Removing About:Blank The following programs are all legitimate and safe to use. So, if they are mentioned in any solution, then feel confident about using them: Adaware Spybot Spyware Blaster SmitRem http://noahdfear.geekstogo.com/ (removal tool for Spyaxe, SpySheriff, etc) HijackThis http://www.merijn.org/files/hijackthis.zip (essential in finding spyware and trojans) Ewido http://www.ewido.net/en/download/ (recommended anti-malware/spyware program) Killbox http://killbox.clickhereformoreinfo.com/ (removes files not able to be deleted) There are at least six suggested solutions (two are for Win 98) given in this document, plus some hints and tips and comments on which “free” programs are reliable. I suggest you read all the solutions for Win XP/2000 before attempting removal. Basically, the Trojan works by installing one or several files in your Windows folder. The files are “.dll” types (which means that the last three letters of their name is that). In addition, the Trojan installs lots of entries into the Registry and these cause the offending files to be re-created almost as fast as you delete them. Solutions to about:blank - new advice Having spent the last 10 hours trying to rid my system of the about.blank problem, I wanted to make a posting for two reasons: 1). The latest version of the tactic seems to have overcome some of the methods that were used to find/fix the problem as it manifested itself previously. In particular there is no longer a section of text in the source of the html page that is of the form "res://", so the technique previously used to un-encode that information is no longer operable (as per Solution 1). If you look at the registry entries that “HijackThis” identifies, you can find a URL for each of the three bogus entries, and that does yield three downloadable files with names that suggest that they can be used to uninstall the problem. All three files, are really the same, and, of course, they do not, in fact, uninstall anything. Nonetheless, the general trouble-shooting techniques listed at this very helpful site are sound. Finding the bogus dll’s and registry entries is a necessary step to successful eradication. 2). The various 'sponsored' adware/spyware removal tools that you get from a Search may help you find problems related to this one, but removal triggers the need to go from 'free' to 'paid'. Avast seems to have a wonderful business practice in segmenting the marketplace between 'home' and 'business'. Unfortunately, I have W2K Server installed and their installation program refuses to deal with my variant of the OS. Perhaps they make the reasonable assumption that W2K is not usually found in a home -- even a home used as an office by a contractor. With all the layoff activity in silicon valley, however, one of the things that frequently happens is that a company going through a lay off or a shutdown sells off its computer assets. That is why there are quite a few 'homes' with W2K Server installed. Perhaps Avast will reconsider the implementation of its policy. So, the point of this item is simply to relay the fact that even if you are not running XP, it is possible to finally remove all the erroneous 'stuff' with a combination of 'regedit', command line searching in 'safe mode' and the helpful knowledge posted at this site. As one hint, once you find the 'ID' of the offending software -- one of those imposing strings of random digits that identify 'stuff' in the registry, you can select the string [including the curly brackets] and do a search for it throughout the registry. I think one of the keys to the way that the offending software has managed to become so difficult to eradicate is that it attaches as a 'Search Assistant', but you don't find any helpful 'plain text' showing that -- you will get a 'hit' by searching on the 'ID', so you will know to delete that key-value entry. ############################### Solution 1. Here is one recommend solution: Open your browser so you'll will see (automatically) the startpage "about:blank" Now go UP TOP to the "view source" option of your browser. It will be right on top. Look for a string that looks like this: res://%44%3a%5c%57%49%4e%44%4f%(etc,), highlight and right click and copy, save in word, or Notepad. Make a copy of this complete string (control c) and go to: http://www.simplelogic.com/Developer/URLDecode.asp Paste the string in here and press on "clean data". Now a ***.dll file appears... above, now you see what it is named and what file it is in. Go to the directory where it's in (windows/system32) and activate "show hidden files" in this directory. Close all applications. Removing the dll file is not possible, but you can rename it, so do that! Restart, and ta-daa! Solution 2. Alternate to about: blank I attempted many solutions that turned out to be temporary. But now, I'm free at last, thank God I'm free at last from the horror. The hidden culprit (using Windows XP Pro) that keeps re-infecting the machine is the registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs You need to remove it. Some folks say to change the registry key value to random characters using the free “reglite” utility (which may work as well) but I removed the key. The value of the key is hidden and causes Windows to load the trojan DLL every time any application is run. The way to remove the registry key is not obvious. If you just delete it from regedit, the trojan DLL will undo your handy work. Here's what worked for me: 1. Rename the HKEY_L_M\Software\Microsoft\Windows NT\CurrentVersion\Windows folder to Windows2. 