G
Guest
I am using a blank page for my home page. The address bar displays
"about:blank". Is this normal?
"about:blank". Is this normal?
G
Guest
The "about:blank" is part of the browser hijacker also called CWS. This is
not good. Last time I saw this on a computer I had to wipe the hard drive to
get rid of it.
It did not display a blank page on that computer when at home page.
Any other info you could relate?
not good. Last time I saw this on a computer I had to wipe the hard drive to
get rid of it.
It did not display a blank page on that computer when at home page.
Any other info you could relate?
J
Jan Il
Hi deerbuck 
This may be a newer variant of about: blank. Methods that previously
removed the previous variant may not have any effect on it. Try the
following and follow and instructions carefully to clean your system fully.
This variant replicates itself, thus, you must fully clean it from your
system. This coolwebsearch infection uses a hidden dll to reinfect, thus it
replicates itself over and over if not removed properly.
<<<<BE SURE TO FOLLOW ALL INSTRUCTIONS CAREFULLY>>>>
CAUTION!!!!!
Before you try to remove spyware using any of the programs below, download a
copy of LSPFIX from any of the following sites:
http://www.cexx.org/lspfix.htm
http://www.spychecker.com/program/winsockxpfix.html (if your OS is Win2k or
XP) The process of removing certain malware may kill your internet
connection. If this should occur, this program, LSPFIX, will enable you to
regain your connection.
Also, get a copy of WINSOCKFIX available at:
http://www.spychecker.com/program/winsockxpfix.html
IMPORTANT!!
RUN ALL PROGRAMS OFF LINE IN SAFE MODE AND SHOW HIDDEN
FILES. THEN REBOOT AND RUN THEM AGAIN TO BE SURE ALL FILES
ARE ACCESSED, DELETING ALL ITEMS DISPLAYED IN RED IN SPYBOT
HOW TO Restart in Safe Mode
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406
HOW TO Enable Hidden Files
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2002092715262339
About Buster
http://www.majorgeeks.com/download4289.html
CWShredder
http://www.majorgeeks.com/download4086.html
SpyBot Search & Destroy: Free
http://download.com.com/3000-8022-10289035.html?tag=lst-0-2
AdAware: Free
http://www.lavasoftusa.com/support/download/
HOW TO: Reconfigure Ad-aware for a Full Scan
http://forum.aumha.org/viewtopic.php?t=5877
HiJackThis:
Unzip the Download file in a NEW FOLDER that you can create before you start
the download.
DO NOT install in your Desktop folder.
DO NOT use any of the TEMP folders that are presently in your computer.
Double-click "HijackThis.exe" and Press "Scan".
Go to:
http://www.majorgeeks.com/download3155.html
and download HiJackThis to the new folder. Unzip to a folder other than your
Desktop or the Temp folder, doubleclick HiJackThis.exe, and hit "Scan".
When the scan is finished, the "Scan" button will change into a "Save Log"
button. Press that, save the log some place you remember where it is.
Most of what it lists will be harmless or even required, so DO NOT fix
anything yet.
Open the copy of your log in NotePad and make a copy. Then you can go to one
of the following to post your log:
<<PLEASE DO NOT POST YOUR LOG FILE TO THIS NEWSGROUP>>
Spyware and Hijackware Removal Support, here:
http://216.180.233.162/~swicom/forums/
or Net-Integration here:
http://www.net-integration.net/cgi-...86d536d57b5f65b6e40c55365e;act=ST;f=27;t=6949
or Tom Coyote here:
http://forums.tomcoyote.org/index.php?act=idx
You will need to register to open a new thread to post you log. It is free,
and no one will Spam you, it is one of many that provides this service. Once
registered, go to the HiJackThis section on the forum list and click to
open. Then start a new post and post your log. The experts there will
analyze the log and report back the results. Please allow at least a few
hours or a days time for a response, depending on when you post the log
Remember, you must return to the HJT site to get your answer. It is a good
idea to click the "Notify" box so that you will get an electronic
notification by e-mail to let you know when a response has been posted.
But, you must still return to the site of your answer
Finally, go to Windows Update and ensure that ALL Critical updates are
installed.
If the above does not resovle the problem, then it may be a more recent
variant so go to the next step and follow all instructions carefully:
New ABOUT:BLANK CWS variant removal tool:
Like any disinfection procedure, it's a bit risky - it deletes an important
registry key and subsequently restores a revised version. If something goes
wrong, your PC may no longer work normally.
YOU USE THIS PROCEDURE AT YOUR OWN RISK!
