G
Guest
Lloyd Wolf said:
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
G
Guest
Hello John, anyone else,
I have had a full blown case of about:blank. I read someplace else that the
programmer who wrote it should have his (sorry about gender discrimination
here, but no woman would do such a thing) privates encased in a vice whilst
it is being closed. I'll second that.
Two things just to get it to stop. Keep your modem off when you startup
your computer. Kill Iexplore.exe sessions that come up in the process list
of Task Manager (Windows NT, 2K, XP). This is what is resetting your home
page. Either keep the modem off or wait a minute or two. It gives up after
a retry or two.
Next your browser -> Tools ->Internet Options -> Security. Click Custom
Level. Disable Java and disable download. You can disable the Activex as
well. Reset them to enabled after you think you are not going to be
reinfected every time your computer starts up.
Until I followed these steps, the whole thing would come back every time I
re-started my computer.
To get rid of it I ran CWshredder.exe, which seemed to get rid of it, but as
I mentioned, it kept coming back. I also downloaded NoAdware, which actually
identified files that should be removed and was able to remove them pretty
well. It also keeps identifying svchost.exe in my Windows System32 directory
as being infected with a dll which it is claiming is causing my problems. It
is not able to remove this file, which is a good thing because it is vital to
communications. I replaced it with an identical file from Windows XP Service
Pack 1a on another computer and it diagnosed the new one the same way. So
I'm not sure. I don't know any of the other adware programs so can't comment
on whether they are better or NoAdware is better or whether any of them
really completeley work.
At any rate, now I can work on the computer O.K., I am able to set my
homepage O.K., but my computer continues to crank up a session of
Iexplore.exe every time at startup as well as occaisonal extra IE sessions
that begin at about:blank and morph into advertisements, many of them from a
bannerfarm site. This is manageable, but I sure would like to get rid of the
IE startup at computer startup and the extra sessions.
I also have an empty value in the place described where the reglite program
is used.
I have Norton 2003. I think Norton 2004 or greater is required to manage
adware. They do document it and claim that it is easy to get rid of, but I
followed their procedure and I still have the symptoms described. Perhaps,
because I have Norton 2003. They identified this as "1stbar" adware.
I should also mention that when I uninstalled or got rid of "1stbar", the
uninstallation took me to a web page that said something like they were sorry
to see the uninstallation and hoped it had been useful and also advertised
anti-adware software. "1stbar" is anything but useful. I would call it more
like a plague.
Any information anyone has would be welcomed.
George Kotcher
Barrington Software Incorporated
I have had a full blown case of about:blank. I read someplace else that the
programmer who wrote it should have his (sorry about gender discrimination
here, but no woman would do such a thing) privates encased in a vice whilst
it is being closed. I'll second that.
Two things just to get it to stop. Keep your modem off when you startup
your computer. Kill Iexplore.exe sessions that come up in the process list
of Task Manager (Windows NT, 2K, XP). This is what is resetting your home
page. Either keep the modem off or wait a minute or two. It gives up after
a retry or two.
Next your browser -> Tools ->Internet Options -> Security. Click Custom
Level. Disable Java and disable download. You can disable the Activex as
well. Reset them to enabled after you think you are not going to be
reinfected every time your computer starts up.
Until I followed these steps, the whole thing would come back every time I
re-started my computer.
To get rid of it I ran CWshredder.exe, which seemed to get rid of it, but as
I mentioned, it kept coming back. I also downloaded NoAdware, which actually
identified files that should be removed and was able to remove them pretty
well. It also keeps identifying svchost.exe in my Windows System32 directory
as being infected with a dll which it is claiming is causing my problems. It
is not able to remove this file, which is a good thing because it is vital to
communications. I replaced it with an identical file from Windows XP Service
Pack 1a on another computer and it diagnosed the new one the same way. So
I'm not sure. I don't know any of the other adware programs so can't comment
on whether they are better or NoAdware is better or whether any of them
really completeley work.
