Docstoc

Removing AboutBlank

Document Sample
Removing AboutBlank Powered By Docstoc
					Removing About:Blank
The following programs are all legitimate and safe to use. So, if they are mentioned in any solution,
then feel confident about using them:

Adaware
Spybot
Spyware Blaster
SmitRem      http://noahdfear.geekstogo.com/ (removal tool for Spyaxe, SpySheriff, etc)
HijackThis   http://www.merijn.org/files/hijackthis.zip (essential in finding spyware and trojans)
Ewido        http://www.ewido.net/en/download/ (recommended anti-malware/spyware program)
Killbox      http://killbox.clickhereformoreinfo.com/ (removes files not able to be deleted)

There are at least six suggested solutions (two are for Win 98) given in this document, plus some
hints and tips and comments on which “free” programs are reliable. I suggest you read all the
solutions for Win XP/2000 before attempting removal.

Basically, the Trojan works by installing one or several files in your Windows folder. The files are
“.dll” types (which means that the last three letters of their name is that). In addition, the Trojan
installs lots of entries into the Registry and these cause the offending files to be re-created almost as
fast as you delete them.

Solutions to about:blank - new advice

Having spent the last 10 hours trying to rid my system of the about.blank problem, I wanted to
make a posting for two reasons:

1). The latest version of the tactic seems to have overcome some of the methods that were used to
find/fix the problem as it manifested itself previously. In particular there is no longer a section of
text in the source of the html page that is of the form "res://", so the technique previously used to
un-encode that information is no longer operable (as per Solution 1).

If you look at the registry entries that “HijackThis” identifies, you can find a URL for each of the
three bogus entries, and that does yield three downloadable files with names that suggest that they
can be used to uninstall the problem. All three files, are really the same, and, of course, they do not,
in fact, uninstall anything.

Nonetheless, the general trouble-shooting techniques listed at this very helpful site are sound.
Finding the bogus dll’s and registry entries is a necessary step to successful eradication.

2). The various 'sponsored' adware/spyware removal tools that you get from a Search may help you
find problems related to this one, but removal triggers the need to go from 'free' to 'paid'. Avast
seems to have a wonderful business practice in segmenting the marketplace between 'home' and
'business'. Unfortunately, I have W2K Server installed and their installation program refuses to deal
with my variant of the OS. Perhaps they make the reasonable assumption that W2K is not usually
found in a home -- even a home used as an office by a contractor. With all the layoff activity in
silicon valley, however, one of the things that frequently happens is that a company going through a
lay off or a shutdown sells off its computer assets. That is why there are quite a few 'homes' with
W2K Server installed. Perhaps Avast will reconsider the implementation of its policy.
So, the point of this item is simply to relay the fact that even if you are not running XP, it is
possible to finally remove all the erroneous 'stuff' with a combination of 'regedit', command line
searching in 'safe mode' and the helpful knowledge posted at this site.

As one hint, once you find the 'ID' of the offending software -- one of those imposing strings of
random digits that identify 'stuff' in the registry, you can select the string [including the curly
brackets] and do a search for it throughout the registry. I think one of the keys to the way that
the offending software has managed to become so difficult to eradicate is that it attaches as a
'Search Assistant', but you don't find any helpful 'plain text' showing that -- you will get a 'hit' by
searching on the 'ID', so you will know to delete that key-value entry.

                               ###############################

Solution 1. Here is one recommend solution:

      Open your browser so you'll will see (automatically) the startpage "about:blank"

      Now go UP TOP to the "view source" option of your browser. It will be right on top. Look
       for a string that looks like this: res://%44%3a%5c%57%49%4e%44%4f%(etc,), highlight
       and right click and copy, save in word, or Notepad.

      Make a copy of this complete string (control c) and go to:
       http://www.simplelogic.com/Developer/URLDecode.asp

      Paste the string in here and press on "clean data".

      Now a ***.dll file appears... above, now you see what it is named and what file it is in.