2. delete the AppInit_DLLs key under the Windows2 folder. 3. Rename the Windows2 folder back to Windows. Now that AppInit_DLLs is gone, run your favorite spyware/adware utilities such as Adaware 6, CWShredder, and “HijackThis”. I also run Norton Utilities, which helps if you don't trust your instincts for repairing registry files. Remember, I'm not a geek and just want to use computers & software rather than reinvent them from the ground up. 4. Reboot your machine. Your computer should be free at last. Solution 3. to about: blank From cleaning several systems it appears that the names of the garbage .dll files are ALWAYS different, so there is no such thing as a "common" name and there is no point to search for it based on somebody else's findings. Everything must be done manually (takes about 5 mins total). The thing is that the .dll which is "responsible" for creating .tmp, .html, registry entries, etc. cannot be deleted or moved without "removing" it from the memory (same thing goes for the "Spybot" programs, they are not able to do it, they do clean the registry and such, but files remain and restore everything after "cleaning"). So, the only thing that can be done is to remove it from the registry start-up "entries" so that next time the OS boots up, it will not "read" the file into the memory as a necessary system process. In order to do that, look for any .dll files created at the time frame of "infection" in the system32 (or winnt, or windows) and search for them in registry from the beginning renaming them each time it is found by adding couple of "00" at the beginning of the filename (or end, or something you like, but it nice to be able to search for them after wards and delete the keys as well); (for example I search for "ghm" and "ghm.dll" can be renamed to "00ghm.dll"). There can be more than 10 entries (as the hacking programmers are smart people as we are), so just keep on going until ALL entries/keys/values are renamed (not deleted). Reboot at once, after the reboot, attempt to delete those .dll files; if they are possible to delete, your PC is "cured" - till next time. -:) You may delete "HKEY_USERS\blahblahblah_NUMBERS\Software\Microsoft\Internet Explorer\"Main" key to start "fresh" and change all the settings from default to whichever you like. And you can run spybot programs to prevent (some of) the "intrusions" in the future. PS: I could be more detailed, but it is supposed to be a little hint on how to fight the software with naked hands ;) PSS: Forgot to mention the “Temp” directory must be cleared after reboot as well. And if it is not helping, start over with a different .dll name (add another 5 minuten). -:) Solution 4. to about: blank (Win 98) Here is how to remove about:blank in Windows 98: This technique uses a scalpel, not a machete. No essential system files will be accidentally deleted. The task is to find the hidden file that regenerates the CWS infection after CWS Shredder, Adaware, Spybot, and ““HijackThis”” have removed the visible symptoms. 1. Make sure that Windows Explorer is set to display all hidden and system files: go to Tools > Folder Options > View and click the button for Show All Files. 2. Run Adaware. Make sure you instruct it to scan your \Windows, \Program Files, and \My Documents folders. Then run Shredder. Remove every suspicious thing they find. 3. Next take your computer offline — unplug your modem, whatever. No Web connection. 4. Run the Windows utility "System Information." It's on your Start Menu under System Tools, or just click Start>Run and on the command line type msinfo32. 5. Expand the Software Environment section, and select System Hooks. 6. If you are infected with CWSearchx, you will see a suspicious file there. Hook type "Windows Procedure." File name will be a nonsense string of characters, ending in .dll. The dll Path will be \Windows\System. WRITE THE NAME OF THIS FILE DOWN. 7. Close MS Info. Open Windows Explorer, go to \Windows\System and look for this file. IF YOU CAN SEE IT, IT'S THE WRONG FILE. But if you can't see it, this is the one. 8. Shut down, and reboot into Command Prompt Safe Mode. On the C:\ command line, type cd\Windows\System. 9. Once inside \Windows\System, type dir, a space, and the name of the file you wrote down. (like this: dir ghyth.dll). When the file shows up, take a look at its size. It will probably be 57,344 bytes. 10. Type ren, a space, and the name of the file you wrote down, and then a new name for the file. (like this: ren ghyth.dll ghyth.bob). Make sure you change the extension of the file from .dll to something else. Do not delete the file. 11. Restart your computer in Windows Safe Mode. Windows may complain that it can't find the .dll, but click OK and keep going. 