Download Registrar Lite 2.0, install it and run it.
http://www.majorgeeks.com/download469.html
http://www.softpedia.com/public/cat/12/5/12-5-21.shtml
Navigate to this key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
(note...should be all on one line)
and look at the AppInit_Dlls value.
Write down the name of the DLL file that's displayed!
(If you see several values separated by commas or spaces, which is unlikely,
use Windows Explorer to search for each one in the Windows\System32 or
Winnt\System32 directory. The one you can't find is the one to remember!)
Exit Registrar Lite.
Download and run this script. It will delete the CWS AppInit_Dlls value and
reboot Windows. After the reboot, the shield-DLL file is still on the hard
disk, but it's no longer a threat to your PC.
http://www.silentrunners.org/CWS Shield Dropper.vbs
Download Silent Runners here:
http://www.silentrunners.org/Silent Runners.vbs
Run it and look at the list of Browser Helper Objects. One of them will have
a strange name. Write down the the file name (including the full path)!
(If you're not sure which BHO was installed by CWS, reboot into Safe Mode
and follow steps 8-10 here. Commercial programs, such as PestPatrol, are
also available to identify and delete BHO pests.)
Download and run this script to delete the CWS shield-DLL and the BHO files.
No reboot will be required.
http://www.silentrunners.org/CWS File Cleaner.vbs
Reset your Internet Explorer home page. Your PC should now run normally.
If these steps do not resolve your problem, please post back to this thread
with the details and any error messages.
Hope this helps
Jan
Smiles are meant to be shared,
that's why they're so contagious.
Please reply to the newsgroup so others may benefit.
Replies are posted only to the newsgroup for the benefit or other readers.
How to make a good newsgroup post:
http://www.dts-l.org/goodpost.htm
This may be a newer variant of about: blank. Methods that previously
removed the previous variant may not have any effect on it. Try the
following and follow and instructions carefully to clean your system fully.
This variant replicates itself, thus, you must fully clean it from your
system. This coolwebsearch infection uses a hidden dll to reinfect, thus it
replicates itself over and over if not removed properly.
<<<<BE SURE TO FOLLOW ALL INSTRUCTIONS CAREFULLY>>>>
CAUTION!!!!!
Before you try to remove spyware using any of the programs below, download a
copy of LSPFIX from any of the following sites:
http://www.cexx.org/lspfix.htm
http://www.spychecker.com/program/winsockxpfix.html (if your OS is Win2k or
XP) The process of removing certain malware may kill your internet
connection. If this should occur, this program, LSPFIX, will enable you to
regain your connection.
Also, get a copy of WINSOCKFIX available at:
http://www.spychecker.com/program/winsockxpfix.html
IMPORTANT!!
RUN ALL PROGRAMS OFF LINE IN SAFE MODE AND SHOW HIDDEN
FILES. THEN REBOOT AND RUN THEM AGAIN TO BE SURE ALL FILES
ARE ACCESSED, DELETING ALL ITEMS DISPLAYED IN RED IN SPYBOT
HOW TO Restart in Safe Mode
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406
HOW TO Enable Hidden Files
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2002092715262339
About Buster
http://www.majorgeeks.com/download4289.html
CWShredder
http://www.majorgeeks.com/download4086.html
SpyBot Search & Destroy: Free
http://download.com.com/3000-8022-10289035.html?tag=lst-0-2
AdAware: Free
http://www.lavasoftusa.com/support/download/
HOW TO: Reconfigure Ad-aware for a Full Scan
http://forum.aumha.org/viewtopic.php?t=5877
HiJackThis:
Unzip the Download file in a NEW FOLDER that you can create before you start
the download.
DO NOT install in your Desktop folder.
DO NOT use any of the TEMP folders that are presently in your computer.
Double-click "HijackThis.exe" and Press "Scan".
Go to:
http://www.majorgeeks.com/download3155.html
and download HiJackThis to the new folder. Unzip to a folder other than your
Desktop or the Temp folder, doubleclick HiJackThis.exe, and hit "Scan".
When the scan is finished, the "Scan" button will change into a "Save Log"
button. Press that, save the log some place you remember where it is.
Most of what it lists will be harmless or even required, so DO NOT fix
anything yet.
