 |
|
 |
|
|
 |
about:blank SPYWARE... help me!!! |
 |
 |
|
|
05-06-04 01:34 AM
ok, so about a week and a half ago i contracted a vicious
spyware that I call the "about:blank" spyware. this
thing changed my homepage to the URL "about:blank" but a
webpage that is titled "Seach For..." with various
subjects like "art," "cars," and "shopping."
now, im no fool. i tried basic anti-spyware programs
like Webroot and Spybot Search and Destroy, but nothing
changed. So i got Hijack This and ran it. I found what
the spyware was, deleted it and changed my homepage back
to Google. Everything went fine for maybe 24 hours and
then it re-appeared. So i ran Hijack This again and
found the spyware's file in the System32 folder and
deleted it in SAFE MODE. for a while, everything went
well, but now it's back and angry.
its given me two Trojan viruses and now i get
two "about:blank" popups everytime i start up IE along
with my homepage URL being "about:blank". so, does
anyone know how to stop the "about:blank" spyware? if so,
please help me and the many other victims.
i run Windows XP on a Falcon NorthWest Fragbox. i have
NAV.
[ Post a follow-up to this message ]
|
|
|
 |
|
 |
|
 |
|
|
|
Re: about:blank SPYWARE... help me!!! |
|
|
|
|
05-08-04 03:41 PM
I am having same problem....I have tried many of the same things as
you, but with no success. I can't even get to the Trendmicro free
online virus / worm scan....not sure if this is caused by this thing.
I will post if I find a fix.
....frustrating
"Bmac" <bmac8903@yahoo.com> wrote in message news:<90aa01c432fd$66ccd0b0$a001280a@phx.gbl>..
.
> ok, so about a week and a half ago i contracted a vicious
> spyware that I call the "about :blank" spyware. this
> thing changed my homepage to the URL "about :blank" but a
> webpage that is titled "Seach For..." with various
> subjects like "art," "cars," and "shopping."
>
> now, im no fool. i tried basic anti-spyware programs
> like Webroot and Spybot Search and Destroy, but nothing
> changed. So i got Hijack This and ran it. I found what
> the spyware was, deleted it and changed my homepage back
> to Google. Everything went fine for maybe 24 hours and
> then it re-appeared. So i ran Hijack This again and
> found the spyware's file in the System32 folder and
> deleted it in SAFE MODE. for a while, everything went
> well, but now it's back and angry.
>
> its given me two Trojan viruses and now i get
> two "about :blank" popups everytime i start up IE along
> with my homepage URL being "about :blank". so, does
> anyone know how to stop the "about :blank" spyware? if so,
> please help me and the many other victims.
>
> i run Windows XP on a Falcon NorthWest Fragbox. i have
> NAV.
[ Post a follow-up to this message ]
|
|
|
|
|
|
|
|
|
|
|
RE: about:blank SPYWARE... help me!!! |
|
|
|
|
05-12-04 01:01 AM
Bummer. But wrong group, try an Internet Explorer group.
----- Bmac wrote: -----
ok, so about a week and a half ago i contracted a vicious
spyware that I call the "about:blank" spyware. this
thing changed my homepage to the URL "about:blank" but a
webpage that is titled "Seach For..." with various
subjects like "art," "cars," and "shopping."
now, im no fool. i tried basic anti-spyware programs
like Webroot and Spybot Search and Destroy, but nothing
changed. So i got Hijack This and ran it. I found what
the spyware was, deleted it and changed my homepage back
to Google. Everything went fine for maybe 24 hours and
then it re-appeared. So i ran Hijack This again and
found the spyware's file in the System32 folder and
deleted it in SAFE MODE. for a while, everything went
well, but now it's back and angry.
its given me two Trojan viruses and now i get
two "about:blank" popups everytime i start up IE along
with my homepage URL being "about:blank". so, does
anyone know how to stop the "about:blank" spyware? if so,
please help me and the many other victims.
i run Windows XP on a Falcon NorthWest Fragbox. i have
NAV.