At any rate, now I can work on the computer O.K., I am able to set my
homepage O.K., but my computer continues to crank up a session of
Iexplore.exe every time at startup as well as occaisonal extra IE sessions
that begin at about:blank and morph into advertisements, many of them from a
bannerfarm site. This is manageable, but I sure would like to get rid of the
IE startup at computer startup and the extra sessions.
I also have an empty value in the place described where the reglite program
is used.
I have Norton 2003. I think Norton 2004 or greater is required to manage
adware. They do document it and claim that it is easy to get rid of, but I
followed their procedure and I still have the symptoms described. Perhaps,
because I have Norton 2003. They identified this as "1stbar" adware.
I should also mention that when I uninstalled or got rid of "1stbar", the
uninstallation took me to a web page that said something like they were sorry
to see the uninstallation and hoped it had been useful and also advertised
anti-adware software. "1stbar" is anything but useful. I would call it more
like a plague.
Any information anyone has would be welcomed.
George Kotcher
Barrington Software Incorporated
G
Guest
Hi rob7777,
ever get an answer to the question. "about;blank has stolen my browser as
well. Please advise. thx
ever get an answer to the question. "about;blank has stolen my browser as
well. Please advise. thx
B
Bill V
Have you tried running;
hijackthis.exe
then using the information to troubleshoot with.
Bill
"(e-mail address removed)"
hijackthis.exe
then using the information to troubleshoot with.
Bill
"(e-mail address removed)"
P
PhilipW
Hi Dan - had the same problem myself -
found the answer at the following web address
http://www.akadia.com/services/about_blank_virus.html
As you will see at this site, it's a virus (one of the 'startp' group)
that sits in a hidden location and replicates itself to the system32
directory - if you delete it it re-replicates itself. I found that
Sophos deleted the hidden file, but not the one in the system32
directory! So although sophos gave me the all clear, about:blank still
appeared.
Good hunting
PhilipW
found the answer at the following web address
http://www.akadia.com/services/about_blank_virus.html
As you will see at this site, it's a virus (one of the 'startp' group)
that sits in a hidden location and replicates itself to the system32
directory - if you delete it it re-replicates itself. I found that
Sophos deleted the hidden file, but not the one in the system32
directory! So although sophos gave me the all clear, about:blank still
appeared.
Good hunting
PhilipW
G
Guest
It required much experimentation, but I killed it -- finally!!!
Apparently, there is a hidden file that is all but impossible to delete in
the "system restore" files. It is, however, not entirely impossible to kill.
I followed the instructions from the symantec website for getting rid of the
"Trojan.ByteVerify" virus, EXCEPT that instead of using the Norton anti-virus
from Symantec (which did not work!), I downloaded a freeware copy of the VGA
software. (NOTE: Without following the instructions from Symantec on
disabling system restore, the VGA scan also did not work -- it was only a
combination of the two that fixed the problem.)
OK, so here are four steps that should solve the problem:
1. Download the VGA software, install it, get the definitions up to date.
2. Disable System Restore. [THE FOLLOWING IS FOR Windows ME. YOU MIGHT GO
TO THE SYMANTEC FILE MENTIONED ABOVE TO CHECK THEIR SYSTEM SPECIFIC
INSTRUCTIONS IF THIS DOES NOT WORK FOR YOUR SYSTEM.] Go into the the Start
menu > Settings. Click Control Panel. Click System. (If system does not
appear, you need to click on the "view all control panel options" off to the
left.) Click Performance. Click File System (lower left). Click
Troubleshooting. Check the Disable System Restore box (bottom box). Click
OK. This will force you to restart your system.
3. Open in safe mode and run the AVG full scan. [I am not 100% sure
whether or not you need to do this in safe mode. I did -- following
Symantec's advice for getting rid of the Trojan.ByteVerify virus -- and it
worked.] Having disabled the System Restore, you should now be able to
remove the infected files from that area without problem -- no idea why that
should make the difference, but it did.
4. Restart your system and go back and reactivate your system restore
settings. I am now celebrating a clean computer. Whew! Want to shoot the
guy who wrote this one....
Good luck.
Apparently, there is a hidden file that is all but impossible to delete in
the "system restore" files. It is, however, not entirely impossible to kill.