12. Once in Safe Mode, run Adaware again. This time it will find the renamed file in your System folder and will identify it as CWS. If it does, have Adaware delete it. 13. Run Shredder, Spybot, and ““HijackThis”” for good measure. Clean house. 14. Reconnect your Internet connection and restart Windows normally. Reset your IE home page to whatever you want. You're done. Solution 5. to about: blank (Win 98) For Win98 user, this is how I did. For the moment I can be say free from the about:blank. Restart you computer and don't open the internet explorer. 1) I go to registry and search for sp.html. (Start>Run>type "Regedit") 2) Try to look for the .dll just before the sp.html (ctrl+f) eg: c:/windows/system/tllib.dll\sp.html#28965 Don't delete it as it is no use to do it as each time you open IE, this key will be restored. 3) Go to Start>Find/Files or Folder, type in the filename. 4) Open it using Notepad. Save it as a tllib.Bob.txt (for safety purpose). 5) If you can see the Java script, delete all the Java script ONLY. If not mistaken it will be after the . Save it as tllib.dll . Then the Home Search startup page gone. 6) Download DllCompare.exe (search it from internet), Run it. Click Run Locate.com . Then click Compare. You will see the .dll files not belongs to Windows will be listed at below window. My scan is apiyt32.dll and tllib.dll. 7) Open the other file using step (3) and step (4). (Remember to save as different name for safety purpose) 8) I think your computer will prompt you that it is too large to open with Notepad and recommended you to open it with Wordpad. Click yes. 9) You will see code that you will not able to read. Type anything (eg: dsagdsgdfgfdsg) at the begining and add in each singer line with "sagftsvsafd" (or anything) to mess up the code. Save it as apiyt32.dll. 10) Goto registry again and search the other file (apiyt32.dll). Press F3 to find next until you see it stop at "Doc Find Spec MRU" folder under "Explorer" folder. I am suspecting this is what the spyware reinstall itself each time you deleted the their .dll files and deleted or renamed it key in registry. 11) Try to search every single name at Data column using Start>Fine>File and Folder. When you see the search result appear to be in Temporary Internet File folder, delete the whole file. (You will not able to see this folder using normal explorer. 12) Modify all Data by add in something in front (eg: oxmzo9an to BOBoxmzo9an). Just right click the Name (eg: a) and select modify. 13) Empty the recycle bin and restart you computer. Hope my way works for some of you who unable to use Rick method (because unable to see the res://%43%3a%5c....) Solution 6. to about: blank (professional) I am a professional technician who disinfects this virus (which is what I consider this) about 4-5 times a week. Here is what I have found: I agree with the person who said forget about the normal scanners. Spybot, Adaware, Spy Sweeper, any commercial Antivirus program. They are powerless against this insidious beast. There are many variants of this so there is no one size fits all: “Adware Away” is great for getting rid of the most common variant. This is the second one in their list of about:blank hijackers. It tells you to reboot and you better do it. Sometimes I have to do this two or three times. I then take a shotgun approach and run the removal for every variant of about:blank in “Adware Away”. I have seen up to 4 variants on one computer. Once this is done, do not open IE. Reboot the system. Change the start page manually and then try. If there are multiple profiles on the system, you may need to do this in every profile individually. “Adware Away”'s scanner tool is mediocre. I don't buy the program. It has a free 5 day trial and that’s enough to kill this beast. Once I get rid of this monster, I do a full scale assault of spyware using MWAVSCAN. (I let it delete what it can and print out a list of what it doesn’t delete and then I manually go and kill those files) Killbox to get rid of any files that are always in use. Log in as Administrator in Safe Mode. Make it show all hidden files and folders and delete the contents of the temp and temporary internet files directories for every user that has a profile. Run “HijackThis” and delete anything that looks suspicious (if you don’t know what that means, skip “HijackThis” and call a pro) Run a Winsock fix tool for the appropriate OS (WinsockXPfix for XP, WinsockFix for 2000, or w2fix for 9x) Reboot into normal mode and for the love of God don’t open IE to see if you are clean. From a CD (don’t touch IE to download them) install: Adaware Spybot Spyware Blaster Spysweeper (if the computer is old, I don’t use it. It’s a resource hog). Install them and update them, but DON'T RUN THEM. Go back to safe mode and run all but Spyware Blaster and delete what they find. Go back to normal and run Spyware Blaster and immunize Spybot. Install Firefox