[ Post a follow-up to this message ]
|
|
|
|
|
|
|
|
|
|
|
Re: about:blank SPYWARE... help me!!! |
|
|
|
|
05-14-04 10:38 AM
Yep me too.I've tried different things to get this crap off my PC with no su
ccess.I'm really starting to get anoid.Someone please help us!!If I find som
ething that works I'll let you know.
****************************************
******************************
Sent via Fuzzy Software @ http://www.fuzzysoftware.com/
Comprehensive, categorised, searchable collection of links to ASP & ASP.NET
resources...
[ Post a follow-up to this message ]
|
|
|
|
|
|
|
|
|
|
|
Re: about:blank SPYWARE... help me!!! |
|
|
|
|
05-16-04 02:34 PM
ok, i have EXACTLY THE SAME THAN YOU, so, i'm using ad-aware 6 and of
course i find the register keys and files some times and erase it, and
not much later it come up again, below i send you the log of my
ad-aware erasing action, you are gonna see in some places the keys
founded and tha "about :blank" key , the ad-aware 6 name it as a
possible browser jacked, or something (i have it in spanish), i know
is not very useful, but maybe with it you can ask for more help as i'm
doing, thanks and sorry i didn't help you more
Lavasoft Ad-aware Personal Build 6.181
Logfile creado:Sábado, 15 de Mayo de 2004 03:00:14 p.m.
Created with Ad-aware Personal, free for private use.
Usando archivo de referencia:01R303 08.05.2004
________________________________________
______________
Ad-aware Settings
=========================
Juego : Activar escaneo en profundidad
Juego : Modo seguro (siempre pide una confirmación)
Juego : Escanear procesos activos
Juego : Escanear registro
Juego : Escanear registro a fondo
Juego : Escanear Favorito de IE para los sitios prohibidos
Juego : Scan my Hosts file
15-05-04 03:00:14 p.m. - Scan started. (Smart mode)
Listando procesos activos
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
#:1 [kernel32.dll]
FilePath : D:\WINDOWS\SYSTEM\
ProcessID : 4291769917
Threads : 4
Priority : High
FileSize : 460 KB
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
Copyright : Copyright (C) Microsoft Corp. 1991-1999
CompanyName : Microsoft Corporation
FileDescription : Win32 Kernel core component
InternalName : KERNEL32
OriginalFilename : KERNEL32.DLL
ProductName : Microsoft(R) Windows(R) Operating System
Created on : 01/01/01
Last accessed : 14/05/04 10:00:00 p.m.
Last modified : 23/04/99 08:22:00 p.m.
#:2 [msgsrv32.exe]
FilePath : D:\WINDOWS\SYSTEM\
ProcessID : 4294903813
Threads : 1
Priority : Normal
FileSize : 11 KB
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
Copyright : Copyright (C) Microsoft Corp. 1992-1998
CompanyName : Microsoft Corporation
FileDescription : Windows 32-bit VxD Message Server
InternalName : MSGSRV32
OriginalFilename : MSGSRV32.EXE
ProductName : Microsoft(R) Windows(R) Operating System
Created on : 01/01/01
Last accessed : 14/05/04 10:00:00 p.m.
Last modified : 23/04/99 08:22:00 p.m.
#:3 [mprexe.exe]
FilePath : D:\WINDOWS\SYSTEM\
ProcessID : 4294932793
Threads : 1
Priority : Normal
FileSize : 28 KB
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
Copyright : Copyright (C) Microsoft Corp. 1993-1998
CompanyName : Microsoft Corporation
FileDescription : WIN32 Network Interface Service Process
InternalName : MPREXE
OriginalFilename : MPREXE.EXE
ProductName : Microsoft(R) Windows(R) Operating System
Created on : 01/01/01
Last accessed : 14/05/04 10:00:00 p.m.
Last modified : 23/04/99 08:22:00 p.m.