      Go to the directory where it's in (windows/system32) and activate "show hidden files" in this
       directory.

      Close all applications. Removing the dll file is not possible, but you can rename it, so do
       that!

      Restart, and ta-daa!

Solution 2. Alternate         to about: blank

I attempted many solutions that turned out to be temporary. But now, I'm free at last, thank God I'm
free at last from the horror.

The hidden culprit (using Windows XP Pro) that keeps re-infecting the machine is the registry key

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs

You need to remove it. Some folks say to change the registry key value to random characters using
the free “reglite” utility (which may work as well) but I removed the key. The value of the key is
hidden and causes Windows to load the trojan DLL every time any application is run.

The way to remove the registry key is not obvious. If you just delete it from regedit, the trojan DLL
will undo your handy work. Here's what worked for me:
1. Rename the HKEY_L_M\Software\Microsoft\Windows NT\CurrentVersion\Windows folder to
Windows2.

2. delete the AppInit_DLLs key under the Windows2 folder.

3. Rename the Windows2 folder back to Windows.

Now that AppInit_DLLs is gone, run your favorite spyware/adware utilities such as Adaware 6,
CWShredder, and “HijackThis”. I also run Norton Utilities, which helps if you don't trust your
instincts for repairing registry files. Remember, I'm not a geek and just want to use computers &
software rather than reinvent them from the ground up.

4. Reboot your machine. Your computer should be free at last.

Solution 3. to about: blank

From cleaning several systems it appears that the names of the garbage .dll files are ALWAYS
different, so there is no such thing as a "common" name and there is no point to search for it based
on somebody else's findings.

Everything must be done manually (takes about 5 mins total).

The thing is that the .dll which is "responsible" for creating .tmp, .html, registry entries, etc. cannot
be deleted or moved without "removing" it from the memory (same thing goes for the "Spybot"
programs, they are not able to do it, they do clean the registry and such, but files remain and restore
everything after "cleaning"). So, the only thing that can be done is to remove it from the registry
start-up "entries" so that next time the OS boots up, it will not "read" the file into the memory as a
necessary system process.

In order to do that, look for any .dll files created at the time frame of "infection" in the system32 (or
winnt, or windows) and search for them in registry from the beginning renaming them each time it
is found by adding couple of "00" at the beginning of the filename (or end, or something you like,
but it nice to be able to search for them after wards and delete the keys as well); (for example I
search for "ghm" and "ghm.dll" can be renamed to "00ghm.dll"). There can be more than 10 entries
(as the hacking programmers are smart people as we are), so just keep on going until ALL
entries/keys/values are renamed (not deleted). Reboot at once, after the reboot, attempt to delete
those .dll files; if they are possible to delete, your PC is "cured" - till next time. -:)

You may delete "HKEY_USERS\blahblahblah_NUMBERS\Software\Microsoft\Internet
Explorer\"Main" key to start "fresh" and change all the settings from default to whichever you like.
And you can run spybot programs to prevent (some of) the "intrusions" in the future.

PS: I could be more detailed, but it is supposed to be a little hint on how to fight the software with
naked hands ;)

PSS: Forgot to mention the “Temp” directory must be cleared after reboot as well. And if it is not
helping, start over with a different .dll name (add another 5 minuten). -:)

Solution 4. to about: blank (Win 98)

Here is how to remove about:blank in Windows 98:
This technique uses a scalpel, not a machete. No essential system files will be accidentally deleted.
The task is to find the hidden file that regenerates the CWS infection after CWS Shredder,
Adaware, Spybot, and ““HijackThis”” have removed the visible symptoms.

1. Make sure that Windows Explorer is set to display all hidden and system files: go to Tools >
Folder Options > View and click the button for Show All Files.

2. Run Adaware. Make sure you instruct it to scan your \Windows, \Program Files, and \My
Documents folders. Then run Shredder. Remove every suspicious thing they find.