and use as your default browser; and only use IE for sites that require it. I recommend emailing the webmaster of such sites and telling them to fix their sites. These are powerless against about:blank coming back. Prevention means careful web browsing. Solution 7. to about: blank - comparison of free programs After searching the answers in this forum, I decided to try things that would not be difficult or mess up my computer since I'm not a computer expert. I only wanted to try recommended programs from legitimate companies or sources, so I looked at what was recommended here in this forum and cross-checked for recommendations from computer sites such as CNET. (www.download.com), and others. This is what did and didn't work: I downloaded CWS Shredder from Merijn.org, then the updated version from the company that bought it, Trend Micro Incorporated. Neither version caught it at first, but did subsequently. I kept it and still use it. I also downloaded SpyDoctor, but could only do a scan. It said I had over 1900 infections but I would have to register and pay to clean. A waste of time. I uninstalled that program. I installed Spybot Search and Destroy, a free program, and that found and cleaned many bad things off my computer. It also found CWS infections but could not fix, but at least I knew about them and where they were found in my files and printed them out. I think this is a great program to use with the others. I kept it and still run it. I then tried Avast! First trying the virus cleaner which didn't find anything, then I downloaded Avast! version 4.6 Home Edition (also free) and tried it. It found and fixed several more infections. However about blank was still there. This program runs in real-time and has since stopped several attacks on my computer. Again, highly recommended, and it's FREE. I kept it and continue to use it. What finally FIXED the problem was the Microsoft Antispyware (Beta) program. I was able to change my home page back and have not had about:blank since. Between running these programs, I still ran CWS Shredder (current version) and it did find one CWS infection and fixed it. I also ran Spybot again and it found only one CWS it couldn't fix. I noted the location and went there. It was a text file and I deleted it. I have been free of about blank, but I still get pop-ups although less than I was getting before. Still getting a few pop-ups, (mostly from illegitimate "antispyware" companies that want to put spyware onto my computer) but now I've been clean from CWS and about blank for several days and have been running these programs regularly. Next I'll try using Firefox instead of Internet Explorer. I recommend at least downloading Microsoft AntiSpyware (Beta), Avast! 4.6 Home Edition, and Spybot Search and Destroy. They're all FREE and they worked for me. More input on about:blank (each dot-point appears to be from a separate person) You can find the programs that cause this by clicking Start > Search > All files and folders, and then typing in ngqanbpc. There are two programs buried in Windows. One runs continuously and replicates the other when you try and delete it. If you have a Windows version that allows you to do a system restore to an earlier date before infection, that will work. Click Start > All programs > Accessories > System tools > System restore, and follow the instructions. The solution for this problem is quite simple and quite difficult at the same time. If you know exactly when the about:blank problem first arose then you should look for any file created in that time frame and remove them. I had this problem between Friday, May 7, 2004 and Saturday, May 8, 2004, so I searched for any file created during this period and removed them. I am able to get rid of the problem! To do this, go to Find, and do an advanced search and specify the dates and search for all files and folders during that date. If you are sure that you did not install in vital programs or updated your operating system during that period, then delete all these files, otherwise, your problem will be very complex because you might delete vital system files and corrupt your operating system. To get rid of the about:blank and IE virus run these for real "freeware.": (a) cwschredder, (b) adaware 6.0, (c) spybot, (d) hijacker. To remove about: blank: Go to google, type Avast Antivirus software. It is free software for home users. Much better than Norton or McAfee as well. Please give them an honest email, and info and feedback - great company. Open Avast Anti Virus. Then Right click on mouse and go to Schedule Boot scan. Restart your computer. Delete everything that it finds. Eventually the scan will delete everything and once you start your computer you will not see anymore pop ups or about: blank. It worked for me. Make sure you back up important things first before you do it. You should not have a problem this is just in case. Once you do it, give Avast a good name and spread it to friends so they don't waste money on Norton. I did as follows (on an XP Pro with about:blank): run spybot S&D and