Sponsor for PC Pals Forum

Author Topic: Been Hijacked AGAIN !  (Read 1402 times)

Offline spooner

  • Regular Member
  • **
  • Posts: 61
Been Hijacked AGAIN !
« on: July 14, 2004, 20:36 »
Can`t belive it, i`ve been hijacked again, this time my home page is called `about blank search engine`, keep trying the spybot + hijack this method but it don`t seem to be working  ???
anybody any other methods
cheers guys

spooner
sed all my sick, t`morra i`m ringing in dead !

Offline Simon

  • Administrator
  • *****
  • Posts: 77923
  • First to score 7/7 in Quiz of The Week's News 2017
Re:Been Hijacked AGAIN !
« Reply #1 on: July 14, 2004, 20:46 »
Did you download Spyware Blaster after the last episode?  This should stop these sorts of things getting into your PC, which then saves the hassle of trying to remove them!

I've had a look on Google, but there's nothing under "about blank search engine".  All I can suggest, until someone like Dack comes along, is to temporarily disable System Restore (don't forget to switch it back on again after!), and run Ad Aware and Spybot in Safe Mode.  Are you sure it's actually hijacked your home page?  Ad Aware is currently producing a false positive, regarding 'about blank', which is actually totally harmless.  See here.
Many thanks to all our members, who have made PC Pals such an outstanding success!   :thumb:

Offline Clive

  • Administrator
  • *****
  • Posts: 75153
  • Won Quiz of the Year 2015,2016,2017, 2020, 2021
Re:Been Hijacked AGAIN !
« Reply #2 on: July 14, 2004, 21:15 »
I suspect that Coolwebshredder might solve your problem Spooner.   ;)

http://www.snapfiles.com/get/coolwebshredder.html

Offline spooner

  • Regular Member
  • **
  • Posts: 61
Re:Been Hijacked AGAIN !
« Reply #3 on: July 14, 2004, 21:59 »
Thx for replying chaps, done all this that you said, now for my home page i just get about:blank in the address bar with a blank screen, everytime i set it back to google as my start page it just reverts back to about:blank,
this is my hijack this log, if this can help
Logfile of HijackThis v1.98.0
Scan saved at 21:54:06, on 14/07/2004
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Norton Internet Security\IAMAPP.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\INCRED~1\bin\IMAPP.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\Program Files\Norton Internet Security\NISSERV.EXE
C:\Program Files\Norton Internet Security\SymProxySvc.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Norton Internet Security\ATRACK.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Simon\Local Settings\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.blueyonder.co.uk/dial
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by blueyonder
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=webcache.blueyonder.co.uk:8080
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Internet Security\IAMAPP.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Tracks Eraser] C:\Program Files\Tracks Eraser\te.exe min
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.blueyonder.co.uk/dial

sed all my sick, t`morra i`m ringing in dead !

Offline Simon

  • Administrator
  • *****
  • Posts: 77923
  • First to score 7/7 in Quiz of The Week's News 2017
Re:Been Hijacked AGAIN !
« Reply #4 on: July 14, 2004, 22:17 »
How are you setting the Home Page?  Are you setting it in Tools > Internet Options?  If you are running Spybot, look in the Tools section, under IE Tweaks, where there is an option to stop the Home Page being changed.  If it's ticked, untick it, set the Home Page you want, then tick it again to stop it being changed.  Also, if you are running Spyware Blaster, that also has a feature to disable the home page setting area, in IE Tools.
Many thanks to all our members, who have made PC Pals such an outstanding success!   :thumb:

Offline spooner

  • Regular Member
  • **
  • Posts: 61
Re:Been Hijacked AGAIN !
« Reply #5 on: July 14, 2004, 22:36 »
tried that, i disabled the start page tool in spyblaster with it set to google, closed ie down opened it up again and it went to about:blank,
mi eds dun in  :'(
sed all my sick, t`morra i`m ringing in dead !

Offline spooner

  • Regular Member
  • **
  • Posts: 61
Re:Been Hijacked AGAIN !
« Reply #6 on: July 14, 2004, 23:07 »
gunna try this
http://www.akadia.com/services/about_blank_virus.html
sed all my sick, t`morra i`m ringing in dead !

Offline Dack

  • Established Member
  • ****
  • Posts: 831
Re:Been Hijacked AGAIN !
« Reply #7 on: July 15, 2004, 00:11 »
Looks like a good way of fixing it.

May also be worth you trying to run:
http://malwarebytes.biz/AboutBuster.zip

Which fixes a variant of it. Remember to boot up in safe mode before running
hey promised the earth! Then delivered mud.
Technically it did meet the spec.

Offline spooner

  • Regular Member
  • **
  • Posts: 61
Re:Been Hijacked AGAIN !
« Reply #8 on: July 15, 2004, 21:00 »
That did it mate, sorted, thx a lot

spooner

will put this on a new thread to help others

cheers  ;)
sed all my sick, t`morra i`m ringing in dead !

Offline Clive

  • Administrator
  • *****
  • Posts: 75153
  • Won Quiz of the Year 2015,2016,2017, 2020, 2021
Re:Been Hijacked AGAIN !
« Reply #9 on: July 15, 2004, 21:12 »
:welldone: Spooner!


Show unread posts since last visit.
Sponsor for PC Pals Forum