3. Next take your computer offline — unplug your modem, whatever. No Web connection.

4. Run the Windows utility "System Information." It's on your Start Menu under System Tools, or
just click Start>Run and on the command line type msinfo32.

5. Expand the Software Environment section, and select System Hooks.

6. If you are infected with CWSearchx, you will see a suspicious file there. Hook type "Windows
Procedure." File name will be a nonsense string of characters, ending in .dll. The dll Path will be
\Windows\System. WRITE THE NAME OF THIS FILE DOWN.

7. Close MS Info. Open Windows Explorer, go to \Windows\System and look for this file. IF YOU
CAN SEE IT, IT'S THE WRONG FILE. But if you can't see it, this is the one.

8. Shut down, and reboot into Command Prompt Safe Mode. On the C:\ command line, type
cd\Windows\System.

9. Once inside \Windows\System, type dir, a space, and the name of the file you wrote down. (like
this: dir ghyth.dll). When the file shows up, take a look at its size. It will probably be 57,344 bytes.

10. Type ren, a space, and the name of the file you wrote down, and then a new name for the file.
(like this: ren ghyth.dll ghyth.bob). Make sure you change the extension of the file from .dll to
something else. Do not delete the file.

11. Restart your computer in Windows Safe Mode. Windows may complain that it can't find the
.dll, but click OK and keep going.

12. Once in Safe Mode, run Adaware again. This time it will find the renamed file in your System
folder and will identify it as CWS. If it does, have Adaware delete it.

13. Run Shredder, Spybot, and ““HijackThis”” for good measure. Clean house.

14. Reconnect your Internet connection and restart Windows normally. Reset your IE home page to
whatever you want. You're done.

Solution 5. to about: blank (Win 98)

For Win98 user, this is how I did. For the moment I can be say free from the about:blank.

Restart you computer and don't open the internet explorer.

1) I go to registry and search for sp.html. (Start>Run>type "Regedit")
2) Try to look for the .dll just before the sp.html (ctrl+f)

eg: c:/windows/system/tllib.dll\sp.html#28965

Don't delete it as it is no use to do it as each time you open IE, this key will be restored.

3) Go to Start>Find/Files or Folder, type in the filename.

4) Open it using Notepad. Save it as a tllib.Bob.txt (for safety purpose).

5) If you can see the Java script, delete all the Java script ONLY. If not mistaken it will be after the
. Save it as tllib.dll . Then the Home Search startup page gone.

6) Download DllCompare.exe (search it from internet), Run it. Click Run Locate.com . Then click
Compare. You will see the .dll files not belongs to Windows will be listed at below window. My
scan is apiyt32.dll and tllib.dll.

7) Open the other file using step (3) and step (4). (Remember to save as different name for safety
purpose)

8) I think your computer will prompt you that it is too large to open with Notepad and
recommended you to open it with Wordpad. Click yes.

9) You will see code that you will not able to read. Type anything (eg: dsagdsgdfgfdsg) at the
begining and add in each singer line with "sagftsvsafd" (or anything) to mess up the code. Save it as
apiyt32.dll.

10) Goto registry again and search the other file (apiyt32.dll). Press F3 to find next until you see it
stop at "Doc Find Spec MRU" folder under "Explorer" folder. I am suspecting this is what the
spyware reinstall itself each time you deleted the their .dll files and deleted or renamed it key in
registry.

11) Try to search every single name at Data column using Start>Fine>File and Folder. When you
see the search result appear to be in Temporary Internet File folder, delete the whole file. (You will
not able to see this folder using normal explorer.

12) Modify all Data by add in something in front (eg: oxmzo9an to BOBoxmzo9an). Just right click
the Name (eg: a) and select modify.

13) Empty the recycle bin and restart you computer.

Hope my way works for some of you who unable to use Rick method (because unable to see the
res://%43%3a%5c....)

