A
Al
How in the world can I remove About Blank from the home
page of IE??
page of IE??
J
Jan Il
Hi Al 
About:blank
You have a nasty coolwebsearch infection that uses a hidden dll to reinfect.
It can replicate itself over and over if not removed properly.
This variant does everything in its powers to redirect you to a domain
owned by 1-se.com. IE is hijacked to it, the hosts file is replaced to
redirect about 100 porn and CWS domains to 1-se.com, and a randomly named
stylesheet is dropped that redirects to 1-se.com when certain keywords
appear in webpages.
<<<<BE SURE TO FOLLOW ALL INSTRUCTIONS CAREFULLY>>>>
CAUTION!!!!!
Before you try to remove spyware using any of the programs below, download a
copy of LSPFIX from any of the following sites:
http://www.cexx.org/lspfix.htm
http://www.spychecker.com/program/winsockxpfix.html (if your OS is Win2k or
XP) The process of removing certain malware may kill your internet
connection. If this should occur, this program, LSPFIX, will enable you to
regain your connection.
Also, get a copy of WINSOCKFIX available at:
http://www.spychecker.com/program/winsockxpfix.html
RUN ALL PROGRAMS OFF LINE IN SAFE MODE AND SHOW HIDDEN FILES.
THEN REBOOT AND RUN THEM AGAIN TO BE SURE ALL FILES ARE
ACCESSED, DELETING ALL ITEMS DISPLAYED IN RED IN SPYBOT
HOW TO Restart in Safe Mode
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406
HOW TO Enable Hidden Files
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2002092715262339
For the earlier variant of about: blank, running CWShredder,
AdAware, and Spybot in Safe Mode resolves the issue.
CWShredder
http://www.spywareinfo.com/~merijn/downloads.html
or
http://www.aumha.org/downloads/cwshredder.zip)
Removing the AboutBlank Virus
http://www.akadia.com/services/about_blank_virus.html
If that does not work then try the following:
Courtesy of Mow Green (a.k.a.Steve Wechsler) - MS MVP
This is a newer variant of about: blank. Methods that previously
removed it have_not had any effect on it , so far. Have NOT tested
either yet so use at your own risk ... hopefully, these 2 tools do
the job.
about:blank
http://www.atribune.org/downloads/AboutBuster.zip
or
http://tools.zerosrealm.com/AboutBuster.zip
res://C:\WINDOWS\<random name>.dll/sp.html#<random number>
http://www.hsremove.com/
SpyBot Search & Destroy: Free
http://download.com.com/3000-8022-10289035.html?tag=lst-0-2
AdAware: Free
http://www.lavasoftusa.com/support/download/
HOW TO: Reconfigure Ad-aware for a Full Scan
http://forum.aumha.org/viewtopic.php?t=5877
HiJackThis:
Unzip the Download file in a NEW FOLDER that you can create before you start
the download.
DO NOT install in your Desktop folder.
DO NOT use any of the TEMP folders that are presently in your computer.
Double-click "HijackThis.exe" and Press "Scan".
Go to:
http://computercops.biz/downloads-cat-14.html ,
or
http://www.aumha.org/a/parasite.php#hjt
(If you get a 404 error or Access denied, try:
http://216.180.252.218/~spywareinfo.com/downloads/tools/hijackthis.zip)
and download HiJackThis to the new folder. Unzip to a folder other than your
Desktop or the Temp folder, doubleclick HiJackThis.exe, and hit "Scan".
When the scan is finished, the "Scan" button will change into a "Save Log"
button. Press that, save the log some place you remember where it is.
Most of what it lists will be harmless or even required, so DO NOT fix
anything yet.
