about:blank keeps replacing my users home page

[lforbes]

Hi,

I have this weird problem in both of my Domains that are completely
separate from each other.

The Users Home page is coming up about:blank on some, but not all of
my workstations regardless of Admin or regular user. The really weird
thing is the regular users are Mandatory Profiles with the Home Page
put in AND the home page is Setup in Group Policy as well.

When logging into another machine it will work fine. I am wondering
if it is a Group Policy Loopback issue. I have the homepage setup in
the Users Group Policy.

Very weird. I haven’t found anything about this on the MS website.

Any ideas would be great.


Thanks

Lara

 

[David H. Lipman]

From: "lforbes" <[email protected]>

| Hi,
|
| I have this weird problem in both of my Domains that are completely
| separate from each other.
|
| The Users Home page is coming up about:blank on some, but not all of
| my workstations regardless of Admin or regular user. The really weird
| thing is the regular users are Mandatory Profiles with the Home Page
| put in AND the home page is Setup in Group Policy as well.
|
| When logging into another machine it will work fine. I am wondering
| if it is a Group Policy Loopback issue. I have the homepage setup in
| the Users Group Policy.
|
| Very weird. I haven’t found anything about this on the MS website.
|
| Any ideas would be great.
|
| Thanks
|
| Lara
|
| --
| Posted using the http://www.windowsforumz.com interface, at author's request
| Articles individually checked for conformance to usenet standards
| Topic URL:
http://www.windowsforumz.com/Group-Policy-blank-replacing-users-home-page-ftopict275464.html
| Visit Topic URL to contact author (reg. req'd). Report abuse:
http://www.windowsforumz.com/eform.php?p=873087




Dump the contents of the IE Temporary Internet Folder cache (TIF)

start --> settings --> control panel --> internet options --> delete files

1) Download the following three items...

Trend Sysclean Package
http://www.trendmicro.com/download/dcs.asp

Latest Trend signature files.
http://www.trendmicro.com/download/pattern.asp

Ad-aware SE (free personal version v1.05)
http://www.lavasoftusa.com/

Create a directory.
On drive "C:\"
(e.g., "c:\New Folder")
or the desktop
(e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")

Download SYSCLEAN.COM and place it in that directory.
Download the Trend Pattern File by obtaining the ZIP file.
For example; lpt482.zip

Extract the contents of the ZIP file and place the contents in the same directory as
SYSCLEAN.COM.

2) Update Ad-aware with the latest definitions.
3) Reboot your PC into Safe Mode and shutdown as many applications as possible.
4) Using both the Trend Sysclean utility and Ad-aware, perform a Full Scan of your
platform and clean/delete any infectors/parasites found.
(a few cycles may be needed)
5) Restart your PC and perform a "final" Full Scan of your platform using both the
Trend Sysclean utility and Adaware

* * Please report back your results * *

 

[Steven L Umbach]

I don't know if this will help but it may be worth a try to configure Group
Policy for IE maintenance policy processing to reapply settings even if the
Group Policy has not changed as referred to in the KB article below. If a
gpupdate /force fixes the problem for a user then that policy setting may
work. It may be due to loopback processing if the problem does not occur
when the user logs onto another computer not in the same OU as where the
problem occurs. --- Steve

http://support.microsoft.com/default.aspx?scid=kb;en-us;316702

 

[Hank Arnold]

There are spyware/malware programs that use the "about:Blank" home page as a
way in. I use it all the time and one of my spyware programs (Ad Aware)
started tagging it as a possible hijacked web browser. I'd suggest getting
several spyware detectors (Ad Aware, SpyBot S&D, Spy Sweeper, etc.) and scan
the machines in question....

 

[taranis]

You have a browser hijack and probably a lot of other spyware as well.
Follow lforbes's excellent advice but I would add a couple of things:
First, you have the CoolWeb browser hijack and AdAware/Trend Sysclean
may not clean your systems of this nasty hijack. I recommend
downloading HiJackThis from download.com and using it to clean all the
BHO that it finds as well as any references to coolweb/about:blank.

Second, your users should not be local administrators and you should
also create a GPO that prevents new additions to the following registry
key for non administrators: HKEY_LOCAL_MACHINE\SOFTWARE.

Since I implemented this I get ZERO spyware on my clients computers.

 

[lforbes]

You have a browser hijack and probably a lot of other spyware
as well.
Follow lforbes's excellent advice but I would add a couple of
things:
First, you have the CoolWeb browser hijack and AdAware/Trend
Sysclean
may not clean your systems of this nasty hijack. I recommend
downloading HiJackThis from download.com and using it to clean
all the
BHO that it finds as well as any references to
coolweb/about:blank.

Second, your users should not be local administrators and you
should
also create a GPO that prevents new additions to the following
registry
key for non administrators: HKEY_LOCAL_MACHINESOFTWARE.

Since I implemented this I get ZERO spyware on my clients
computers.

Hi,

This is Not spyware. Two of the machines are newly installed from
reformat and on the others No one has ever had any write access to
either the registry or the Windows folder. They are all running
mandatory profiles that delete on logoff and the drives are completely
read-only. I also have an ISA server registering any traffic that is
unusual and it is showing nothing.

It is also happening in two different separate domains. I read the
info on the about:blank spyware. It said that it puts an entry in
HKLM-Software-Microsoft-WindowsNT-CurrentVersion-Windows-AppInit_DLLs
entry. I have nothing in this entry on any of the machines so I am
pretty sure this is a Windows issue not a spyware one. I haven’t ever
had any spyware on any of my machines in 5 years except the few that
the users were Admins on (which have since been reformatted)

It seems to be after I "enabled" the "IE maintenance policy
processing to reapply settings even if the Group Policy has not
changed". However turning it off didn’t seem to help. I have also
enabled "Loopback" mode recently that could have affected this. I
will check into those two.

Thanks

Lara

 

[lforbes]

Hi,

This is Not spyware. Two of the machines are newly installed
from reformat and on the others No one has ever had any write
access to either the registry or the Windows folder. They are
all running mandatory profiles that delete on logoff and the
drives are completely read-only. I also have an ISA server
registering any traffic that is unusual and it is showing
nothing.

It is also happening in two different separate domains. I read
the info on the about:blank spyware. It said that it puts an
entry in
HKLM-Software-Microsoft-WindowsNT-CurrentVersion-Windows-AppIn
it_DLLs
entry. I have nothing in this entry on any of the machines so
I am pretty sure this is a Windows issue not a spyware one. I
haven't ever had any spyware on any of my machines in 5 years
except the few that the users were Admins on (which have since
been reformatted)

It seems to be after I "enabled" the "IE maintenance policy
processing to reapply settings even if the Group Policy has
not changed". However turning it off didn't seem to help. I
have also enabled "Loopback" mode recently that could have
affected this. I will check into those two.

Thanks

Lara

HI,

I figured it out. I have a great program called AristoClass which is a
remote control program to remote control and view users desktops.
Works great but is the cause of the About:Blank home page as it remote
controls IE as well.

Cheers,

Lara