Odd Ad-aware report - blank page

  • Thread starter Thread starter Anthony Giorgianni
  • Start date Start date
A

Anthony Giorgianni

Hello All

I'm just wondering if anyone else sees this. Running Win98se, I have my
Internet Explorer 6 set to no homepage "Blank page," so that my browser
doesn't try to go to a page if I open it while off line. The interesting
thing is that, lately, when I run Ad Aware, it identifies the "blank page"
entries in my registry as two possible home page hijack attempts and wants
to delete them. If I delete them, my browser's home page resets to default
www.msn.com.

Specifically, Ad Aware says:

Vendor:Possible Browser Hijack attempt
Category:Data Miner
Object Type:RegData
Size:-
Location:Software\Microsoft\Internet Explorer\Main "Start Page"
("about:blank")
Last Activity:05-13-2004
Risk LevelMedium
Comment:Possible browser hijack attempt
Description:Possible attempt to control\redirect the browser. This object
refers to a "blacklisted" site.

This never happened before. I'm wondering if I somehow made "aboutblank" a
blacklisted page or did the publisher add this during a recent update? Any
ideas?

Thanks.


--
Regards,
Anthony Giorgianni

The return address for this post is fictitious. Please reply by posting back
to the newsgroup.
 
"Anthony Giorgianni" <[email protected]>
wrote in
Hello All

I'm just wondering if anyone else sees this. Running Win98se, I have
my Internet Explorer 6 set to no homepage "Blank page," so that my
browser doesn't try to go to a page if I open it while off line. The
interesting thing is that, lately, when I run Ad Aware, it identifies
the "blank page" entries in my registry as two possible home page
hijack attempts and wants to delete them. If I delete them, my
browser's home page resets to default www.msn.com.
Click to expand...

Same thing happening here, since my last ad-aware update it wants to change
my about:blank to msn.com, with spywareguard kicking in to prevent this,
it's quite annoying, solutions also welcome here.

grtz Bloned
 
Anthony Giorgianni typed:
Hello All

I'm just wondering if anyone else sees this. Running Win98se, I have
my Internet Explorer 6 set to no homepage "Blank page," so that my
browser doesn't try to go to a page if I open it while off line. The
interesting thing is that, lately, when I run Ad Aware, it identifies
the "blank page" entries in my registry as two possible home page
hijack attempts and wants to delete them. If I delete them, my
browser's home page resets to default www.msn.com.

Specifically, Ad Aware says:

Vendor:Possible Browser Hijack attempt
Category:Data Miner
Object Type:RegData
Size:-
Location:Software\Microsoft\Internet Explorer\Main "Start Page"
("about:blank")
Last Activity:05-13-2004
Risk LevelMedium
Comment:Possible browser hijack attempt
Description:Possible attempt to control\redirect the browser. This
object refers to a "blacklisted" site.

This never happened before. I'm wondering if I somehow made
"aboutblank" a blacklisted page or did the publisher add this during
a recent update? Any ideas?

Thanks.
Click to expand...

The CWS hijackers have used this in their hijacks.

If you are absolutely sure that the about:blank has been set by you and not
CWS then put the about:blank in Ad-aware's ignore list.
 
Hello All

I'm just wondering if anyone else sees this. Running Win98se, I have my
Internet Explorer 6 set to no homepage "Blank page," so that my browser
doesn't try to go to a page if I open it while off line. The interesting
thing is that, lately, when I run Ad Aware, it identifies the "blank page"
entries in my registry as two possible home page hijack attempts and wants
to delete them. If I delete them, my browser's home page resets to default
www.msn.com.
Click to expand...

I had a very similar problem recently. IE was being opened in the
background, trying to visit a specific porn site everytime I connected to
the Internet. The only reason I knew about it was that WeBlocker (another
freebie) was shouting "Blocked!" every few minutes. SpyBot S&D, HijackThis
and AVG 6 all failed to spot anything; meantime AdAware was giving me a
similar message to yours. Major frustration!

Then, in one of the HijackThis reports (I think) I noticed that it was
pointing to C:\Windows\rundll32.exe. Initially I ignored it, as I thought
I'd had in my Startup folder for quite a while. Later I checked it out, and
the file was dated 2/5/2004 -- the day on which my problems started. I
removed it from Startup, and the secret connection attempts stopped.

Then just yesterday the latest reflist from AVG picked up a Trojan called
Startpage.4.AR in rundll32.exe. It's now been quarantined, and my computer
(OS: XP Home) is no worse off for it.

So you might like to check out that rundll32.exe file...

Mike
 
Thanks Calamity.

I didn't see that ignore list stuff. realize that ignore stuff was there.
Looks like it's not a hijack attempt, just my settings.


--
Regards,
Anthony Giorgianni

The return address for this post is fictitious. Please reply by posting back
to the newsgroup.
 
Thanks Mike

I scanned everything with the latest AVG, including rundll.exe specifically.
Everything looks clean. I just added the two entries to the ad-aware ignore
list


--
Regards,
Anthony Giorgianni

The return address for this post is fictitious. Please reply by posting back
to the newsgroup.
 
"Anthony Giorgianni" <[email protected]>
wrote in message
Hello All

I'm just wondering if anyone else sees this. Running Win98se, I have my
Internet Explorer 6 set to no homepage "Blank page," so that my browser
doesn't try to go to a page if I open it while off line. The interesting
thing is that, lately, when I run Ad Aware, it identifies the "blank page"
entries in my registry as two possible home page hijack attempts and wants
to delete them. If I delete them, my browser's home page resets to default
www.msn.com.