I followed the instructions from the symantec website for getting rid of the
"Trojan.ByteVerify" virus, EXCEPT that instead of using the Norton anti-virus
from Symantec (which did not work!), I downloaded a freeware copy of the VGA
software. (NOTE: Without following the instructions from Symantec on
disabling system restore, the VGA scan also did not work -- it was only a
combination of the two that fixed the problem.)
OK, so here are four steps that should solve the problem:
1. Download the VGA software, install it, get the definitions up to date.
2. Disable System Restore. [THE FOLLOWING IS FOR Windows ME. YOU MIGHT GO
TO THE SYMANTEC FILE MENTIONED ABOVE TO CHECK THEIR SYSTEM SPECIFIC
INSTRUCTIONS IF THIS DOES NOT WORK FOR YOUR SYSTEM.] Go into the the Start
menu > Settings. Click Control Panel. Click System. (If system does not
appear, you need to click on the "view all control panel options" off to the
left.) Click Performance. Click File System (lower left). Click
Troubleshooting. Check the Disable System Restore box (bottom box). Click
OK. This will force you to restart your system.
3. Open in safe mode and run the AVG full scan. [I am not 100% sure
whether or not you need to do this in safe mode. I did -- following
Symantec's advice for getting rid of the Trojan.ByteVerify virus -- and it
worked.] Having disabled the System Restore, you should now be able to
remove the infected files from that area without problem -- no idea why that
should make the difference, but it did.
4. Restart your system and go back and reactivate your system restore
settings. I am now celebrating a clean computer. Whew! Want to shoot the
guy who wrote this one....
Good luck.
G
Guest
Lloyd Wolf said:Hello. Looking for a little help....
I have a customer running Internet Explorer v6, on a computer running
Windows 2000 Professional.
Internet Explorer has been hijacked by "About:Blank"
We have run the Ad-aware 6 and also Spybot Search & Destroy software.
Neither one seems to be able to get rid of "About:Blank" permanently.
Doing a Google search, I have seen lots of people having lots of problems
with this one.
Does anyone have a solid solution for getting rid of the "About:Blank"
hijacker ?
Thanks in advance.
Lloyd Wolf
Wolf Consulting, Inc.
G
Guest
Lloyd Wolf said:Hello. Looking for a little help....
I have a customer running Internet Explorer v6, on a computer running
Windows 2000 Professional.
Internet Explorer has been hijacked by "About:Blank"
We have run the Ad-aware 6 and also Spybot Search & Destroy software.
Neither one seems to be able to get rid of "About:Blank" permanently.
Doing a Google search, I have seen lots of people having lots of problems
with this one.
Does anyone have a solid solution for getting rid of the "About:Blank"
hijacker ?
Thanks in advance.
Lloyd Wolf
Wolf Consulting, Inc.
G
Guest
Lloyd Wolf said:Hello. Looking for a little help....
I have a customer running Internet Explorer v6, on a computer running
Windows 2000 Professional.
Internet Explorer has been hijacked by "About:Blank"
We have run the Ad-aware 6 and also Spybot Search & Destroy software.
Neither one seems to be able to get rid of "About:Blank" permanently.
Doing a Google search, I have seen lots of people having lots of problems
with this one.
Does anyone have a solid solution for getting rid of the "About:Blank"
hijacker ?
Thanks in advance.
Lloyd Wolf
Wolf Consulting, Inc.
Hi I had the same problem and I got rid of the About:blank homepage by downloading and running the CWShredder it is quick and easy
G
Guest
The new Version of Ad-Aware did the job for me....first pass.
G
Guest
I tried all the above to remove this culprit but nothing worked. I've used
adaware, spybot, pestpatrol..they did not prevent this culprit from
reinstalling upon rebooting. I also searched for about:blank in my registry
and deleted all references to it. I also searched for coolwebsearch in my
registry and deleted what I found. Upon reboot, all the previously mentioned
hijackers returned to the registry. I also went into the advanced properties
of my internet explorer and changed the setting to disable 3rd party browser
plug-ins. That didn't help. I also went into my security settings and under
the restricted sites list, I added coolwebsearch.com and cool-web-search.com
and then searched the registry again and found everything again so I deleted
everything pertaining to this culprit again and then restarted and everything
returned as usual.