then your anti virus software on the boot disk where IE is installed (I use the freeware AntiVir SW). Then find the about:blank entry in the registry and remove the entry (under MS IE somewhere). Then reboot into safe mode and run the anti virus SW again. This steps fixed my problem anyway. Start spywareblaster. click tools. about:blank appears. replace about:blank with the path of your preferred start page you have before:like for example http://www.microsoft... Make the same thing (if they are other entries) with your prefered start page. If you have suffered with this infection even for a short time, you've discovered CWShredder and ““HijackThis”” by now. I find these essential to detect and remove files associated with About Blank. Neither or both offer a permanent solution. You must also do something about the hidden registry key. about:blank is a CWS variant and not removed easily. I tried everything until this program worked for me: spychecker.com The DLL is under windows/system32 and always has different names. BUT it is always 31KB, at least it was the case for me. McAfee ViruScan was able to remove it, but it renewed itself and I suffered from it for a long time until the new version (updated) of ViruScan removed it again. The FIRST time it was able to remove it, it also removed something named load.exe (or a similar obvious name) from windows directory, and ALSO from "downloaded program files" an html page that contains java code. So this thing has like three different files going on. I hope this helps. There is also some file called wpa.dbl which almost always has the same date as the dll in system32 directory. I don't know if it's related. CWShredder 1.59 helped after having tried several other downloads in vain. The hidden file name for me was "hdpd.dll" (Windows 2000). I renamed it, and it seems to be working (but I am skeptical). Spysweep (which I bought!) couldn't fix it, Norton (which I bought) didn't have a fix except to reset my home page or change the reg (gone down that path before), and spybot never detected it. Like Rick said, the date of the file was about the same time I started having the problem (for me 6/28/04). I think there is only one problem with this solution. I think(?) my home page is a bit slower on the load, since the files are still there, but not being used (?). I could be wrong though. I got about:blank a couple of weeks ago and managed to delete it myself with use of regedit and AdAware. I got it again yesterday and cold not delete it at all using any of the fixes posted (that talk about two files to delete, one of which is not there in the latest incarnation of about:blank) until I found Rick's which works great, although I would also use regedit to remove any references to about: blank and the files "sp.html" in both Main and Search sections of all three user sections. I tried the following in Win95 Second Edition and got rid of this crap: - Download Ad- Aware 6.0 - Download the last update of Reference File 01R330 07.07.2004 - Scan the computer - Clean all Temp, Temporary Internel Files, History etc. - The annoying homepage never showed up again! I've tried many fixes posted on Forums and none of them seem to have worked. What finally did it for me was doing a search in the registry for "about:blank" (excluding parentheses). I deleted all string values that it found which had "about:blank". Most of them were added by Search toolbars. (if you compare from the registry from another computer, you'll know what's not a standard entry). Once you've deleted all the strings, then reboot. Problem should be resolved. Adaware/Spybot would not work to disable the about:blank problem but were useful after using the fix to cleanup the sp.html files left in various tmp folders. I'm using Win98SE. I booted to safe mode, with a command prompt, and was then able to delete the actual file. Mine was called bapbija.dll, though obviously this doesn't matter. "About:blank" pop-ups: I got lucky tonight! 1. Restart Computer under MS DOS. 2. Delete the windows\cookies\index.dat file. 3. Hope windows restores an older (pre-virus) version. 4. Or copy the Windows\cookies\index.dat file from someone elses non-infected computer and overwrite your infected windows\cookies\index.dat file. Close all windows. Click on find - files and folders. type in: icfc.dll; windows will find this file. Delete it. Open browser and go to a page you like. select that page as your default page; close the browser and you’re done. Note: I have very little computer know-how. this worked for me but I have no idea what it will do to your computer. It didn't hurt mine! Here is what I did: Install “Adware Away” - an Anti Virus program (available at adwareaway.com) that can be downloaded free. It is specifically tailored to remove about:blank. I guess what the program does is do, without manual intervention, some or all of the steps indicated by our good friends on this page and site. I got "about:blank" on my PC about a week ago and it took me almost an hour to remove it. The process was easy once I worked it out. Step 