Open the copy of your log in NotePad and make a copy. Then you can go to one
of the following to post your log:
<<PLEASE DO NOT POST YOUR LOG FILE TO THIS NEWSGROUP>>
Spyware and Hijackware Removal Support, here:
http://216.180.233.162/~swicom/forums/
or Net-Integration here:
http://www.net-integration.net/cgi-...86d536d57b5f65b6e40c55365e;act=ST;f=27;t=6949
or Tom Coyote here:
http://forums.tomcoyote.org/index.php?act=idx
You will need to register to open a new thread to post you log. It is free,
and no one will Spam you, it is one of many that provides this service. Once
registered, go to the HiJackThis section on the forum list and click to
open. Then start a new post and post your log. The experts there will
analyze the log and report back the results. Please allow at least a few
hours or a days time for a response, depending on when you post the log
Remember, you must return to the HJT site to get your answer. It is a good
idea to click the "Notify" box so that you will get an electronic
notification by e-mail to let you know when a response has been posted.
But, you must still return to the site of your answer
Finally, go to Windows Update and ensure that ALL Critical updates are
installed.
If the above does not resovle the problem, then it may be a more recent
variant so go to the next step and follow all instructions carefully:
New ABOUT:BLANK CWS variant removal tool:
Like any disinfection procedure, it's a bit risky - it deletes an important
registry key and subsequently restores a revised version. If something goes
wrong, your PC may no longer work normally.
YOU USE THIS PROCEDURE AT YOUR OWN RISK!
Download Registrar Lite 2.0, install it and run it.
http://www.majorgeeks.com/download469.html
http://www.softpedia.com/public/cat/12/5/12-5-21.shtml
Navigate to this key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
(note...should be all on one line)
and look at the AppInit_Dlls value.
Write down the name of the DLL file that's displayed!
(If you see several values separated by commas or spaces, which is unlikely,
use Windows Explorer to search for each one in the Windows\System32 or
Winnt\System32 directory. The one you can't find is the one to remember!)
Exit Registrar Lite.
Download and run this script. It will delete the CWS AppInit_Dlls value and
reboot Windows. After the reboot, the shield-DLL file is still on the hard
disk, but it's no longer a threat to your PC.
http://www.silentrunners.org/CWS Shield Dropper.vbs
Download Silent Runners here:
http://www.silentrunners.org/Silent Runners.vbs
Run it and look at the list of Browser Helper Objects. One of them will have
a strange name. Write down the the file name (including the full path)!
(If you're not sure which BHO was installed by CWS, reboot into Safe Mode
and follow steps 8-10 here. Commercial programs, such as PestPatrol, are
also available to identify and delete BHO pests.)
Download and run this script to delete the CWS shield-DLL and the BHO files.
No reboot will be required.
http://www.silentrunners.org/CWS File Cleaner.vbs
Reset your Internet Explorer home page. Your PC should now run normally.
If these steps do not resolve your problem, please post back to this thread
with the details and any error messages.
Hope this helps
Jan
Smiles are meant to be shared,
that's why they're so contagious.
Please reply to the newsgroup so others may benefit.
Replies are posted only to the newsgroup for the benefit or other readers.
How to make a good newsgroup post:
http://www.dts-l.org/goodpost.htm
D
Don Varnau
Hi,
Yes.
Don
Yes.
Don
R
Roberto Icaza
dv1,
No, "about:blank" is Internet Explorer's internal page for displaying a
blank page. In fact, if you go to Internet Options and click on "Use Blank"
under "Home page", the address will be "about:blank". There are many other
about:x pages within Internet Explorer. For example, if you type
"about:home" Internet Explorer navigates to your currently-set home page.
Roberto
No, "about:blank" is Internet Explorer's internal page for displaying a
blank page. In fact, if you go to Internet Options and click on "Use Blank"
under "Home page", the address will be "about:blank". There are many other
about:x pages within Internet Explorer. For example, if you type
"about:home" Internet Explorer navigates to your currently-set home page.
Roberto
T
Tom Pepper Willett
about blank can also be a hijack as the reply indicated.
| dv1,
| No, "about:blank" is Internet Explorer's internal page for displaying
a
| blank page. In fact, if you go to Internet Options and click on "Use
Blank"
| under "Home page", the address will be "about:blank". There are many
other
| about:x pages within Internet Explorer. For example, if you type
| "about:home" Internet Explorer navigates to your currently-set home page.
|
| Roberto
|
|
|
| | > The "about:blank" is part of the browser hijacker also called CWS. This
| > is
| > not good. Last time I saw this on a computer I had to wipe the hard
drive
| > to
| > get rid of it.
| > It did not display a blank page on that computer when at home page.
| > Any other info you could relate?
| >
| >
| > "deerbuck" wrote:
| >
| >> I am using a blank page for my home page. The address bar displays
| >> "about:blank". Is this normal?