Open the copy of your log in NotePad and make a copy. Then you can go to one
of the following to post your log:
<<PLEASE DO NOT POST YOUR LOG FILE TO THIS NEWSGROUP>>
Spyware and Hijackware Removal Support, here:
http://216.180.233.162/~swicom/forums/
or Net-Integration here:
http://www.net-integration.net/cgi-...86d536d57b5f65b6e40c55365e;act=ST;f=27;t=6949
or Tom Coyote here:
http://forums.tomcoyote.org/index.php?act=idx
You will need to register to open a new thread to post you log. It is free,
and no one will Spam you, it is one of many that provides this service. Once
registered, go to the HiJackThis section on the forum list and click to
open. Then start a new post and post your log. The experts there will
analyze the log and report back the results. Please allow at least a few
hours or a days time for a response, depending on when you post the log
Remember, you must return to the HJT site to get your answer. It is a good
idea to click the "Notify" box so that you will get an electronic
notification by e-mail to let you know when a response has been posted.
But, you must still return to the site of your answer
HJT Tutorial
http://www.bleepingcomputer.com/forums/index.php?showtutorial=42
Hope this helps.
Jan
Smiles are meant to be shared,
that's why they're so contagious.
Please reply to the newsgroup so others may benefit.
Replies are posted only to the newsgroup for the benefit or other readers.
How to make a good newsgroup post:
http://www.dts-l.org/goodpost.htm
About:blank
You have a nasty coolwebsearch infection that uses a hidden dll to reinfect.
It can replicate itself over and over if not removed properly.
This variant does everything in its powers to redirect you to a domain
owned by 1-se.com. IE is hijacked to it, the hosts file is replaced to
redirect about 100 porn and CWS domains to 1-se.com, and a randomly named
stylesheet is dropped that redirects to 1-se.com when certain keywords
appear in webpages.
<<<<BE SURE TO FOLLOW ALL INSTRUCTIONS CAREFULLY>>>>
CAUTION!!!!!
Before you try to remove spyware using any of the programs below, download a
copy of LSPFIX from any of the following sites:
http://www.cexx.org/lspfix.htm
http://www.spychecker.com/program/winsockxpfix.html (if your OS is Win2k or
XP) The process of removing certain malware may kill your internet
connection. If this should occur, this program, LSPFIX, will enable you to
regain your connection.
Also, get a copy of WINSOCKFIX available at:
http://www.spychecker.com/program/winsockxpfix.html
RUN ALL PROGRAMS OFF LINE IN SAFE MODE AND SHOW HIDDEN FILES.
THEN REBOOT AND RUN THEM AGAIN TO BE SURE ALL FILES ARE
ACCESSED, DELETING ALL ITEMS DISPLAYED IN RED IN SPYBOT
HOW TO Restart in Safe Mode
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406
HOW TO Enable Hidden Files
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2002092715262339
For the earlier variant of about: blank, running CWShredder,
AdAware, and Spybot in Safe Mode resolves the issue.
CWShredder
http://www.spywareinfo.com/~merijn/downloads.html
or
http://www.aumha.org/downloads/cwshredder.zip)
Removing the AboutBlank Virus
http://www.akadia.com/services/about_blank_virus.html
If that does not work then try the following:
Courtesy of Mow Green (a.k.a.Steve Wechsler) - MS MVP
This is a newer variant of about: blank. Methods that previously
removed it have_not had any effect on it , so far. Have NOT tested
either yet so use at your own risk ... hopefully, these 2 tools do
the job.
about:blank
http://www.atribune.org/downloads/AboutBuster.zip
or
http://tools.zerosrealm.com/AboutBuster.zip
res://C:\WINDOWS\<random name>.dll/sp.html#<random number>
http://www.hsremove.com/
SpyBot Search & Destroy: Free
http://download.com.com/3000-8022-10289035.html?tag=lst-0-2
AdAware: Free
http://www.lavasoftusa.com/support/download/
HOW TO: Reconfigure Ad-aware for a Full Scan
http://forum.aumha.org/viewtopic.php?t=5877
HiJackThis:
Unzip the Download file in a NEW FOLDER that you can create before you start
the download.