#:4 [mmtask.tsk]
FilePath : D:\WINDOWS\SYSTEM\
ProcessID : 4294922617
Threads : 1
Priority : Normal
FileSize : 1 KB
FileVersion : 4.03.1998
ProductVersion : 4.03.1998
Copyright : Copyright
CompanyName : Microsoft Corporation
FileDescription : Multimedia background task support module
InternalName : mmtask.tsk
OriginalFilename : mmtask.tsk
ProductName : Microsoft Windows
Created on : 01/01/01
Last accessed : 14/05/04 10:00:00 p.m.
Last modified : 23/04/99 08:22:00 p.m.
#:5 [explorer.exe]
FilePath : D:\WINDOWS\
ProcessID : 4294718737
Threads : 8
Priority : Normal
FileSize : 176 KB
FileVersion : 4.72.3110.1
ProductVersion : 4.72.3110.1
Copyright : Copyright (C) Microsoft Corp. 1981-1997
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
OriginalFilename : EXPLORER.EXE
ProductName : Microsoft(R) Windows NT(R) Operating System
Created on : 23/04/99 08:22:00 p.m.
Last accessed : 14/05/04 10:00:00 p.m.
Last modified : 23/04/99 08:22:00 p.m.
#:6 [avgcc32.exe]
FilePath : D:\PROGRAM FILES\GRISOFT\AVG6\
ProcessID : 4294776201
Threads : 2
Priority : Normal
FileSize : 337 KB
FileVersion : 6, 0, 0, 515
ProductVersion : 6, 0, 0, 0
Copyright : Copyright
CompanyName : GRISOFT s.r.o.
FileDescription : AVG Control Center
InternalName : AvgCC32
OriginalFilename : AvgCC32.EXE
ProductName : AVG Anti-Virus System
Created on : 26/04/04 01:48:21 p.m.
Last accessed : 14/05/04 10:00:00 p.m.
Last modified : 21/04/04 04:00:00 a.m.
#:7 [realsched.exe]
FilePath : D:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\
ProcessID : 4294799841
Threads : 3
Priority : Normal
FileSize : 176 KB
FileVersion : 0.1.0.3018
ProductVersion : 0.1.0.3018
Copyright : Copyright
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
OriginalFilename : realsched.exe
ProductName : RealPlayer (32-bit)
Created on : 12/05/04 12:35:33 a.m.
Last accessed : 14/05/04 10:00:00 p.m.
Last modified : 12/05/04 12:35:34 a.m.
#:8 [msnmsgr.exe]
FilePath : D:\PROGRAM FILES\MSN MESSENGER\
ProcessID : 4294798149
Threads : 16
Priority : Normal
FileSize : 4572 KB
FileVersion : 6.1.0211
ProductVersion : Version 6.1
Copyright : Copyright (c) Microsoft Corporation 1997-2003
CompanyName : Microsoft Corporation
FileDescription : Messenger
InternalName : msnmsgr
OriginalFilename : msnmsgr.exe
ProductName : Messenger
Created on : 04/03/04 01:01:00 p.m.
Last accessed : 14/05/04 10:00:00 p.m.
Last modified : 04/03/04 01:01:00 p.m.
#:9 [echocon.exe]
FilePath : D:\WINDOWS\SYSTEM\
ProcessID : 4294806545
Threads : 2
Priority : Normal
FileSize : 290 KB
FileVersion : 4.06.1
ProductVersion : 4.06.1
Copyright : Echo Audio. Copyright
CompanyName : Echo Digital Audio
FileDescription : Echo Console for Darla/Gina/Layla
InternalName : 4.06.1
OriginalFilename : EchoCon.Exe
ProductName : Echo Console (Darla\Gina\Layla)
Created on : 01/02/04 02:15:35 a.m.
Last accessed : 14/05/04 10:00:00 p.m.
Last modified : 01/06/99 12:59:42 p.m.