|
|
| dv1,
| No, "about:blank" is Internet Explorer's internal page for displaying
a
| blank page. In fact, if you go to Internet Options and click on "Use
Blank"
| under "Home page", the address will be "about:blank". There are many
other
| about:x pages within Internet Explorer. For example, if you type
| "about:home" Internet Explorer navigates to your currently-set home page.
|
| Roberto
|
|
|
| | > The "about:blank" is part of the browser hijacker also called CWS. This
| > is
| > not good. Last time I saw this on a computer I had to wipe the hard
drive
| > to
| > get rid of it.
| > It did not display a blank page on that computer when at home page.
| > Any other info you could relate?
| >
| >
| > "deerbuck" wrote:
| >
| >> I am using a blank page for my home page. The address bar displays
| >> "about:blank". Is this normal?
|
|
F
Frank Saunders, MS-MVP IE/OE
deerbuck said:
Assuming that you are using a blank page on purpose, the answer is "Yes", as
Don said.
--
Frank Saunders, MS-MVP, IE/OE
Please respond in Newsgroup only. Do not send email
http://www.fjsmjs.com
Protect your PC
http://www.microsoft.com/security/protect/
G
Guest
Jan
You are the best
I have been stuck with this problem for a LONG TIME
These fixes got it!!!!
You are the best
I have been stuck with this problem for a LONG TIME
These fixes got it!!!!
J
Jan Il
Hi moc75
You're very welcome! Glad to hear you were able to resolve your problem.
Good job!
Thank you for posting back and letting us know what worked for you, and for
the benefit of other readers who might have a similar problem.
Jan
Smiles are meant to be shared,
that's why they're so contagious.
You're very welcome! Glad to hear you were able to resolve your problem.
Good job!
Thank you for posting back and letting us know what worked for you, and for
the benefit of other readers who might have a similar problem.
Jan
Smiles are meant to be shared,
that's why they're so contagious.
G
Guest
just wondering how you got rid of about:blank. I've got it and its causing
problems with my hotmail account. Any ideas?
problems with my hotmail account. Any ideas?
J
Jan Il
Hi sarah
Try the following:
Download, install and run the programs below:
CWShredder
http://www.majorgeeks.com/download4086.html
About Buster
http://www.majorgeeks.com/download4289.html
Then to fully clean your system, go through all the steps here:
WARNING>>>> Backup all documents and files before removing any spyware!!
Dealing with Unwanted Spyware and Parasites:
http://mvps.org/winhelp2002/unwanted.htm
What You Should Know About Spyware
http://www.microsoft.com/athome/security/spyware/devioussoftware.mspx
What you can do about spyware and other unwanted software
http://www.microsoft.com/athome/security/spyware/spywarewhat.mspx
Most importantly, be sure to run CWShredder here
http://www.majorgeeks.com/download3019.html
Also this program searches for hidden .dlls that recreate the malware.
About Buster:
http://www.majorgeeks.com/download4289.html
Then visit these two sites to test for parasites and help basic cleaning:
On-Line Check
http://aumha.org/a/noads.htm
and
Quick-Fix Protocol.
http://aumha.org/a/quickfix.php
Basically, throw everything here at your "infection".
Also very important, be sure to use the HijackThis. Please DO NOT post your
log to this
newsgroup, but to the HiJackThis Support Forums below:
http://www.hijackthis.de/forum/forumdisplay.php?f=10&guestlanguageid=4
the Aumha HiJackThis Forum
http://forum.aumha.org/viewforum.php?f=30
or Bleeping Computer Forum
http://www.bleepingcomputer.com/forums/forum22.html
to allow the experts there to evaluate your log and advise you of any
necessary steps to clean your system.
(Note: You will have to Register before posting on these Forums. Please
follow all posting instructions carefully to avoid having your log deleted
or ignored.
CAUTION!!!!! Before you try to remove spyware using any of the programs
below, download a copy of LSPFIX from any of the following sites:
http://www.cexx.org/lspfix.htm
http://www.spychecker.com/program/winsockxpfix.html
(if your OS is Win2k or XP) The process of removing certain malware may kill
your internet connection. If this should occur, this program, LSPFIX, will
enable you to regain your connection.
You should also get a copy of WINSOCKXPFIX available at:
http://www.spychecker.com/program/winsockxpfix.html
and
WinsockXP Fix- WinXP
http://www.spychecker.com/program/winsockxpfix.html
with instructions, at
http://www.iup.edu/house/resnet/winfix.shtm
also... From LavaSoft- all versions of Windows-
http://digital-solutions.co.uk/lavasoft/whndnfix.zip
(NOTE: It is reported that in XP SP2, the command netsh winsock reset
will fix this problem without the need for these programs.)
or Winsock Fix Utility
http://www.dfwonline.net/files/WinsockFix.zip
also.....
