E
Engel
about:blank is difficult to remove because different means
are used to hide the infecting file.
1 - Check the Services to see if a phantom Service has
been implemented Stop, then disable the Service from
running on Startup. Then attempt to rename the .dll file
in Normal mode, reboot to Safe Mode and delete it.
2 - Check the registry with Registrar Lite to see if
AppInit_DLLs has a hidden file. Here's a webpage that
describes how to use this method :
http://www.silentrunners.org/sr_cwsremoval.html
3 - See if you can view the hidden .dll files. A hidden
file may have been injected into one of these 2 processes -
Explorer.exe or IExplore.exe :
Download ProcessViewer : http://tools.zerosrealm.com/pv.zip
Extract it to the Desktop. Open the pv folder and double-
click "runme.bat".
A DOS box will open. Select Type 2 for Internet Explorer
Dll's and press Enter.
OR, Type 1 for Explorer Dll's.
Notepad will open with text in it. You'll need to know
exactly which file(s) needs to be deleted. Removing
required ones can render the system unstable.
Removing the file(s) requires using Hijack This or KillBox
to do so on a reboot. Best to let an expert at a spyware
forum assist you with this.
Get HijackThis.exe from
http://tomcoyote.org/hjt/hjt199//HijackThis.exe
Save it to C:\hjt (new folder) then Open it and select
Scan and Save Log. Note where you saved the log then send
it to Ron Kinner as an attachment. He can probably
identify the problem and tell you how to get rid of it for
good.
Ron email address. (e-mail address removed)
He will tell you what to do next. Put Hijack in the
subject so he will know it's not spam.
For information
HijackThis tutorial:
http://www.bleepingcomputer.com/forums/index.php?
showtutorial=42
If the malware problem comes back further specialised
assistance is available via the Hijackthis forum at
http://forum.aumha.org - make sure you read the top
announcements about pre-post steps you should take before
generating a hijackthis log.
http://www.bleepingcomputer.com/files/killbox.php
Here's a few of the reputable spyware forums where you'll
be able to find assistance. Please read the guidelines of
the one you choose prior to posting there :
http://www.bleepingcomputer.com/forums/forum22.html
http://forums.net-integration.net/index.php?showforum=32
http://forum.aumha.org/viewforum.php?f=30
http://spywarewarrior.com/viewforum.php?
f=2&sid=3ce3e4c9a40b25268d1bac3189d22184
http://computercops.biz/forum67.html
are used to hide the infecting file.
1 - Check the Services to see if a phantom Service has
been implemented Stop, then disable the Service from
running on Startup. Then attempt to rename the .dll file
in Normal mode, reboot to Safe Mode and delete it.
2 - Check the registry with Registrar Lite to see if
AppInit_DLLs has a hidden file. Here's a webpage that
describes how to use this method :
http://www.silentrunners.org/sr_cwsremoval.html
3 - See if you can view the hidden .dll files. A hidden
file may have been injected into one of these 2 processes -
Explorer.exe or IExplore.exe :
Download ProcessViewer : http://tools.zerosrealm.com/pv.zip
Extract it to the Desktop. Open the pv folder and double-
click "runme.bat".
A DOS box will open. Select Type 2 for Internet Explorer
Dll's and press Enter.
OR, Type 1 for Explorer Dll's.
Notepad will open with text in it. You'll need to know
exactly which file(s) needs to be deleted. Removing
required ones can render the system unstable.
Removing the file(s) requires using Hijack This or KillBox
to do so on a reboot. Best to let an expert at a spyware
forum assist you with this.
Get HijackThis.exe from
http://tomcoyote.org/hjt/hjt199//HijackThis.exe
Save it to C:\hjt (new folder) then Open it and select
Scan and Save Log. Note where you saved the log then send
it to Ron Kinner as an attachment. He can probably
identify the problem and tell you how to get rid of it for
good.
Ron email address. (e-mail address removed)
He will tell you what to do next. Put Hijack in the
subject so he will know it's not spam.
For information
HijackThis tutorial:
http://www.bleepingcomputer.com/forums/index.php?
showtutorial=42
If the malware problem comes back further specialised
assistance is available via the Hijackthis forum at
http://forum.aumha.org - make sure you read the top
announcements about pre-post steps you should take before
generating a hijackthis log.
http://www.bleepingcomputer.com/files/killbox.php
Here's a few of the reputable spyware forums where you'll
be able to find assistance. Please read the guidelines of
the one you choose prior to posting there :
http://www.bleepingcomputer.com/forums/forum22.html
http://forums.net-integration.net/index.php?showforum=32
http://forum.aumha.org/viewforum.php?f=30
http://spywarewarrior.com/viewforum.php?
f=2&sid=3ce3e4c9a40b25268d1bac3189d22184
http://computercops.biz/forum67.html