I also ran norton's 2004 antivirus and upon updating my virus definitions
and turning off system restore, I found that norton did not find anything
too.
BUT....I then decided to run a program from McAfee called Stinger to see if
it would find anything and it found a virus called w32.backdoor.cfb and it
was removed. Norton did not find this virus but McAfee did. I rebooted
again and searched the registry and found nothing..no traces of the culprit.
You can find the Stinger from McAfee here:
http://vil.nai.com/vil/averttools.asp
adaware, spybot, pestpatrol..they did not prevent this culprit from
reinstalling upon rebooting. I also searched for about:blank in my registry
and deleted all references to it. I also searched for coolwebsearch in my
registry and deleted what I found. Upon reboot, all the previously mentioned
hijackers returned to the registry. I also went into the advanced properties
of my internet explorer and changed the setting to disable 3rd party browser
plug-ins. That didn't help. I also went into my security settings and under
the restricted sites list, I added coolwebsearch.com and cool-web-search.com
and then searched the registry again and found everything again so I deleted
everything pertaining to this culprit again and then restarted and everything
returned as usual.
I also ran norton's 2004 antivirus and upon updating my virus definitions
and turning off system restore, I found that norton did not find anything
too.
BUT....I then decided to run a program from McAfee called Stinger to see if
it would find anything and it found a virus called w32.backdoor.cfb and it
was removed. Norton did not find this virus but McAfee did. I rebooted
again and searched the registry and found nothing..no traces of the culprit.
You can find the Stinger from McAfee here:
http://vil.nai.com/vil/averttools.asp
G
Guest
I've encountered 2 computers with this hijacker and I've removed both
hijackers from both computers. The programs required for removal are
Adaware, Spybot, Stinger by McAfee, CWShredder, and another computer that has
internet access.
Reboot/Boot the infected computer into safe mode. Run the program called
Stinger that is from McAfee and make sure that prior to running the stinger
that you set your preferences in the stinger for deletion and all files.
I've found a virus on one of the 2 systems. After running stinger, if it
found a virus and it was not able to remove the virus, use another computer
and surf to symantec and get the removal tool for the virus. You must run
the virus removal tool in safe mode. Follow all the directions but do not
reboot till you've finished all my instructions.
After running stinger and after removing any virus, run Adaware then run
Spybot and delete everything they find.
After running the spyware removal programs, type regedit in the run command
on the infected system and upon opening the registry, highlight or click 1
time on my computer and then click on edit then find and place a checkmark in
all 3 boxes and then search the registry for about:blank and delete each
entry that is highlighted. After deleting the first entry, click on edit and
then click on find next to scan the registry till it finds no more
about:blank entries.
Finally, scan your system using the program called CWShredder. After these
steps are completed, reboot to normal mode. The infected system should be
clean. If not, redo all the steps again.
Note:
I've read some tech info that claims the reason why this spyware infects
some computers and not others is for 2 reasons. One reason is that the
advanced properties of internet explorer has disabled a function of internet
explorer that allows 3rd party browsers. This may or may not be true.
The second reason is that these techies claim this spyware/hijacker cannot
infect a system that is running Sun Java VM. Some time ago, Microsoft's Java
was always used. This theory does not hold substance since one of the
infected systems that I removed the hijacker was running Sun Java VM without
Microsoft's Java installed. Both infected systems were running XPSP1 Home
Edition.
CWShredder states that the hijacker attacks systems with Microsoft's Java
and that it must be removed and replaced by Sun Java VM to prevent
infections. I've got both the Sun Java VM and Microsoft's Java installed on
my personal system and have had no problems with any hijackers ever. My
system is using XPSP1 Professional Edition and McAfee Antivirus 7.0 version.
with a linksys router and McAfee's firewall. I've encountered fewer problems
using McAfee's firewall as opposed to running Zone Alarm.