Information on About Blank:
Cool Web Search" CWS chronicles.
http://www.spywareinfo.com/~merijn/cwschronicles.html
Mirrored elsewhere Merijn's site is the best
http://inetexplorer.mvps.org/Darnit.htm
http://www.webhelper4u.com/index.html
How to guard from CoolWebSearch spyware and it's variants?
http://windowsxp.mvps.org/Defend_CWS.htm
Hope this helps
Jan
Smiles are meant to be shared,
that's why they're so contagious.
Replies are posted only to the newsgroup for the benefit or other readers.
How to make a good newsgroup post:
http://www.dts-l.org/goodpost.htm
Try the following:
Download, install and run the programs below:
CWShredder
http://www.majorgeeks.com/download4086.html
About Buster
http://www.majorgeeks.com/download4289.html
Then to fully clean your system, go through all the steps here:
WARNING>>>> Backup all documents and files before removing any spyware!!
Dealing with Unwanted Spyware and Parasites:
http://mvps.org/winhelp2002/unwanted.htm
What You Should Know About Spyware
http://www.microsoft.com/athome/security/spyware/devioussoftware.mspx
What you can do about spyware and other unwanted software
http://www.microsoft.com/athome/security/spyware/spywarewhat.mspx
Most importantly, be sure to run CWShredder here
http://www.majorgeeks.com/download3019.html
Also this program searches for hidden .dlls that recreate the malware.
About Buster:
http://www.majorgeeks.com/download4289.html
Then visit these two sites to test for parasites and help basic cleaning:
On-Line Check
http://aumha.org/a/noads.htm
and
Quick-Fix Protocol.
http://aumha.org/a/quickfix.php
Basically, throw everything here at your "infection".
Also very important, be sure to use the HijackThis. Please DO NOT post your
log to this
newsgroup, but to the HiJackThis Support Forums below:
http://www.hijackthis.de/forum/forumdisplay.php?f=10&guestlanguageid=4
the Aumha HiJackThis Forum
http://forum.aumha.org/viewforum.php?f=30
or Bleeping Computer Forum
http://www.bleepingcomputer.com/forums/forum22.html
to allow the experts there to evaluate your log and advise you of any
necessary steps to clean your system.
(Note: You will have to Register before posting on these Forums. Please
follow all posting instructions carefully to avoid having your log deleted
or ignored.
CAUTION!!!!! Before you try to remove spyware using any of the programs
below, download a copy of LSPFIX from any of the following sites:
http://www.cexx.org/lspfix.htm
http://www.spychecker.com/program/winsockxpfix.html
(if your OS is Win2k or XP) The process of removing certain malware may kill
your internet connection. If this should occur, this program, LSPFIX, will
enable you to regain your connection.
You should also get a copy of WINSOCKXPFIX available at:
http://www.spychecker.com/program/winsockxpfix.html
and
WinsockXP Fix- WinXP
http://www.spychecker.com/program/winsockxpfix.html
with instructions, at
http://www.iup.edu/house/resnet/winfix.shtm
also... From LavaSoft- all versions of Windows-
http://digital-solutions.co.uk/lavasoft/whndnfix.zip
(NOTE: It is reported that in XP SP2, the command netsh winsock reset
will fix this problem without the need for these programs.)
or Winsock Fix Utility
http://www.dfwonline.net/files/WinsockFix.zip
also.....
Information on About Blank:
Cool Web Search" CWS chronicles.
http://www.spywareinfo.com/~merijn/cwschronicles.html
Mirrored elsewhere Merijn's site is the best
http://inetexplorer.mvps.org/Darnit.htm
http://www.webhelper4u.com/index.html
How to guard from CoolWebSearch spyware and it's variants?
http://windowsxp.mvps.org/Defend_CWS.htm
Hope this helps
Jan
Smiles are meant to be shared,
that's why they're so contagious.
Replies are posted only to the newsgroup for the benefit or other readers.
How to make a good newsgroup post:
http://www.dts-l.org/goodpost.htm
G
Guest
Hi Jan Il, How can I determine which anti-spyware is better. I paid for
an anti-spyware program only to realize afterwards there seem to be a lot out
there that will give me the fix I need for free. I too had the "about blank"
homepage which was driving me crazy and I went for the first fix I could
find--Spyware Begone. I also had to reboot in safe mode to completely
eliminate it and so far it seems to have worked.
an anti-spyware program only to realize afterwards there seem to be a lot out
there that will give me the fix I need for free. I too had the "about blank"
homepage which was driving me crazy and I went for the first fix I could
find--Spyware Begone. I also had to reboot in safe mode to completely
eliminate it and so far it seems to have worked.
