave properly, but alas the problem has returned. What should I do next? Thanks for any help you can provide.

[Reply or follow-up to this message]

Re-run all the scans again and see if it came back. Then report these results back to who ever was helping you before. It often takes several tries and some testing for days to clean this off of a system. No easy, first try fixes for this one. Who ever helped you before knows what has been done so for.

It is quite possible that you are being re-infected when your browser is redirected back to some AD web site.

The first rule here is, make sure you have all of the Windows ME and IE Security updates installed from the MicroSoft Windows Update site. This helps prevent a re-infection.

[Reply or follow-up to this message]

In the past month IE users have been hit with continues malware from many infected Web sites. It is real easy to get reinficted if one of these sites is one you visit. I would also suggest to stop using IE, it is just to big a target for the malware writers now. MS has been unsuccessful at being able to make IE safe. Every time internet Security firms find a IE hole they post the problem on the internet, and within hours virus, and trojans are writen to take advantage of the new find.


On Saturday, July 10, 2004 at 10:55 pm, Allan H wrote:
>Hi! Like many people I have been hit by the about:blank redirection scumware. I have
>done all the preliminary things, deep scan in safe mode (Nortons), CWshredder, SybotSD
>and adaware. I also have Webroot spysweeper running. I have done the routine with
>HJT and fixed some things as instructed by one site, but the problem keeps coming
>back. Is it a hidden DLL that may lurking? Last night I ran Panda activescan (to
>check an alternate virus scanner) and it found and deleted exploit/urlspoof (code)
>and Start.Page.FH (trojan). Immediately the computer started to behave properly,
>but alas the problem has returned. What should I do next? Thanks for any help you
>can provide.

[Reply or follow-up to this message]

ok steve, had mozilla,netscape and something else. mozilla was the only one that looked half ok. if i use mozilla can i still use outlook express? or do i have to go with this thunderbird (or whatever this newsgroup is) and yeah i know i can have both,but is it really worth it?


On Sunday, July 11, 2004 at 7:15 am, Steve wrote:
>In the past month IE users have been hit with continues
>malware from many infected Web sites. It is real easy to
>get reinficted if one of these sites is one you visit. I would
>also suggest to stop using IE, it is just to big a target for
>the malware writers now. MS has been unsuccessful at
>being able to make IE safe. Every time internet Security firms find
>a IE hole they post the problem on the internet, and within
>hours virus, and trojans are writen to take advantage of
>the new find.
>
>
>

[Reply or follow-up to this message]

Just don't use IE, unless you have to. For example MS update site and even some of the online virus scan sites won't work unless you use IE, but for most web surfing use a different browser to help protect from malware being downloaded without you knowing. I think Outlook Express is also dangerous, but can't ween you from everything at once :). I have been a diehard IE user since a couple weeks ago. Firefox is the first non IE browser I have used myself since some ISP software I used about 4 years ago used Netscape 4.something...Once you get your puter disinfected make sure you put a little work (almost daily) to clean out the malware. It is easier then waiting to remove the stuff when the computer grinds to a halt.

[Reply or follow-up to this message]

Allan, You might try this, compliments of RubberDucky, hope it works for you. Download About:Blaster Unzip it to your desktop. Fix all random 04's and the random bho in Hijack This. Note: Fixing the R0's and R1's is not necessary. Then run About:Buster. Hit Ok on the first prompt, Start on the second. Then Ok to start the removal. A log will start to form. After the program runs. Save the log somewhere. If a helper at this forum(SWI) asks you for a report, that is what he/she means.

If the fix above does not work - It is because the files that have been removed are noticed by other files and new files are created to replace them. That is why you must boot into safe mode by tapping F8 several times when the computer is first booting. Then run the program. This will cause no processes to start and communicate.For anyone who cares. The program was created in Visual Basic 6. So if there are any errors saying missing a file. Please download the Visual Basic 6 Runtime Files and install them. You can get the at Merijn's page

You need an antivirus. ---jabuck


On Saturday, July 10, 2004 at 10:55 pm, Allan H wrote:
>Hi! Like many people I have been hit by the about:blank redirection scumware. I have
>done all the preliminary things, deep scan in safe mode (Nortons), CWshredder, SybotSD
>and adaware. I also have Webroot spysweeper running. I have done the routine with
>HJT and fixed some things as instructed by one site, but the problem keeps coming
>back. Is it a hidden DLL that may lurking? Last night I ran Panda activescan (to
>check an alternate virus scanner) and it found and deleted exploit/urlspoof (code)
>and Start.Page.FH (trojan). Immediately the computer started to behave properly,
>but alas the problem has returned. What should I do next? Thanks for any help you
>can provide.

[Reply or follow-up to this message]

jabuck: Thanks for your suggestion. Prior to using "About:Blaster" I ran another PandaActive scan and it found the StartPage.FH (trojan). I booted to safe mode and ran a scan in HJT. The only thing that I found in the bho was spybot. This is a recognized program so I did not touch it. All the "04's" I recognize as legit programs. I then went to blaster and ran it and then rebooted. The program returned again. Did I not see something in the scan, or ???? Al


On Sunday, July 11, 2004 at 6:56 pm, jabuck wrote:
>Allan, You might try this, compliments of RubberDucky, hope it works for you. Download
>About:Blaster Unzip
>it to your desktop. Fix all random 04's and the random bho in Hijack This. Note:
>Fixing the R0's and R1's is not necessary. Then run About:Buster. Hit Ok on the first
>prompt, Start on the second. Then Ok to start the removal. A log will start to form.
>After the program runs. Save the log somewhere. If a helper at this forum(SWI) asks
>you for a report, that is what he/she means.

If the fix above does not work - It
>is because the files that have been removed are noticed by other files and new files
>are created to replace them. That is why you must boot into safe mode by tapping
>F8 several times when the computer is first booting. Then run the program. This
>will cause no processes to start and communicate.For anyone who cares. The program
>was created in Visual Basic 6. So if there are any errors saying missing a file.
>Please download the Visual Basic 6 Runtime Files and install them. You can get the
>at Merijn's
>page

You need an antivirus. ---jabuck
>
>
>

[Reply or follow-up to this message]

I have just been infected with this problem myself and i have been able to get rid of it by taking my computer back to its settings before i got the infection. go to system restore and look at the dates of software you have installed and find one that was before the infection. get windows to take you back there and it will delete the problem with it. all you have to do is install any software that was installed after the infection got to your system

[Reply or follow-up to this message]

• Search this forum
• Start a new thread on a different subject

• Report abuse of the forum