Solution 6. to about: blank (professional)

I am a professional technician who disinfects this virus (which is what I consider this) about 4-5
times a week. Here is what I have found:

I agree with the person who said forget about the normal scanners. Spybot, Adaware, Spy Sweeper,
any commercial Antivirus program. They are powerless against this insidious beast. There are many
variants of this so there is no one size fits all:
“Adware Away” is great for getting rid of the most common variant. This is the second one in their
list of about:blank hijackers. It tells you to reboot and you better do it. Sometimes I have to do this
two or three times.

I then take a shotgun approach and run the removal for every variant of about:blank in “Adware
Away”. I have seen up to 4 variants on one computer. Once this is done, do not open IE. Reboot the
system. Change the start page manually and then try. If there are multiple profiles on the system,
you may need to do this in every profile individually.

“Adware Away”'s scanner tool is mediocre. I don't buy the program. It has a free 5 day trial and
that’s enough to kill this beast.

Once I get rid of this monster, I do a full scale assault of spyware using MWAVSCAN.

(I let it delete what it can and print out a list of what it doesn’t delete and then I manually go and
kill those files)

Killbox to get rid of any files that are always in use.

Log in as Administrator in Safe Mode. Make it show all hidden files and folders and delete the
contents of the temp and temporary internet files directories for every user that has a profile.

Run “HijackThis” and delete anything that looks suspicious (if you don’t know what that means,
skip “HijackThis” and call a pro)

Run a Winsock fix tool for the appropriate OS (WinsockXPfix for XP, WinsockFix for 2000, or
w2fix for 9x)

Reboot into normal mode and for the love of God don’t open IE to see if you are clean. From a CD
(don’t touch IE to download them) install:

Adaware
Spybot
Spyware Blaster
Spysweeper (if the computer is old, I don’t use it. It’s a resource hog).


Install them and update them, but DON'T RUN THEM.

Go back to safe mode and run all but Spyware Blaster and delete what they find. Go back to normal
and run Spyware Blaster and immunize Spybot.

Install Firefox and use as your default browser; and only use IE for sites that require it. I
recommend emailing the webmaster of such sites and telling them to fix their sites. These are
powerless against about:blank coming back. Prevention means careful web browsing.

Solution 7. to about: blank - comparison of free programs

After searching the answers in this forum, I decided to try things that would not be difficult or mess
up my computer since I'm not a computer expert. I only wanted to try recommended programs from
legitimate companies or sources, so I looked at what was recommended here in this forum and
cross-checked for recommendations from computer sites such as CNET. (www.download.com), and
others. This is what did and didn't work:

I downloaded CWS Shredder from Merijn.org, then the updated version from the company that
bought it, Trend Micro Incorporated. Neither version caught it at first, but did subsequently. I kept it
and still use it.

I also downloaded SpyDoctor, but could only do a scan. It said I had over 1900 infections but I
would have to register and pay to clean. A waste of time. I uninstalled that program.

I installed Spybot Search and Destroy, a free program, and that found and cleaned many bad things
off my computer. It also found CWS infections but could not fix, but at least I knew about them and
where they were found in my files and printed them out. I think this is a great program to use with
the others. I kept it and still run it.

I then tried Avast! First trying the virus cleaner which didn't find anything, then I downloaded
Avast! version 4.6 Home Edition (also free) and tried it. It found and fixed several more infections.
However about blank was still there. This program runs in real-time and has since stopped several
attacks on my computer. Again, highly recommended, and it's FREE. I kept it and continue to use
it.

What finally FIXED the problem was the Microsoft Antispyware (Beta) program. I was able to
change my home page back and have not had about:blank since. Between running these programs, I
still ran CWS Shredder (current version) and it did find one CWS infection and fixed it.

I also ran Spybot again and it found only one CWS it couldn't fix. I noted the location and went
there. It was a text file and I deleted it.

I have been free of about blank, but I still get pop-ups although less than I was getting before. Still
getting a few pop-ups, (mostly from illegitimate "antispyware" companies that want to put spyware
onto my computer) but now I've been clean from CWS and about blank for several days and have
been running these programs regularly. Next I'll try using Firefox instead of Internet Explorer.