J
Jan Il
Hi Christine
Here is a list of most of the standard recommended scumware removal tools,
and they are still Free. I am sure others here will have more to add to this
list, but, this is the most basic programs:
These tools you will see recommended most often here and in most other
newsgroups by the experts, as they work very well, and don't cost anything.
CWShredder - http://www.majorgeeks.com/download4086.html (For About:Blank)
About:Buster (also for About:Blank)
http://www.majorgeeks.com/download4289.html
http://www.atribune.org/downloads/AboutBuster.zip
Spybot S&D - http://www.safer-networking.org/en/index.html
Ad-Aware SE - http://www.lavasoftusa.com/software/adaware/
Hijack this - http://www.majorgeeks.com/download3155.html\
Hijackthis tutorial -
http://forums.maddoktor2.com/index.php?showtopic=165
SpywareBlaster - http://www.javacoolsoftware.com/spywareblaster.html
BHODemon -
http://pcworld.com/downloads/file_download.asp?fid=23611&fileidx=1
A listing of BHO's
http://www.spywaredata.com/bho.php?current_page=0
Stinger from McAfee
http://vil.nai.com/vil/stinger/
also....
Newest program out is the Miscrosoft Windows Anti-Spyware Beta program
http://blogs.msdn.com/mswanson/archive/2005/01/06/347639.aspx
However, read all information carefully, and remember that is it a Beta
program at present.
Also...
LSP and Winsock Fixes
Removal of some types of spyware can damage the Winsock keys in the
Registry. Spywares use the Layered Service Providers (LSP), small software
items added or inserted into the Winsocks. Data that is outward bound from
your computer to a legitimate destination on the Internet can be intercepted
by an LSP and sent other than intended. To correct the damage and repair
the IE connection download and run the programs below:
http://www.cexx.org/lspfix.htm
http://www.spychecker.com/program/winsockxpfix.html
(if your OS is Win2k or XP) The process of removing certain malware may kill
your internet connection. If this should occur, this program, LSPFIX, will
enable you to regain your connection.
and..
Winsock Fix Utility
http://www.dfwonline.net/files/WinsockFix.zip
WinsockXP Fix for XP
http://www.spychecker.com/program/winsockxpfix.html
How to Reset Internet Protocol (TCP/IP) in Windows XP
http://support.microsoft.com/kb/299357
WinXP SP2: Go to Start | Run and type
CMD
In the command window type
netsh winsock reset
Also, with instructions, at
http://www.iup.edu/house/resnet/winfix.shtm
aso...
Additional LPS Information:
http://searchwin2000.techtarget.com/sDefinition/0,,sid1_gci213375,00.html
http://searchwin2000.techtarget.com/sDefinition/0,,sid1_gci213376,00.html
http://computercops.biz/LSPs.html
(scroll down the list to the lsp.dll files here)
To guard against installing adverse software to your system, it would be a
good idea to always check the Rogue list of programs listed at the site here
before installing them.
Rogue anti-spyware applications list.
http://www.spywarewarrior.com/rogue_anti-spyware.htm
Hope this helps
Jan
Smiles are meant to be shared,
that's why they're so contagious.
Replies are posted only to the newsgroup for the benefit or other readers.
How to make a good newsgroup post:
http://www.dts-l.org/goodpost.htm
Here is a list of most of the standard recommended scumware removal tools,
and they are still Free. I am sure others here will have more to add to this
list, but, this is the most basic programs:
These tools you will see recommended most often here and in most other
newsgroups by the experts, as they work very well, and don't cost anything.
CWShredder - http://www.majorgeeks.com/download4086.html (For About:Blank)
About:Buster (also for About:Blank)
http://www.majorgeeks.com/download4289.html
http://www.atribune.org/downloads/AboutBuster.zip
Spybot S&D - http://www.safer-networking.org/en/index.html
Ad-Aware SE - http://www.lavasoftusa.com/software/adaware/
Hijack this - http://www.majorgeeks.com/download3155.html\
Hijackthis tutorial -
http://forums.maddoktor2.com/index.php?showtopic=165
SpywareBlaster - http://www.javacoolsoftware.com/spywareblaster.html
BHODemon -
http://pcworld.com/downloads/file_download.asp?fid=23611&fileidx=1
A listing of BHO's
http://www.spywaredata.com/bho.php?current_page=0
Stinger from McAfee
http://vil.nai.com/vil/stinger/
also....