Both infected systems were running Norton Antivirus 2004 Edition with
current updates and all settings enabled.
hijackers from both computers. The programs required for removal are
Adaware, Spybot, Stinger by McAfee, CWShredder, and another computer that has
internet access.
Reboot/Boot the infected computer into safe mode. Run the program called
Stinger that is from McAfee and make sure that prior to running the stinger
that you set your preferences in the stinger for deletion and all files.
I've found a virus on one of the 2 systems. After running stinger, if it
found a virus and it was not able to remove the virus, use another computer
and surf to symantec and get the removal tool for the virus. You must run
the virus removal tool in safe mode. Follow all the directions but do not
reboot till you've finished all my instructions.
After running stinger and after removing any virus, run Adaware then run
Spybot and delete everything they find.
After running the spyware removal programs, type regedit in the run command
on the infected system and upon opening the registry, highlight or click 1
time on my computer and then click on edit then find and place a checkmark in
all 3 boxes and then search the registry for about:blank and delete each
entry that is highlighted. After deleting the first entry, click on edit and
then click on find next to scan the registry till it finds no more
about:blank entries.
Finally, scan your system using the program called CWShredder. After these
steps are completed, reboot to normal mode. The infected system should be
clean. If not, redo all the steps again.
Note:
I've read some tech info that claims the reason why this spyware infects
some computers and not others is for 2 reasons. One reason is that the
advanced properties of internet explorer has disabled a function of internet
explorer that allows 3rd party browsers. This may or may not be true.
The second reason is that these techies claim this spyware/hijacker cannot
infect a system that is running Sun Java VM. Some time ago, Microsoft's Java
was always used. This theory does not hold substance since one of the
infected systems that I removed the hijacker was running Sun Java VM without
Microsoft's Java installed. Both infected systems were running XPSP1 Home
Edition.
CWShredder states that the hijacker attacks systems with Microsoft's Java
and that it must be removed and replaced by Sun Java VM to prevent
infections. I've got both the Sun Java VM and Microsoft's Java installed on
my personal system and have had no problems with any hijackers ever. My
system is using XPSP1 Professional Edition and McAfee Antivirus 7.0 version.
with a linksys router and McAfee's firewall. I've encountered fewer problems
using McAfee's firewall as opposed to running Zone Alarm.
Both infected systems were running Norton Antivirus 2004 Edition with
current updates and all settings enabled.
G
Guest
Nasty thing, isn't it....
Here's how I slayed the beast (AKA: iefeats, CoolWebSearch, Shopping Wizard,
Search Extender, Home Search Assistant, About:Blank)
(This information is brought to you with no guarentees or warrantees. Follow
my path at your own risk.)
Tools you will need: Javasoft's Ad Aware SE Personal and HiJackThis (both
are free)
1) Start > Settings > Control Panel > Add Remove Programs
Look for Shopping Wizard and Search Extender. (you won't be able to remove
them from here) If you have one or both, close Add Remove Programs and go to
step 2. If you don't have them, proceed to step 6.
2) Start > Run > Type in "regedit" without quotes > Click OK
3) Open: Hkey_Local_Machine/software/microsoft/windows/current
version/uninstall
4) Find and delete HSA, SE, and SW folders completely.
5) Close regedit (You may go back to step 1 if you'd like to see if they are
still there...they should be gone.)
6) Press control+alt+delete. Kill all processes that don't look right. Most
of the bad ones will be 5 random characters but you can double-check at
http://computercops.biz/StartupList.html
7) Start > Run > Type in "services.msc" without quotes > Click OK
8) Click on "Network Security Service" and disable it.
9) Open Ad-Aware SE and click "Scan Now".
10) Select the full system scan and hit "Next"
11) Allow it to complete the scan. Once it is over, check all of the boxes
in critical and click "Next". Proceed to delete them.
12) Close all open browsers.
13) Open Hijack this and select "Scan"
14) Follow the tips on http://computercops.biz/hijackthis.html to decided
which ones to delete....(but definitely get rid of anything mentioning
"About:Blank" and "sp.html). Important: If you don't feel comfortable doing
this, please ask an expert for assistance. This is what worked for me...but I
was sweating my choices the whole time.