Specifically, Ad Aware says:

Vendor:Possible Browser Hijack attempt
Category:Data Miner
Object Type:RegData
Size:-
Location:Software\Microsoft\Internet Explorer\Main "Start Page"
("about:blank")
Last Activity:05-13-2004
Risk LevelMedium
Comment:Possible browser hijack attempt
Description:Possible attempt to control\redirect the browser. This object
refers to a "blacklisted" site.

This never happened before. I'm wondering if I somehow made "aboutblank" a
blacklisted page or did the publisher add this during a recent update? Any
ideas?

Thanks.


--
Regards,
Anthony Giorgianni

The return address for this post is fictitious. Please reply by posting back
to the newsgroup.
Click to expand...

Hi, use this instead: C:\Program Files\Internet
Explorer\iexplore.exe" -nohome

Cheers,
Rick Tuinstra
 
CalamityKen said:
Anthony Giorgianni typed:

The CWS hijackers have used this in their hijacks.
If you are absolutely sure that the about:blank has been set by you and not
CWS then put the about:blank in Ad-aware's ignore list.
Click to expand...

I don't think this is very good advice. That way, it will never be known if and when
the about:blank "decoy" has been installed as spyware in future scans. I would rather
point the browser to any picture on the system and set it as the home page. That way
any changes will be noticeably reported.
 
Good Suggestion, Jona, thx. I forgot about doing that. Also, I had planned
some time back to create my own local web page with all the links internet
and otherwise, with photo, calendar and other stuff. Might use Blink to
create that now and point to it.
 
Great solution for the problem, removed the items from the ignorelist in
ad-aware, and "looking" at a little white gif as my homepage,
thanks for the info.

grtz Bloned
 
Bloned said:
Great solution for the problem, removed the items from the ignorelist in
ad-aware, and "looking" at a little white gif as my homepage,
thanks for the info.
Click to expand...

I tried putting in a .jpg picture as my homepage, and it, too, brought
up the malware warning. So I'm back to using about:blank and keeping
it on the ignore list.
 
Maureen said:
I tried putting in a .jpg picture as my homepage, and it, too, brought
up the malware warning. So I'm back to using about:blank and keeping
it on the ignore list.
Click to expand...

Strange, just doublechecked on my system (win98SE), a .gif as my homepage,
nothing in the ignore list and ad-aware doesn't find anything. Could it have
to do anything with the file-extension (me using a.gif, you using a .jpg) ?
Or are you actually affected with something ?

grtzBloned
 
I've used jpeg homepage with no warnings from Ad-Aware.


--
Regards,
Anthony Giorgianni

The return address for this post is fictitious. Please reply by posting back
to the newsgroup.
 
Maureen said:
I tried putting in a .jpg picture as my homepage, and it, too, brought
up the malware warning. So I'm back to using about:blank and keeping
it on the ignore list.
Click to expand...

It's Ad-aware's last reflist update causing this. I know that for two
reasons:

1. I'd run Ad-aware and got a clean report, then about ten minutes
later had received their email notice about an update. Whathell, I
downloaded it and ran Ad-aware again and up pops this warning of an
about:blank problem regarding my MSIE.

2. It's been over a year since the last time I used MSIE...

I put this problem on the Ignore List.
 
Russ said:
It's Ad-aware's last reflist update causing this. I know that for two
reasons:

1. I'd run Ad-aware and got a clean report, then about ten minutes
later had received their email notice about an update. Whathell, I
downloaded it and ran Ad-aware again and up pops this warning of an
about:blank problem regarding my MSIE.

2. It's been over a year since the last time I used MSIE...

I put this problem on the Ignore List.
Click to expand...
I too developed the problem, and I too believe it's from a recent
update. I had changed nothing in my system yet suddenly this error came
up. I noticed that in Internet Settings when Adaware reported a
possible home page hijack the listing was correct, BUT when I told
Adaware to delete the 'error' it immediately CHANGED in my home page box
to the 'possilbe infected file' address! Bizarre behaviour indeed,
entirely opposite of what one would expect.

After not finding any other recourse, I ignore-listed it. This just
cropped up out of nowhere so it's clearly a flaw in Adaware.
 
Mister said:
I too developed the problem, and I too believe it's from a recent
update.
Click to expand...

Strange again, because my ad-aware is up-to-date (ref file 01R304 16.05.2004
loaded) and like I said, it works for me, a .gif as my homepage and nothing
in the ignorelist results in a clean scan, so maybe it's OS depended ?
(win98SE here)
 
Bloned said:
Strange again, because my ad-aware is up-to-date (ref file 01R304 16.05.2004
loaded) and like I said, it works for me, a .gif as my homepage and nothing
in the ignorelist results in a clean scan, so maybe it's OS depended ?
(win98SE here)
Click to expand...
I had a blank page for my home, for well over a year with no adverse
affects. I've also used Adaware at least that long (on XP). I really
don't think it's OS related as it seemed to just suddenly start
happening. It's no biggie, really, and I'm sure if I routed the home
page to a .gif it would work just fine. I think it's simply in a recent
Adaware update.
 
Mister said:
I had a blank page for my home, for well over a year with no adverse
affects. I've also used Adaware at least that long (on XP). I really
don't think it's OS related as it seemed to just suddenly start
happening. It's no biggie, really, and I'm sure if I routed the home
page to a .gif it would work just fine. I think it's simply in a
recent Adaware update.
Click to expand...

Quoting Jona in an earlier post:
"I don't think this is very good advice. That way, it will never be known if
and when
the about:blank "decoy" has been installed as spyware in future scans. I
would rather
point the browser to any picture on the system and set it as the home page.
That way
any changes will be noticeably reported."

But you could set your homepage to "about: " , this also is a blank page and
ad-aware has no problems with it.
 
Back
Top