#:10 [pstores.exe]
FilePath : D:\WINDOWS\SYSTEM\
ProcessID : 4294119969
Threads : 5
Priority : Normal
FileSize : 79 KB
FileVersion : 5.00.1877.3
ProductVersion : 5.00.1877.3
Copyright : Copyright (C) Microsoft Corp. 1981-1998
CompanyName : Microsoft Corporation
FileDescription : Protected storage server
InternalName : Protected storage server
OriginalFilename : Protected storage server
ProductName : Microsoft(R) Windows NT(R) Operating System
Created on : 02/05/04 08:44:23 p.m.
Last accessed : 14/05/04 10:00:00 p.m.
Last modified : 23/04/99 08:22:00 p.m.
#:11 [ad-aware.exe]
FilePath : D:\PROGRAM FILES\LAVASOFT\AD-AWARE 6\
ProcessID : 4293932885
Threads : 3
Priority : Normal
FileSize : 668 KB
FileVersion : 6.0.1.181
ProductVersion : 6.0.0.0
Copyright : Copyright
CompanyName : Lavasoft Sweden
FileDescription : Ad-aware 6 core application
InternalName : Ad-aware.exe
OriginalFilename : Ad-aware.exe
ProductName : Lavasoft Ad-aware Plus
Created on : 01/05/04 07:29:02 p.m.
Last accessed : 14/05/04 10:00:00 p.m.
Last modified : 12/07/03 07:00:20 p.m.
Resultados Escaneo de la memoria:
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
Nuevos objetos: 0
Objetos encontrados hasta ahora: 0
Inicio escaneo del Registro
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
CoolWebSearch Objeto reconocido!
Tipo : RegValor
Fecha :
Rootkey : HKEY_LOCAL_MACHINE
Objeto : SOFTWARE\Microsoft\Internet Explorer\Main
Valor : HOMEOldSP
Resultados Escaneo del registro:
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
Nuevos objetos: 1
Objetos encontrados hasta ahora: 1
Inicio escaneo profundo del Registro
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
Posible secuestro del navegador : Software\Microsoft\Internet
Explorer\MainStart Pageabout :blank
Possible Browser Hijack attempt Objeto reconocido!
Tipo : RegFecha
Fecha : "about :blank"
Rootkey : HKEY_CURRENT_USER
Objeto : Software\Microsoft\Internet Explorer\Main
Valor : Start Page
Fecha : "about :blank"
Posible secuestro del navegador : Software\Microsoft\Internet
Explorer\MainStart Pageabout :blank
Possible Browser Hijack attempt Objeto reconocido!
Tipo : RegFecha
Fecha : "about :blank"
Rootkey : HKEY_LOCAL_MACHINE
Objeto : Software\Microsoft\Internet Explorer\Main
Valor : Start Page
Fecha : "about :blank"
Posible secuestro del navegador : .Default\Software\Microsoft\Internet
Explorer\MainStart Pageabout :blank
Possible Browser Hijack attempt Objeto reconocido!
Tipo : RegFecha
Fecha : "about :blank"
Rootkey : HKEY_USERS
Objeto : .Default\Software\Microsoft\Internet
Explorer\Main
Valor : Start Page
Fecha : "about :blank"
CoolWebSearch Objeto reconocido!
Tipo : RegKey
Fecha :
Rootkey : HKEY_CLASSES_ROOT
Objeto : CLSID\{4169B121-A680-11D8-BA6F-0010A1B3D817}
CoolWebSearch Objeto reconocido!
Tipo : Archivo
Fecha : iaen.dll
Objeto : d:\windows\system\
FileSize : 30 KB
Created on : 15/05/04 12:58:07 p.m.
Last accessed : 14/05/04 10:00:00 p.m.
Last modified : 15/05/04 12:58:08 p.m.
CoolWebSearch Objeto reconocido!