15) Put checks next to the ones you wish to delete and hit "Fix Checked".
16) Shutdown your computer completely. Wait 10 seconds. Turn it back on.
17) Open Hijack This again and select "Scan". All of the bad registries
should be gone....if they aren't, well this is as far as I can take you...but
if they are, right-click on your browser. Select "Properties". Go to the
"General" tab. Reset your homepage. Open your browser. It should show your
homepage. Close it. Open it again. If it is still there, congratulations! You
have slayed the beast!
Happy hunting.
Kristi Caldwell
Here's how I slayed the beast (AKA: iefeats, CoolWebSearch, Shopping Wizard,
Search Extender, Home Search Assistant, About:Blank)
(This information is brought to you with no guarentees or warrantees. Follow
my path at your own risk.)
Tools you will need: Javasoft's Ad Aware SE Personal and HiJackThis (both
are free)
1) Start > Settings > Control Panel > Add Remove Programs
Look for Shopping Wizard and Search Extender. (you won't be able to remove
them from here) If you have one or both, close Add Remove Programs and go to
step 2. If you don't have them, proceed to step 6.
2) Start > Run > Type in "regedit" without quotes > Click OK
3) Open: Hkey_Local_Machine/software/microsoft/windows/current
version/uninstall
4) Find and delete HSA, SE, and SW folders completely.
5) Close regedit (You may go back to step 1 if you'd like to see if they are
still there...they should be gone.)
6) Press control+alt+delete. Kill all processes that don't look right. Most
of the bad ones will be 5 random characters but you can double-check at
http://computercops.biz/StartupList.html
7) Start > Run > Type in "services.msc" without quotes > Click OK
8) Click on "Network Security Service" and disable it.
9) Open Ad-Aware SE and click "Scan Now".
10) Select the full system scan and hit "Next"
11) Allow it to complete the scan. Once it is over, check all of the boxes
in critical and click "Next". Proceed to delete them.
12) Close all open browsers.
13) Open Hijack this and select "Scan"
14) Follow the tips on http://computercops.biz/hijackthis.html to decided
which ones to delete....(but definitely get rid of anything mentioning
"About:Blank" and "sp.html). Important: If you don't feel comfortable doing
this, please ask an expert for assistance. This is what worked for me...but I
was sweating my choices the whole time.
15) Put checks next to the ones you wish to delete and hit "Fix Checked".
16) Shutdown your computer completely. Wait 10 seconds. Turn it back on.
17) Open Hijack This again and select "Scan". All of the bad registries
should be gone....if they aren't, well this is as far as I can take you...but
if they are, right-click on your browser. Select "Properties". Go to the
"General" tab. Reset your homepage. Open your browser. It should show your
homepage. Close it. Open it again. If it is still there, congratulations! You
have slayed the beast!
Happy hunting.
Kristi Caldwell
G
Guest
Don't be fooled by these people trying to "help". Backup your important files
then format your hard drive. Its the only way to remove the damn crap from
your computer.
Get the latest SP for OS. Install a good anti-virus program, and firewall.
And please keep them updated!
DON'T OPEN ATTACHMENTS!
Becarefull of the web sites that you visit.
If you have XP as your OS. Make sure that the Pop-up blocker is set to
highest level
then format your hard drive. Its the only way to remove the damn crap from
your computer.
Get the latest SP for OS. Install a good anti-virus program, and firewall.
And please keep them updated!
DON'T OPEN ATTACHMENTS!
Becarefull of the web sites that you visit.
If you have XP as your OS. Make sure that the Pop-up blocker is set to
highest level
G
Guest
Has anyone been able to get rid of the about:blank yet? It's driving me
insane. I want the person who created it. Anyone who has dealt with
about:blank knows what it is I'd like to do to this person. I'd give them
some about:blank. I've tried it all and am tired of paying. Nothing is
truelly removing this parasite from my computer. I didn't even make 6 months
on my new computer and along came the about:blank. Now, I'm really hateing my
new computer. What right does anyone have to creat these things?
