B
Bt
Is Beta remove about : blank homepage. If it is how to
operate Beta? Please advise me, My computer is infected.
THX
BT
operate Beta? Please advise me, My computer is infected.
THX
BT
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
R
Robear Dyer, MS MVP
No one tool, including MS AntiSpyware Beta will fully remove 'About:Blank'
hijacker.
Help with Hijackware
http://aumha.org/a/parasite.htm
http://aumha.org/a/quickfix.htm
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/Darnit.htm
http://www.mvps.org/sramesh2k/Malware_Defence.htm
hijacker.
Help with Hijackware
http://aumha.org/a/parasite.htm
http://aumha.org/a/quickfix.htm
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/Darnit.htm
http://www.mvps.org/sramesh2k/Malware_Defence.htm
R
Ron Kinner
Pretty sure it hasn't a clue.
There is a German program called Spoonweg.exe which might
help.
http://lunatic-skydance.de/mr/soft/SpoonWeg.exe
It will start to download. Save it somewhere you can find
it again then Open it and say YES then Click on Trojaner-
Suchen. If it finds the version of about:blank that it is
meant to kill it will go and do it then reboot the PC.
Otherwise it will say Trojaner Spooner wird nicht gefunden.
Another German program is SpHjFix.exe.
http://www.trojaner-info.de/cgi-bin/download.cgi?
file=sphjfix
This one speaks English so just Press on Start Disinfection
If it doesn't find its target it will say Not Infected
across the top of the little window. Otherwise follow the
instructions.
Both of these probably run better in Safe Mode (F8 -
without Networking)
Finally if both of the above fail then try one of the
methods in:
http://www.pchell.com/support/aboutblank.shtml
Feel free to send me your HijackThis log. I can tell you
what to check and get rid of.
Ron Kinner MVP
rkinner AT att DOT net
" AT " = "@"
" DOT " = "."
There is a German program called Spoonweg.exe which might
help.
http://lunatic-skydance.de/mr/soft/SpoonWeg.exe
It will start to download. Save it somewhere you can find
it again then Open it and say YES then Click on Trojaner-
Suchen. If it finds the version of about:blank that it is
meant to kill it will go and do it then reboot the PC.
Otherwise it will say Trojaner Spooner wird nicht gefunden.
Another German program is SpHjFix.exe.
http://www.trojaner-info.de/cgi-bin/download.cgi?
file=sphjfix
This one speaks English so just Press on Start Disinfection
If it doesn't find its target it will say Not Infected
across the top of the little window. Otherwise follow the
instructions.
Both of these probably run better in Safe Mode (F8 -
without Networking)
Finally if both of the above fail then try one of the
methods in:
http://www.pchell.com/support/aboutblank.shtml
Feel free to send me your HijackThis log. I can tell you
what to check and get rid of.
Ron Kinner MVP
rkinner AT att DOT net
" AT " = "@"
" DOT " = "."
R
Robear Dyer, MS MVP
OT: Ron, could you post the URLs to some forum threads where these tools
have been used effectively? Thanks.
have been used effectively? Thanks.
B
Bill Sanderson
There's a poster, PYPC Dream (?) who's posted a full recipe for removing
About Blank using only Microsoft Antispyware and the facilities of the
OS--MSconfig, for example.
I can't spot the post at the moment, but it is interesting. I don't have
enough experience with these critters in general and that one specifically,
to have a clear sense of how those steps do the job--but it looks convincing
at this distance.
About Blank using only Microsoft Antispyware and the facilities of the
OS--MSconfig, for example.
I can't spot the post at the moment, but it is interesting. I don't have
enough experience with these critters in general and that one specifically,
to have a clear sense of how those steps do the job--but it looks convincing
at this distance.
R
Robear Dyer, MS MVP
It's now three days later. Does his fix still work? <eg>
B
Bill Sanderson
Actually, as far as I know, just scanning with Microsoft Antispyware in safe
mode works. Want to give me a hint via email where I can find the critter
to test with. I've still not got a working VM to test with, though.
mode works. Want to give me a hint via email where I can find the critter
to test with. I've still not got a working VM to test with, though.
R
Robear Dyer, MS MVP
Talk to Walter. <eg>
--
~Robear
--
~Robear
Bill said:Actually, as far as I know, just scanning with Microsoft Antispyware in
safe
mode works. Want to give me a hint via email where I can find the critter
to test with. I've still not got a working VM to test with, though.
B
Bill Sanderson
Well, the VM worked last night well enough to actually try it out.
I stuck "find warez and game cheats" in MSN search and went to the site that
looked most likely. Sure enough, it immediately and insistently asked me to
accept an ActiveX control. I didn't do that--figured that'd be being too
cooperative, but I did install the app they wanted me to which claimed to be
a peer-to-peer app of some sort (the site was in German, which I understand
not at all, so many of the prompts were incomprehensible to me!) I checked
out the downloaded installer for the p2p app via Virustotal, and three
vendors ID'ed it as a porn dialler. Sure enough, it (on my VM with no modem
running on a laptop with no phone wire plugged in) appeared to be all ready
to dial some no-doubt expensive numbers.
Microsoft Antispyware didn't make a peep, either during the install or in a
scan after the install.
I attempted a suspected spyware report, but it wouldn't work from the VM. I
played with the proxy settings under IE, and if I set IE to say there was a
proxy, but left the settings blank, it at least attempted to send, but
appeared to hang forever. Gave up.
So--first attempt at testing with a VM was interesting, but frustrating.
Found an app which should be detected, but no way to send the results in.
I stuck "find warez and game cheats" in MSN search and went to the site that
looked most likely. Sure enough, it immediately and insistently asked me to
accept an ActiveX control. I didn't do that--figured that'd be being too
cooperative, but I did install the app they wanted me to which claimed to be
a peer-to-peer app of some sort (the site was in German, which I understand
not at all, so many of the prompts were incomprehensible to me!) I checked
out the downloaded installer for the p2p app via Virustotal, and three
vendors ID'ed it as a porn dialler. Sure enough, it (on my VM with no modem
running on a laptop with no phone wire plugged in) appeared to be all ready
to dial some no-doubt expensive numbers.
Microsoft Antispyware didn't make a peep, either during the install or in a
scan after the install.
I attempted a suspected spyware report, but it wouldn't work from the VM. I
played with the proxy settings under IE, and if I set IE to say there was a
proxy, but left the settings blank, it at least attempted to send, but
appeared to hang forever. Gave up.
So--first attempt at testing with a VM was interesting, but frustrating.
Found an app which should be detected, but no way to send the results in.