1: In Windows Explorer, Click "Tools", "Folder Options" and the "View" tab. Step 2: Click "Show hidden files and folders", "Apply" and "OK". Step 3: Go to "C:\WINNT\SYSTEM32" and sort the files by "Modified". Look for new .DLL files and delete the funny ones that appeared at the time the PC was infected. One file will not delete. Step 4: From a command prompt, enter the following: "regsvr32 /s /u C:\\WINNT\\system32\\filename.dll" where "filename" is the name of the spurious .DLL file. Step 5: In internet explorer, re-set your homepage to whatever you like. It worked for me. I only found this page of fixes when I decided if this problem was bugging anyone else. AdwareAway got rid of the "about:blank" problem. I contacted my local retailer, he suggested buying "SpySweeper" from webroot.com. (1 year for $29.95), Which I did. It discovered additional spyware problems. In one day it also additionally discovered 4 more and 12 traces?. [About:Blank came back] In yesterday's mail Consumers Report(Sept 2004) had a report on various programs. A free one is lavasoftusa.com. BUT! BUT I guess it is pretty obvious you need a subscription to whatever program you have, just like a virus one. Found this on another forum when I had about blank spyware and it worked for me. Ok. I've been frustrated with this for some time but this is all I've found that worked. Download Win patrol and under IE Helpers you should find a little .dll file. On mine it was called dapg.dll. Search for this file in windows. When the file appears it thinks the file is an important system file. To change this right click on the file and select open with. From your selections choose word-pad and press ok. When the file opens select all the text and delete it and then press save. (Note: It will not allow you to save if you still have search box open.) Then go back and search for the file again. This time you should be able to right click on it and delete it. Remove it from your recycle bin and you’re good to go. First, let me say I'm not a novice user, but am not an expert either. Probably somewhere in the middle. I'm running XP Home edition and my about:blank was also hijacking IE to the oz.msie.tv page and my Start Page, Search Page, Search Bar and Search Assistant keys were constantly under attack, which I tried to control with Ad-Watch. I attempted cleanup with Norton, McAfee Stinger, Spybot, Ad-aware, ““HijackThis””, and AboutBuster, none of them worked. I refused to BUY anything that had CWS in the title, such as "CWShredder" and "CoolWWWSearch Smartkiller". Here's what worked for me: I downloaded a different browser -- Mozilla Firefox (free) -- and removed Internet Explorer from my computer. The new browser works every bit as good as Explorer and I haven't had the about:blank problem since. I tried many solutions explained here. But none of them worked. I finally managed to get rid of this "about:blank" with a tool from Neuber called "Security task Manager". You can try it free during 30 days. This tool showed me all running tasks with a "spy risk rate". I found 1 or 2 unknown processes in the top of the list. I put them in quarantine (a function of the Security task manager) which means that they are stopped and removed from the auto-start apps (registry key) and deleted from the original directory (c:/windows in my case). After that I scanned my computer with SpyBot S&D that found some spyware and cleaned them. I then reboot and I re-specify my original start page in IE. At last, no more pop-up and the start-page stays! No more problems. First of all I run “HijackThis” every time I get online as well as Adaware and Spybot, I also have Spywareblaster and SpywareDoctor. I had no luck with “HijackThis” and About.Blank everytime it would fix the problem it came back. For those of you who are computer savvy enough, here's what I did (Win 2000). There is a file called spoolsrv32.exe that loads into your system32 folder it will not delete or erase it is protected by a hidden dll file in the registry. At first my system was hijacked by a black screen on my desktop with a link to some page claiming to solve my problem. Don't click on it or you will have a harder time getting rid of this problem. At first my system wouldn't even log on when I turned it on, I finally was able to get to the logon prompt and immediately changed my admin password. This allowed me to get back in to my system. I booted up into safe mode and went to the file spoolsrv32.exe and deleted it. Once I rebooted into standard mode the system red flaged and said it couldn't find the file. I then went in to my registry using regseeker and deleted all entries with the file name spoolsrv32.exe my systerm acted fine and I got my home page back on track until I tried to run my Windows Media Player. The problem started all over again. It seems the trojan/worm attacks the media system (I usually don't but I recommend updating all patches to Win2k from Microsoft) I uninstalled my media player, deleted all files having to do with it and reinstalled fresh. All is well now. This worm/trojan