Thank you
Rose Ann
insane. I want the person who created it. Anyone who has dealt with
about:blank knows what it is I'd like to do to this person. I'd give them
some about:blank. I've tried it all and am tired of paying. Nothing is
truelly removing this parasite from my computer. I didn't even make 6 months
on my new computer and along came the about:blank. Now, I'm really hateing my
new computer. What right does anyone have to creat these things?
Thank you
Rose Ann
J
JTEN
I started getting this after i downloaded and ran adaware ce. After
trying to get rid of it I ran a scan with Norton (I have 2004) it
found a file iciej.dll, located in the windows\system32 folder (I have
xp). It would not delete the file, i did a search and found the file
and deleted it. I have not had the problem since. I hope this helps
anyone getting this.
JT
trying to get rid of it I ran a scan with Norton (I have 2004) it
found a file iciej.dll, located in the windows\system32 folder (I have
xp). It would not delete the file, i did a search and found the file
and deleted it. I have not had the problem since. I hope this helps
anyone getting this.
JT
G
Guest
This little adware program is insidious. I got hit with it, and it took me
several hours to finally get rid of it.
From what I gather, its a variant of a coolwebsearch program. the symptoms
are your home page goes to "about:blank" and then the generous authors
provide you with a solution via a pop up that tells you spyware or viruses
were detected and you should click to learn how to remove them.
DONT CLICK THE AD! ITS A TRAP!
It also prevents you from going to Microsoft.com updates and Netscape
web-pages(hmmm...wonder why that is?). There are apparently several
different variants that were released simultaneously, and they are able to
hide and reproduce on your computer very effectively. IT IS NOT A VIRUS.
You have to get the program off your hard drive with things other than Norton
or other antivirus programs.
However, after following the below steps, I finally got rid of it. you
might try each step individually and see if it works, but in my case I got
frustrated and did all the following simultaneously and now its gone. here
they are:
1) Download the latest Ad-Aware (I used personal SE)-get it from
http://www.lavasoft.de/support/download/
You might want to turn off system restore (be careful, do this at your own
risk, but some viruses/programs can reinstate themsevles via system restore)
do this by right clicking on My Computer in Windows explorer and go to the
system restore tab. Remember to turn it back on at the end (see step five)
2) Reboot computer in Safe Mode. Most computers you do this by hitting the
F8 key while the computer is booting. once in Safe mode, run Ad-Aware and
fix all the nasty little problems it finds. While in safe mode, I would
recommend running Norton (or anti-viral program of choice) as well. In both
programs, go to quarantined items and delete all those. (You can delete
quarantined items in safe mode because in regular mode they are being run and
therefore undeletable. you dont want to leave them running.)
3) Reboot the computer. Download and install the latest version of
microsoft updates, preferably by not opening your browser but by using
auto-updater.
4) If you still cant get that bugger off, then, well, you have to do the
unthinkable. you have to spit in Bill's eye and use netscape. I completely
deleted Internet explorer (which because its a background program that the
bot uses I had to reboot in safe mode and manually delete the internet
explorer folder: try using control panel first) and then I downloaded
netscape. The bot is smart, it tries to prevent you from going to
netscape.com, so use google and find a more obscure link it doesnt recognize.
Then its recommended after all vestiges of Internet explorer are gone
(remember to export your favorites in File in IE) that you go through steps 1
and 2 again to get this little bugger dead.
5)TURN SYSTEM RESTORE BACK ON IF YOU TURNED IT OFF
Good luck
several hours to finally get rid of it.
From what I gather, its a variant of a coolwebsearch program. the symptoms
are your home page goes to "about:blank" and then the generous authors
provide you with a solution via a pop up that tells you spyware or viruses
were detected and you should click to learn how to remove them.
DONT CLICK THE AD! ITS A TRAP!
It also prevents you from going to Microsoft.com updates and Netscape
web-pages(hmmm...wonder why that is?). There are apparently several
different variants that were released simultaneously, and they are able to
hide and reproduce on your computer very effectively. IT IS NOT A VIRUS.