Newest program out is the Miscrosoft Windows Anti-Spyware Beta program
http://blogs.msdn.com/mswanson/archive/2005/01/06/347639.aspx
However, read all information carefully, and remember that is it a Beta
program at present.
Also...
LSP and Winsock Fixes
Removal of some types of spyware can damage the Winsock keys in the
Registry. Spywares use the Layered Service Providers (LSP), small software
items added or inserted into the Winsocks. Data that is outward bound from
your computer to a legitimate destination on the Internet can be intercepted
by an LSP and sent other than intended. To correct the damage and repair
the IE connection download and run the programs below:
http://www.cexx.org/lspfix.htm
http://www.spychecker.com/program/winsockxpfix.html
(if your OS is Win2k or XP) The process of removing certain malware may kill
your internet connection. If this should occur, this program, LSPFIX, will
enable you to regain your connection.
and..
Winsock Fix Utility
http://www.dfwonline.net/files/WinsockFix.zip
WinsockXP Fix for XP
http://www.spychecker.com/program/winsockxpfix.html
How to Reset Internet Protocol (TCP/IP) in Windows XP
http://support.microsoft.com/kb/299357
WinXP SP2: Go to Start | Run and type
CMD
In the command window type
netsh winsock reset
Also, with instructions, at
http://www.iup.edu/house/resnet/winfix.shtm
aso...
Additional LPS Information:
http://searchwin2000.techtarget.com/sDefinition/0,,sid1_gci213375,00.html
http://searchwin2000.techtarget.com/sDefinition/0,,sid1_gci213376,00.html
http://computercops.biz/LSPs.html
(scroll down the list to the lsp.dll files here)
To guard against installing adverse software to your system, it would be a
good idea to always check the Rogue list of programs listed at the site here
before installing them.
Rogue anti-spyware applications list.
http://www.spywarewarrior.com/rogue_anti-spyware.htm
Hope this helps
Jan
Smiles are meant to be shared,
that's why they're so contagious.
Replies are posted only to the newsgroup for the benefit or other readers.
How to make a good newsgroup post:
http://www.dts-l.org/goodpost.htm
G
Guest
Don't know how to thank you enough. Have been struggling with a few problems
including browser and homepage being hijacked to about:blank. Followed your
instructions and the probelm seems to be gone. Internet expxlorer is now
working perfectly. Thanks again.
including browser and homepage being hijacked to about:blank. Followed your
instructions and the probelm seems to be gone. Internet expxlorer is now
working perfectly. Thanks again.
J
Jan Il
Hi karal
You're very welcome! Glad to hear you were able to resolve your problem.
Good job!
Thank you for posting back and letting us know what worked for you, and for
the benefit of other readers who might have a similar problem.
Jan
MS MVP - IE/OE
Smiles are meant to be shared,
that's why they're so contagious.
You're very welcome! Glad to hear you were able to resolve your problem.
Good job!
Thank you for posting back and letting us know what worked for you, and for
the benefit of other readers who might have a similar problem.
Jan
MS MVP - IE/OE
Smiles are meant to be shared,
that's why they're so contagious.
G
Guest
I have a similiar problem, my home page resets to about:blank and the display
show something entitled "quick web search" with a box to put a search term
and a lot of links to click on. It also shows a link titled "unistall
homepage" when I click on it to directs to me web sites wanting to sell me
spy ware software etc. serveral of the sites that come up are
www.spyfighter.com and www.pcadprotector.cc/?qq
I've tried runnibg some of the software below in safe mode several times,
the software deletes detected files, however they come right back. Are you
supposed to run all the software listed i.e. spybot, lavasoft,
cwshredder,about buster??? or just use one? Appreciate any advise you have.
Thanks, Ted
show something entitled "quick web search" with a box to put a search term
and a lot of links to click on. It also shows a link titled "unistall
homepage" when I click on it to directs to me web sites wanting to sell me
spy ware software etc. serveral of the sites that come up are
www.spyfighter.com and www.pcadprotector.cc/?qq
I've tried runnibg some of the software below in safe mode several times,
the software deletes detected files, however they come right back. Are you
supposed to run all the software listed i.e. spybot, lavasoft,
cwshredder,about buster??? or just use one? Appreciate any advise you have.
Thanks, Ted
P
PA Bear
When all else fails, HijackThis v1.99.1
(http://aumha.net/downloads/hijackthis.zip) is the preferred tool to use.