I recommend at least downloading
Microsoft AntiSpyware (Beta),
Avast! 4.6 Home Edition, and
Spybot Search and Destroy.
       They're all FREE and they worked for me.

More input on about:blank                     (each dot-point appears to be from a separate person)

      You can find the programs that cause this by clicking Start > Search > All files and folders,
       and then typing in ngqanbpc. There are two programs buried in Windows. One runs
       continuously and replicates the other when you try and delete it. If you have a Windows
       version that allows you to do a system restore to an earlier date before infection, that will
       work. Click Start > All programs > Accessories > System tools > System restore, and follow
       the instructions.

      The solution for this problem is quite simple and quite difficult at the same time. If you
       know exactly when the about:blank problem first arose then you should look for any file
       created in that time frame and remove them. I had this problem between Friday, May 7,
       2004 and Saturday, May 8, 2004, so I searched for any file created during this period and
    removed them. I am able to get rid of the problem! To do this, go to Find, and do an
    advanced search and specify the dates and search for all files and folders during that date. If
    you are sure that you did not install in vital programs or updated your operating system
    during that period, then delete all these files, otherwise, your problem will be very complex
    because you might delete vital system files and corrupt your operating system.

   To get rid of the about:blank and IE virus run these for real "freeware.":
    (a) cwschredder, (b) adaware 6.0, (c) spybot, (d) hijacker.

   To remove about: blank: Go to google, type Avast Antivirus software. It is free software for
    home users. Much better than Norton or McAfee as well. Please give them an honest email,
    and info and feedback - great company. Open Avast Anti Virus. Then Right click on mouse
    and go to Schedule Boot scan. Restart your computer. Delete everything that it finds.
    Eventually the scan will delete everything and once you start your computer you will not see
    anymore pop ups or about: blank. It worked for me. Make sure you back up important things
    first before you do it. You should not have a problem this is just in case. Once you do it,
    give Avast a good name and spread it to friends so they don't waste money on Norton.

   I did as follows (on an XP Pro with about:blank): run spybot S&D and then your anti virus
    software on the boot disk where IE is installed (I use the freeware AntiVir SW). Then find
    the about:blank entry in the registry and remove the entry (under MS IE somewhere). Then
    reboot into safe mode and run the anti virus SW again. This steps fixed my problem anyway.

   Start spywareblaster. click tools. about:blank appears. replace about:blank with the path of
    your preferred start page you have before:like for example http://www.microsoft... Make the
    same thing (if they are other entries) with your prefered start page.

   If you have suffered with this infection even for a short time, you've discovered
    CWShredder and ““HijackThis”” by now. I find these essential to detect and remove files
    associated with About Blank. Neither or both offer a permanent solution. You must also do
    something about the hidden registry key.

   about:blank is a CWS variant and not removed easily.

   I tried everything until this program worked for me: spychecker.com

   The DLL is under windows/system32 and always has different names. BUT it is always
    31KB, at least it was the case for me. McAfee ViruScan was able to remove it, but it
    renewed itself and I suffered from it for a long time until the new version (updated) of
    ViruScan removed it again. The FIRST time it was able to remove it, it also removed
    something named load.exe (or a similar obvious name) from windows directory, and ALSO
    from "downloaded program files" an html page that contains java code. So this thing has
    like three different files going on. I hope this helps. There is also some file called wpa.dbl
    which almost always has the same date as the dll in system32 directory. I don't know if it's
    related.

   CWShredder 1.59 helped after having tried several other downloads in vain.

   The hidden file name for me was "hdpd.dll" (Windows 2000). I renamed it, and it seems to
    be working (but I am skeptical). Spysweep (which I bought!) couldn't fix it, Norton (which I
    bought) didn't have a fix except to reset my home page or change the reg (gone down that
    path before), and spybot never detected it. Like Rick said, the date of the file was about the
    same time I started having the problem (for me 6/28/04). I think there is only one problem
    with this solution. I think(?) my home page is a bit slower on the load, since the files are still
    there, but not being used (?). I could be wrong though.