You have to get the program off your hard drive with things other than Norton
or other antivirus programs.
However, after following the below steps, I finally got rid of it. you
might try each step individually and see if it works, but in my case I got
frustrated and did all the following simultaneously and now its gone. here
they are:
1) Download the latest Ad-Aware (I used personal SE)-get it from
http://www.lavasoft.de/support/download/
You might want to turn off system restore (be careful, do this at your own
risk, but some viruses/programs can reinstate themsevles via system restore)
do this by right clicking on My Computer in Windows explorer and go to the
system restore tab. Remember to turn it back on at the end (see step five)
2) Reboot computer in Safe Mode. Most computers you do this by hitting the
F8 key while the computer is booting. once in Safe mode, run Ad-Aware and
fix all the nasty little problems it finds. While in safe mode, I would
recommend running Norton (or anti-viral program of choice) as well. In both
programs, go to quarantined items and delete all those. (You can delete
quarantined items in safe mode because in regular mode they are being run and
therefore undeletable. you dont want to leave them running.)
3) Reboot the computer. Download and install the latest version of
microsoft updates, preferably by not opening your browser but by using
auto-updater.
4) If you still cant get that bugger off, then, well, you have to do the
unthinkable. you have to spit in Bill's eye and use netscape. I completely
deleted Internet explorer (which because its a background program that the
bot uses I had to reboot in safe mode and manually delete the internet
explorer folder: try using control panel first) and then I downloaded
netscape. The bot is smart, it tries to prevent you from going to
netscape.com, so use google and find a more obscure link it doesnt recognize.
Then its recommended after all vestiges of Internet explorer are gone
(remember to export your favorites in File in IE) that you go through steps 1
and 2 again to get this little bugger dead.
5)TURN SYSTEM RESTORE BACK ON IF YOU TURNED IT OFF
Good luck
G
Guest
a1_andy said:I'm waiting on microsoft to get back to me on this. I know how to fix it and
i know how to prevent it for the future. hope fully they respond soon. It
took me 5 comps with all difernt microsoft os's and a week's worth of spare
time to figger it out. but i cracked its code! and its the toughest i've ever
seen to date and not easly removed due to its "random" filename generator
but it is removable.
Its a cross betwean a virus/spyware/adware/hijacking
G
Guest
rocketmann007, I am going to try this, for I have been infected with about
blank, in the past few days. I have earthlink total access, which has pop
up blocker on it, but after I started getting about blank, My pop up blocker
has disappeared. I have spent several hours with earthlink by email, chat,
phone trying to get my pop up blocker back. Nothing worked. I am able to get
onto my home page by keep changing back to my default page in internet
options. Now I can not do my computer task any longer, like scan files,
defrageting. Is this because of about blank do you think. I can across this
site by chance, I was trying to find info. about ...about:blank since
earthlink was no help and virus scan showed no virus. Has anyone else lost
their popup blocker program due to this. also does any one know how I got it,
the only thing I can think of is my son downloaded asolute poker from the
internet and play pocker on the internet. I want to uninstall it, even with
his objections, for he does not feel this causes the problem. Thank for any
help to my questions. Billie Ann
blank, in the past few days. I have earthlink total access, which has pop
up blocker on it, but after I started getting about blank, My pop up blocker
has disappeared. I have spent several hours with earthlink by email, chat,
phone trying to get my pop up blocker back. Nothing worked. I am able to get
onto my home page by keep changing back to my default page in internet
options. Now I can not do my computer task any longer, like scan files,
defrageting. Is this because of about blank do you think. I can across this
site by chance, I was trying to find info. about ...about:blank since
earthlink was no help and virus scan showed no virus. Has anyone else lost
their popup blocker program due to this. also does any one know how I got it,
the only thing I can think of is my son downloaded asolute poker from the
internet and play pocker on the internet. I want to uninstall it, even with
his objections, for he does not feel this causes the problem. Thank for any
help to my questions. Billie Ann
G
Guest
Why don't you share it with us and thing is worth a try