It will help you to both identify and remove any hijackware/spyware. **Post
your log to http://forums.spywareinfo.com/,
http://castlecops.com/forum67.html or http://aumha.net/viewforum.php?f=30
for expert analysis, not here.**
(http://aumha.net/downloads/hijackthis.zip) is the preferred tool to use.
It will help you to both identify and remove any hijackware/spyware. **Post
your log to http://forums.spywareinfo.com/,
http://castlecops.com/forum67.html or http://aumha.net/viewforum.php?f=30
for expert analysis, not here.**
J
Jan Il
HI Ted
In addition to the information from PA Bear, be aware that there are
numerous variants of the Coolwebsearch and similar malware that can
replicate itself over and over if it is not properly removed. They are very
difficult to remove, and there are some programs that are just for such
types of variants.
If you have already run the program About Buster then please ignore the
post.
If you have not yet run this program, download and run the About Buster,
then run the HJT to scan your system and post the log according to the
information provided by PA Bear. If you have posted the log it already, go
ahead and do run the About Buster rerun HJT, and post a new log to the forum
where you posted the first one. It's just another matter important tool in
the process.
About:Buster
http://www.majorgeeks.com/download4289.html
Run About:Buster and have it scan twice.
Hope this helps
Jan
MS MVP - IE/OE
Smiles are meant to be shared,
that's why they're so contagious.
Replies are posted only to the newsgroup for the benefit or other readers.
How to make a good newsgroup post:
http://www.dts-l.org/goodpost.htm
In addition to the information from PA Bear, be aware that there are
numerous variants of the Coolwebsearch and similar malware that can
replicate itself over and over if it is not properly removed. They are very
difficult to remove, and there are some programs that are just for such
types of variants.
If you have already run the program About Buster then please ignore the
post.
If you have not yet run this program, download and run the About Buster,
then run the HJT to scan your system and post the log according to the
information provided by PA Bear. If you have posted the log it already, go
ahead and do run the About Buster rerun HJT, and post a new log to the forum
where you posted the first one. It's just another matter important tool in
the process.
About:Buster
http://www.majorgeeks.com/download4289.html
Run About:Buster and have it scan twice.
Hope this helps
Jan
MS MVP - IE/OE
Smiles are meant to be shared,
that's why they're so contagious.
Replies are posted only to the newsgroup for the benefit or other readers.
How to make a good newsgroup post:
http://www.dts-l.org/goodpost.htm
G
Guest
To Jan Il or whoever has successfully fixed the 'about:blank' problem. I
attempt to reset my home page and each time I return to Internet Explorer
(IE) my home page has been changed to about:blank. It happens on such a
regular basis that I don't think it's an anomaly. I read the previous replies
and wonder if these steps are still applicable? I have installed all the
latest updates, both critical and custom. I have Spy Sweeper installed and
Trend PC-Cillin. I know that about:blank is part of the General tab options
under Internet Options Tools but I fail to see how it can be disabled or if
disabled is the correct term. I feel something is making my home page change
to about:blank without my knowledge. I appreciate any help.
attempt to reset my home page and each time I return to Internet Explorer
(IE) my home page has been changed to about:blank. It happens on such a
regular basis that I don't think it's an anomaly. I read the previous replies
and wonder if these steps are still applicable? I have installed all the
latest updates, both critical and custom. I have Spy Sweeper installed and
Trend PC-Cillin. I know that about:blank is part of the General tab options
under Internet Options Tools but I fail to see how it can be disabled or if
disabled is the correct term. I feel something is making my home page change
to about:blank without my knowledge. I appreciate any help.
F
Frank Saunders, MS-MVP OE/WM
You probably need to try more anti-malware programs.
Help with Hijackware
All MS - MVP Sites.
http://aumha.org/a/parasite.htm
(http://aumha.org/a/quickfix.htm)
http://www.elephantboycomputers.com/page2.html#Removing_Malware
(http://mvps.org/winhelp2002/unwanted.htm)
(http://inetexplorer.mvps.org/darnit.html)
(http://www.mvps.org/sramesh2k/Malware_Defence.htm)
Unexplained computer behavior may be caused by deceptive software.
http://support.microsoft.com/kb/827315
Help with Hijackware
All MS - MVP Sites.
http://aumha.org/a/parasite.htm
(http://aumha.org/a/quickfix.htm)
http://www.elephantboycomputers.com/page2.html#Removing_Malware
(http://mvps.org/winhelp2002/unwanted.htm)
(http://inetexplorer.mvps.org/darnit.html)
(http://www.mvps.org/sramesh2k/Malware_Defence.htm)
Unexplained computer behavior may be caused by deceptive software.
http://support.microsoft.com/kb/827315