   I got about:blank a couple of weeks ago and managed to delete it myself with use of regedit
    and AdAware. I got it again yesterday and cold not delete it at all using any of the fixes
    posted (that talk about two files to delete, one of which is not there in the latest incarnation
    of about:blank) until I found Rick's which works great, although I would also use regedit to
    remove any references to about: blank and the files "sp.html" in both Main and Search
    sections of all three user sections.

   I tried the following in Win95 Second Edition and got rid of this crap: - Download Ad-
    Aware 6.0 - Download the last update of Reference File 01R330 07.07.2004 - Scan the
    computer - Clean all Temp, Temporary Internel Files, History etc. - The annoying homepage
    never showed up again!

   I've tried many fixes posted on Forums and none of them seem to have worked. What finally
    did it for me was doing a search in the registry for "about:blank" (excluding parentheses). I
    deleted all string values that it found which had "about:blank". Most of them were added by
    Search toolbars. (if you compare from the registry from another computer, you'll know
    what's not a standard entry). Once you've deleted all the strings, then reboot. Problem should
    be resolved.

   Adaware/Spybot would not work to disable the about:blank problem but were useful after
    using the fix to cleanup the sp.html files left in various tmp folders.

   I'm using Win98SE. I booted to safe mode, with a command prompt, and was then able to
    delete the actual file. Mine was called bapbija.dll, though obviously this doesn't matter.

   "About:blank" pop-ups: I got lucky tonight!
    1. Restart Computer under MS DOS.
    2. Delete the windows\cookies\index.dat file.
    3. Hope windows restores an older (pre-virus) version.
    4. Or copy the Windows\cookies\index.dat file from someone elses non-infected computer
    and overwrite your infected windows\cookies\index.dat file.

   Close all windows. Click on find - files and folders. type in: icfc.dll; windows will find this
    file. Delete it. Open browser and go to a page you like. select that page as your default page;
    close the browser and you’re done. Note: I have very little computer know-how. this worked
    for me but I have no idea what it will do to your computer. It didn't hurt mine!

   Here is what I did: Install “Adware Away” - an Anti Virus program (available at
    adwareaway.com) that can be downloaded free. It is specifically tailored to remove
    about:blank. I guess what the program does is do, without manual intervention, some or all
    of the steps indicated by our good friends on this page and site.

   I got "about:blank" on my PC about a week ago and it took me almost an hour to remove it.
    The process was easy once I worked it out.
    Step 1: In Windows Explorer, Click "Tools", "Folder Options" and the "View" tab.
    Step 2: Click "Show hidden files and folders", "Apply" and "OK".
    Step 3: Go to "C:\WINNT\SYSTEM32" and sort the files by "Modified". Look for new
    .DLL files and delete the funny ones that appeared at the time the PC was infected. One file
    will not delete.
    Step 4: From a command prompt, enter the following:
    "regsvr32 /s /u C:\\WINNT\\system32\\filename.dll" where "filename" is the name of the
    spurious .DLL file.
    Step 5: In internet explorer, re-set your homepage to whatever you like. It worked for me. I
    only found this page of fixes when I decided if this problem was bugging anyone else.

   AdwareAway got rid of the "about:blank" problem. I contacted my local retailer, he
    suggested buying "SpySweeper" from webroot.com. (1 year for $29.95), Which I did. It
    discovered additional spyware problems. In one day it also additionally discovered 4 more
    and 12 traces?. [About:Blank came back] In yesterday's mail Consumers Report(Sept 2004)
    had a report on various programs. A free one is lavasoftusa.com. BUT! BUT I guess it is
    pretty obvious you need a subscription to whatever program you have, just like a virus one.