DO NOT install in your Desktop folder.
DO NOT use any of the TEMP folders that are presently in your computer.
Double-click "HijackThis.exe" and Press "Scan".
Go to:
http://computercops.biz/downloads-cat-14.html ,
or
http://www.aumha.org/a/parasite.php#hjt
(If you get a 404 error or Access denied, try:
http://216.180.252.218/~spywareinfo.com/downloads/tools/hijackthis.zip)
and download HiJackThis to the new folder. Unzip to a folder other than your
Desktop or the Temp folder, doubleclick HiJackThis.exe, and hit "Scan".
When the scan is finished, the "Scan" button will change into a "Save Log"
button. Press that, save the log some place you remember where it is.
Most of what it lists will be harmless or even required, so DO NOT fix
anything yet.
Open the copy of your log in NotePad and make a copy. Then you can go to one
of the following to post your log:
<<PLEASE DO NOT POST YOUR LOG FILE TO THIS NEWSGROUP>>
Spyware and Hijackware Removal Support, here:
http://216.180.233.162/~swicom/forums/
or Net-Integration here:
http://www.net-integration.net/cgi-...86d536d57b5f65b6e40c55365e;act=ST;f=27;t=6949
or Tom Coyote here:
http://forums.tomcoyote.org/index.php?act=idx
You will need to register to open a new thread to post you log. It is free,
and no one will Spam you, it is one of many that provides this service. Once
registered, go to the HiJackThis section on the forum list and click to
open. Then start a new post and post your log. The experts there will
analyze the log and report back the results. Please allow at least a few
hours or a days time for a response, depending on when you post the log
Remember, you must return to the HJT site to get your answer. It is a good
idea to click the "Notify" box so that you will get an electronic
notification by e-mail to let you know when a response has been posted.
But, you must still return to the site of your answer
HJT Tutorial
http://www.bleepingcomputer.com/forums/index.php?showtutorial=42
Hope this helps.
Jan
Smiles are meant to be shared,
that's why they're so contagious.
Please reply to the newsgroup so others may benefit.
Replies are posted only to the newsgroup for the benefit or other readers.
How to make a good newsgroup post:
http://www.dts-l.org/goodpost.htm
A
Al
www.akadia.com/service/about_blank_virus.html-----Original Message-----
Hi Al
About:blank
You have a nasty coolwebsearch infection that uses a hidden dll to reinfect.
It can replicate itself over and over if not removed properly.
This variant does everything in its powers to redirect you to a domain
owned by 1-se.com. IE is hijacked to it, the hosts file is replaced to
redirect about 100 porn and CWS domains to 1-se.com, and a randomly named
stylesheet is dropped that redirects to 1-se.com when certain keywords
appear in webpages.
<<<<BE SURE TO FOLLOW ALL INSTRUCTIONS CAREFULLY>>>>
CAUTION!!!!!
Before you try to remove spyware using any of the programs below, download a
copy of LSPFIX from any of the following sites:
http://www.cexx.org/lspfix.htm
http://www.spychecker.com/program/winsockxpfix.html (if your OS is Win2k or
XP) The process of removing certain malware may kill your internet
connection. If this should occur, this program, LSPFIX, will enable you to
regain your connection.
Also, get a copy of WINSOCKFIX available at:
http://www.spychecker.com/program/winsockxpfix.html
RUN ALL PROGRAMS OFF LINE IN SAFE MODE AND SHOW HIDDEN FILES.
THEN REBOOT AND RUN THEM AGAIN TO BE SURE ALL FILES ARE
ACCESSED, DELETING ALL ITEMS DISPLAYED IN RED IN SPYBOT
HOW TO Restart in Safe Mode
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2 001052409420406
HOW TO Enable Hidden Files
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2 002092715262339
For the earlier variant of about: blank, running CWShredder,
AdAware, and Spybot in Safe Mode resolves the issue.
