PC Pals Forum
Technical Help & Discussion => Windows PCs & Software: Help, News & Discussion => Topic started by: spooner on July 14, 2004, 20:36
-
Can`t belive it, i`ve been hijacked again, this time my home page is called `about blank search engine`, keep trying the spybot + hijack this method but it don`t seem to be working ???
anybody any other methods
cheers guys
spooner
-
Did you download Spyware Blaster (http://www.javacoolsoftware.com/) after the last episode? This should stop these sorts of things getting into your PC, which then saves the hassle of trying to remove them!
I've had a look on Google, but there's nothing under "about blank search engine". All I can suggest, until someone like Dack comes along, is to temporarily disable System Restore (don't forget to switch it back on again after!), and run Ad Aware and Spybot in Safe Mode. Are you sure it's actually hijacked your home page? Ad Aware is currently producing a false positive, regarding 'about blank', which is actually totally harmless. See here. (http://www.lavasoftsupport.com/index.php?s=578e9104bf7e30f55eef392520fa272d&showtopic=27767)
-
I suspect that Coolwebshredder might solve your problem Spooner. ;)
http://www.snapfiles.com/get/coolwebshredder.html
-
Thx for replying chaps, done all this that you said, now for my home page i just get about:blank in the address bar with a blank screen, everytime i set it back to google as my start page it just reverts back to about:blank,
this is my hijack this log, if this can help
Logfile of HijackThis v1.98.0
Scan saved at 21:54:06, on 14/07/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Norton Internet Security\IAMAPP.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\INCRED~1\bin\IMAPP.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\Program Files\Norton Internet Security\NISSERV.EXE
C:\Program Files\Norton Internet Security\SymProxySvc.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Norton Internet Security\ATRACK.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Simon\Local Settings\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.blueyonder.co.uk/dial
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by blueyonder
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=webcache.blueyonder.co.uk:8080
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Internet Security\IAMAPP.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Tracks Eraser] C:\Program Files\Tracks Eraser\te.exe min
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.blueyonder.co.uk/dial
-
How are you setting the Home Page? Are you setting it in Tools > Internet Options? If you are running Spybot, look in the Tools section, under IE Tweaks, where there is an option to stop the Home Page being changed. If it's ticked, untick it, set the Home Page you want, then tick it again to stop it being changed. Also, if you are running Spyware Blaster, that also has a feature to disable the home page setting area, in IE Tools.
-
tried that, i disabled the start page tool in spyblaster with it set to google, closed ie down opened it up again and it went to about:blank,
mi eds dun in :'(
-
gunna try this
http://www.akadia.com/services/about_blank_virus.html
-
Looks like a good way of fixing it.
May also be worth you trying to run:
http://malwarebytes.biz/AboutBuster.zip (http://malwarebytes.biz/AboutBuster.zip)
Which fixes a variant of it. Remember to boot up in safe mode before running
-
That did it mate, sorted, thx a lot
spooner
will put this on a new thread to help others
cheers ;)
-
:welldone: Spooner!