   Found this on another forum when I had about blank spyware and it worked for me. Ok. I've
    been frustrated with this for some time but this is all I've found that worked. Download Win
    patrol and under IE Helpers you should find a little .dll file. On mine it was called dapg.dll.
    Search for this file in windows. When the file appears it thinks the file is an important
    system file. To change this right click on the file and select open with. From your selections
    choose word-pad and press ok. When the file opens select all the text and delete it and then
    press save. (Note: It will not allow you to save if you still have search box open.) Then go
    back and search for the file again. This time you should be able to right click on it and delete
    it. Remove it from your recycle bin and you’re good to go.

   First, let me say I'm not a novice user, but am not an expert either. Probably somewhere in
    the middle. I'm running XP Home edition and my about:blank was also hijacking IE to the
    oz.msie.tv page and my Start Page, Search Page, Search Bar and Search Assistant keys were
    constantly under attack, which I tried to control with Ad-Watch. I attempted cleanup with
    Norton, McAfee Stinger, Spybot, Ad-aware, ““HijackThis””, and AboutBuster, none of
    them worked. I refused to BUY anything that had CWS in the title, such as "CWShredder"
    and "CoolWWWSearch Smartkiller".

   Here's what worked for me: I downloaded a different browser -- Mozilla Firefox (free) --
    and removed Internet Explorer from my computer. The new browser works every bit as
    good as Explorer and I haven't had the about:blank problem since.

   I tried many solutions explained here. But none of them worked. I finally managed to get rid
    of this "about:blank" with a tool from Neuber called "Security task Manager". You can try it
    free during 30 days. This tool showed me all running tasks with a "spy risk rate". I found 1
    or 2 unknown processes in the top of the list. I put them in quarantine (a function of the
    Security task manager) which means that they are stopped and removed from the auto-start
    apps (registry key) and deleted from the original directory (c:/windows in my case). After
    that I scanned my computer with SpyBot S&D that found some spyware and cleaned them. I
    then reboot and I re-specify my original start page in IE. At last, no more pop-up and the
    start-page stays! No more problems.

   First of all I run “HijackThis” every time I get online as well as Adaware and Spybot, I also
    have Spywareblaster and SpywareDoctor. I had no luck with “HijackThis” and About.Blank
    everytime it would fix the problem it came back. For those of you who are computer savvy
    enough, here's what I did (Win 2000). There is a file called spoolsrv32.exe that loads into
    your system32 folder it will not delete or erase it is protected by a hidden dll file in the
    registry. At first my system was hijacked by a black screen on my desktop with a link to
    some page claiming to solve my problem. Don't click on it or you will have a harder time
    getting rid of this problem. At first my system wouldn't even log on when I turned it on, I
    finally was able to get to the logon prompt and immediately changed my admin password.
    This allowed me to get back in to my system. I booted up into safe mode and went to the file
    spoolsrv32.exe and deleted it. Once I rebooted into standard mode the system red flaged and
    said it couldn't find the file. I then went in to my registry using regseeker and deleted all
    entries with the file name spoolsrv32.exe my systerm acted fine and I got my home page
    back on track until I tried to run my Windows Media Player. The problem started all over
    again. It seems the trojan/worm attacks the media system (I usually don't but I recommend
    updating all patches to Win2k from Microsoft) I uninstalled my media player, deleted all
    files having to do with it and reinstalled fresh. All is well now. This worm/trojan is hell and
    regenerates itself if you don't find all the files it creates, the longer you wait the harder it is. I
    think all people who create such horrors should be sent to an island with no electricity where
    there is no technology short of a stone ax and forced to live that way for the rest of their
    lives.