is hell and regenerates itself if you don't find all the files it creates, the longer you wait the harder it is. I think all people who create such horrors should be sent to an island with no electricity where there is no technology short of a stone ax and forced to live that way for the rest of their lives. Sounds like you have the horrible about:blank virus that I finally "killed" after a week of torture. The home page continuously changes to an "about:blank" even if you manually set your home page via the internet options. I ran (many, many times) the Avast, McAfee, shredder, etc to no avail. However, I noticed the McAfee virus scan consistently indicated that all but one virus had been deleted. At wits end, I jotted the file's name and searched for it. Once the file was located, I renamed the file and then deleted it. It worked! If that's what's happening to you, try the following: 1) Run a virus scan to locate the file(s) that were not deleted during the scan 2) Write the file name as shown in the scan; it may end with .dll 3) Go to start, search file or folder, and search for the file name indicated from the scan. 4) Once located, right click and rename it to something like "virus". 5) Right click the new name and delete the file. If more than one file is shown as undeletable, you must go through this procedure for each file. I somehow "contracted" this annoying little bugger about 3 months ago. I had never been the victim of a computer virus or spyware program before this one, and man, never again. I immediately purchased and installed mega-protection from these things -- firewall, pop-up blockers, spyware protection, the works. Over the past weekend I FINALLY rid my computer of it. I was about 30 seconds away from giving up and just doing a complete re- image of my computer. Thank God for “Adware Away”. It worked for me. But not before I purchased and tried Spyware Doctor - a total waste of time. Didn't even come close to fixing the problem - even after speaking with Customer support. And Adware didn't work on the first go around for me either. But I called them too. They emailed me back a custom solution. I performed a Global Scan, sent the log (C:\Program Files\”Adware Away”\overall.log) in an email to Submit2@AdwareAway.com. They sent me back a custom removal script which I ran and miraculously, the about:blank spyware was deleted. I seriously almost did a cartwheel in my living room, I was so excited. If I had gone through with the re-image and it still was there, I was seriously just gonna scrap my computer and buy a new one. That's how frustrated I was with this ANNOYING problem. I consider myself to be relatively intelligent when it comes to computers, but all of the suggestions on this site to manually remove the infected files were like reading Greek to me. I had no chance to pull off a manual removal. If you have this problem, do yourself a favor and spend the $30 and buy “Adware Away”. It worked for me, and it might work for you too. BEWARE OF “ADWARE AWAY”: this is why -- I tried “Adware Away” to ty to remove About:Blank on the recommendation of many in this forum. It appeared that it worked and I got the "successful" message as stated and the About:Blank homepage was gone. However, I still had pop-ups informing me that my computer was infected and prompting me to install anti-spyware (which is an infection in itself on the computer). Eventually, I got the About:Blank homepage back again. Then I tried the Solo Antivirus Scanner. It seems to have worked and, surprise, surprise, it informed me that the “Adware Away” software had installed a trojan horse in the “Adware Away” directory on my computer. In other words, be very careful about the anti-spyware you install on your computer. Some of them are actually just a front for installing more spyware! Do not download free virus scans (unless you can be sure it is reputable). I downloaded NoAdware (and a whole host of others) and they in fact gave me the about:blank virus and many others. They are just scams. You do not get anything for free (what do they have to gain). They make their money through Adware. This virus, while it has many forms, is most destructive as the "CoolWebSearch" version. Norton anti-virus can detect this and give instructions on how to remove it. The top answer is halfway there (if you do have the worst version of about:blank), you still need to clean up the registry, which is very tricky. I found the solution at Symantec.com (search for coolwebsearch). I had a slightly different version of this (SearchAssistant) and I went to the registry and removed anything that was related to the virus. PS: I had to laugh when I saw people promoting downloading the uninstaller from the culprit website (is this the "they completely ruined my browser the first time, surely they wouldn't do it again" argument). After working with our Corp. IT department for 4 hours and Microsoft Virus Support Dept for 1 hr, the top instructions fixed the problem in about 5 minutes. After rebooting, however, go back and delete the file you renamed.