CWShredder
http://www.spywareinfo.com/~merijn/downloads.html
or
http://www.aumha.org/downloads/cwshredder.zip)
Removing the AboutBlank Virus
http://www.akadia.com/services/about_blank_virus.html
If that does not work then try the following:
Courtesy of Mow Green (a.k.a.Steve Wechsler) - MS MVP
This is a newer variant of about: blank. Methods that previously
removed it have_not had any effect on it , so far. Have NOT tested
either yet so use at your own risk ... hopefully, these 2 tools do
the job.
about:blank
http://www.atribune.org/downloads/AboutBuster.zip
or
http://tools.zerosrealm.com/AboutBuster.zip
res://C:\WINDOWS\<random name>.dll/sp.html#<random number>
http://www.hsremove.com/
SpyBot Search & Destroy: Free
http://download.com.com/3000-8022-10289035.html?tag=lst-0- 2
AdAware: Free
http://www.lavasoftusa.com/support/download/
HOW TO: Reconfigure Ad-aware for a Full Scan
http://forum.aumha.org/viewtopic.php?t=5877
HiJackThis:
Unzip the Download file in a NEW FOLDER that you can create before you start
the download.
DO NOT install in your Desktop folder.
DO NOT use any of the TEMP folders that are presently in your computer.
Double-click "HijackThis.exe" and Press "Scan".
Go to:
http://computercops.biz/downloads-cat-14.html ,
or
http://www.aumha.org/a/parasite.php#hjt
(If you get a 404 error or Access denied, try:
http://216.180.252.218/~spywareinfo.com/downloads/tools/hi jackthis.zip)
and download HiJackThis to the new folder. Unzip to a folder other than your
Desktop or the Temp folder, doubleclick HiJackThis.exe, and hit "Scan".
When the scan is finished, the "Scan" button will change into a "Save Log"
button. Press that, save the log some place you remember where it is.
Most of what it lists will be harmless or even required, so DO NOT fix
anything yet.
Open the copy of your log in NotePad and make a copy. Then you can go to one
of the following to post your log:
<<PLEASE DO NOT POST YOUR LOG FILE TO THIS NEWSGROUP>>
Spyware and Hijackware Removal Support, here:
http://216.180.233.162/~swicom/forums/
or Net-Integration here:
http://www.net-integration.net/cgi- bin/forum/ikonboard.cgi?
s=d3c2c886d536d57b5f65b6e40c55365e;act=ST;f=27;t=6949
or Tom Coyote here:
http://forums.tomcoyote.org/index.php?act=idx
You will need to register to open a new thread to post you log. It is free,
and no one will Spam you, it is one of many that provides this service. Once
registered, go to the HiJackThis section on the forum list and click to
open. Then start a new post and post your log. The experts there will
analyze the log and report back the results. Please allow at least a few
hours or a days time for a response, depending on when you post the log
Remember, you must return to the HJT site to get your answer. It is a good
idea to click the "Notify" box so that you will get an electronic
notification by e-mail to let you know when a response has been posted.
But, you must still return to the site of your answer
HJT Tutorial
http://www.bleepingcomputer.com/forums/index.php? showtutorial=42
Hope this helps.
Jan
Smiles are meant to be shared,
that's why they're so contagious.
Please reply to the newsgroup so others may benefit.
Replies are posted only to the newsgroup for the benefit or other readers.
How to make a good newsgroup post:
http://www.dts-l.org/goodpost.htm
.
Thanks, but this article helped:
Al
J
Jan Il
Hi Al
You're very welcome. Good work! Glad to hear you were able to get your
system back in order.
Thank you for letting us know what helpe resolve your problem, and for the
benefit of other readers.
Jan
Smiles are meant to be shared,
that's why they're so contagious.
You're very welcome. Good work! Glad to hear you were able to get your
system back in order.
Thank you for letting us know what helpe resolve your problem, and for the
benefit of other readers.
Jan
Smiles are meant to be shared,
that's why they're so contagious.