   Sounds like you have the horrible about:blank virus that I finally "killed" after a week of
    torture. The home page continuously changes to an "about:blank" even if you manually set
    your home page via the internet options. I ran (many, many times) the Avast, McAfee,
    shredder, etc to no avail. However, I noticed the McAfee virus scan consistently indicated
    that all but one virus had been deleted. At wits end, I jotted the file's name and searched for
    it. Once the file was located, I renamed the file and then deleted it. It worked! If that's what's
    happening to you, try the following:
    1) Run a virus scan to locate the file(s) that were not deleted during the scan
    2) Write the file name as shown in the scan; it may end with .dll
    3) Go to start, search file or folder, and search for the file name indicated from the scan.
    4) Once located, right click and rename it to something like "virus".
    5) Right click the new name and delete the file. If more than one file is shown as
    undeletable, you must go through this procedure for each file.

   I somehow "contracted" this annoying little bugger about 3 months ago. I had never been the
    victim of a computer virus or spyware program before this one, and man, never again. I
    immediately purchased and installed mega-protection from these things -- firewall, pop-up
    blockers, spyware protection, the works. Over the past weekend I FINALLY rid my
    computer of it. I was about 30 seconds away from giving up and just doing a complete re-
    image of my computer. Thank God for “Adware Away”. It worked for me. But not before I
    purchased and tried Spyware Doctor - a total waste of time. Didn't even come close to fixing
    the problem - even after speaking with Customer support. And Adware didn't work on the
    first go around for me either. But I called them too. They emailed me back a custom
    solution. I performed a Global Scan, sent the log (C:\Program Files\”Adware
    Away”\overall.log) in an email to Submit2@AdwareAway.com. They sent me back a
    custom removal script which I ran and miraculously, the about:blank spyware was deleted. I
    seriously almost did a cartwheel in my living room, I was so excited. If I had gone through
    with the re-image and it still was there, I was seriously just gonna scrap my computer and
    buy a new one. That's how frustrated I was with this ANNOYING problem. I consider
    myself to be relatively intelligent when it comes to computers, but all of the suggestions on
    this site to manually remove the infected files were like reading Greek to me. I had no
    chance to pull off a manual removal. If you have this problem, do yourself a favor and spend
    the $30 and buy “Adware Away”. It worked for me, and it might work for you too.

   BEWARE OF “ADWARE AWAY”: this is why -- I tried “Adware Away” to ty to remove
    About:Blank on the recommendation of many in this forum. It appeared that it worked and I
    got the "successful" message as stated and the About:Blank homepage was gone. However,
    I still had pop-ups informing me that my computer was infected and prompting me to install
    anti-spyware (which is an infection in itself on the computer). Eventually, I got the
    About:Blank homepage back again. Then I tried the Solo Antivirus Scanner. It seems to
    have worked and, surprise, surprise, it informed me that the “Adware Away” software had
    installed a trojan horse in the “Adware Away” directory on my computer. In other words, be
    very careful about the anti-spyware you install on your computer. Some of them are actually
    just a front for installing more spyware!

   Do not download free virus scans (unless you can be sure it is reputable). I downloaded
    NoAdware (and a whole host of others) and they in fact gave me the about:blank virus and
    many others. They are just scams. You do not get anything for free (what do they have to
    gain). They make their money through Adware. This virus, while it has many forms, is most
    destructive as the "CoolWebSearch" version. Norton anti-virus can detect this and give
    instructions on how to remove it. The top answer is halfway there (if you do have the worst
    version of about:blank), you still need to clean up the registry, which is very tricky. I found
    the solution at Symantec.com (search for coolwebsearch). I had a slightly different version
    of this (SearchAssistant) and I went to the registry and removed anything that was related to
    the virus. PS: I had to laugh when I saw people promoting downloading the uninstaller from
    the culprit website (is this the "they completely ruined my browser the first time, surely they
    wouldn't do it again" argument).

   After working with our Corp. IT department for 4 hours and Microsoft Virus Support Dept
    for 1 hr, the top instructions fixed the problem in about 5 minutes. After rebooting, however,
    go back and delete the file you renamed.

				
DOCUMENT INFO
Shared By:
Categories:
Stats:
views:63
posted:2/19/2010
language:English
pages:12