Tipo : RegKey
Fecha :
Rootkey : HKEY_CLASSES_ROOT
Objeto : CLSID\{4169B122-A680-11D8-BA6F-001051614660}
CoolWebSearch Objeto reconocido!
Tipo : RegKey
Fecha :
Rootkey : HKEY_CLASSES_ROOT
Objeto : PROTOCOLS\Filter\text/html
CoolWebSearch Objeto reconocido!
Tipo : RegKey
Fecha :
Rootkey : HKEY_CLASSES_ROOT
Objeto : PROTOCOLS\Filter\text/plain
CoolWebSearch Objeto reconocido!
Tipo : RegKey
Fecha :
Rootkey : HKEY_LOCAL_MACHINE
Objeto :
SOFTWARE\Microsoft\Windows\CurrentVersio
n\Explorer\Browser Helper
Objects\{4169B122-A680-11D8-BA6F-001051614660}
Resultados Escaneo Profundo del registro:
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
Nuevos objetos: 8
Objetos encontrados hasta ahora: 10
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
Tracking Cookie Objeto reconocido!
Tipo : Archivo
Fecha : marcos di paolo@doubleclick[1].txt
Objeto : D:\WINDOWS\Cookies\
Created on : 14/05/04 11:38:53 p.m.
Last accessed : 14/05/04 10:00:00 p.m.
Last modified : 14/05/04 11:38:54 p.m.
Tracking Cookie Objeto reconocido!
Tipo : Archivo
Fecha : marcos di paolo@fastclick[1].txt
Objeto : D:\WINDOWS\Cookies\
Created on : 14/05/04 11:56:02 p.m.
Last accessed : 14/05/04 10:00:00 p.m.
Last modified : 14/05/04 11:56:04 p.m.
Tracking Cookie Objeto reconocido!
Tipo : Archivo
Fecha : marcos di paolo@atdmt[2].txt
Objeto : D:\WINDOWS\Cookies\
Created on : 15/05/04 12:12:05 a.m.
Last accessed : 14/05/04 10:00:00 p.m.
Last modified : 15/05/04 12:12:06 a.m.
Tracking Cookie Objeto reconocido!
Tipo : Archivo
Fecha : marcos di paolo@advertising[1].txt
Objeto : D:\WINDOWS\Cookies\
Created on : 14/05/04 11:57:57 p.m.
Last accessed : 14/05/04 10:00:00 p.m.
Last modified : 14/05/04 11:57:58 p.m.
Tracking Cookie Objeto reconocido!
Tipo : Archivo
Fecha : marcos di paolo@ads.addynamix[2].txt
Objeto : D:\WINDOWS\Cookies\
Created on : 14/05/04 11:56:45 p.m.
Last accessed : 14/05/04 10:00:00 p.m.
Last modified : 14/05/04 11:56:46 p.m.
Tracking Cookie Objeto reconocido!
Tipo : Archivo
Fecha : marcos di paolo@servedby.advertising[1].txt
Objeto : D:\WINDOWS\Cookies\
Created on : 14/05/04 11:57:57 p.m.
Last accessed : 14/05/04 10:00:00 p.m.
Last modified : 14/05/04 11:57:58 p.m.
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
Escaneando y examinando archivos en profundidad (D
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
Scanning Hosts file(D:\WINDOWS\hosts)
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
Hosts file scan result:
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
1 entries scanned.
Nuevos objetos:0
Objetos encontrados hasta ahora: 16
Performing conditional scans..
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
CoolWebSearch Objeto reconocido!
Tipo : RegValor
Fecha :
Rootkey : HKEY_CURRENT_USER
Objeto : Software\Microsoft\Internet
Explorer\Toolbar\WebBrowser
Valor : ITBarLayout
Conditional scan result:
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
Nuevos objetos: 1
Objetos encontrados hasta ahora: 17
03:03:04 p.m. Escaneo completo
Resumen Del escaneo
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
Total tiempo escaneo:00:02:50:270
Objetos Escaneados:38404
Objetos identificados:17
Objetos ignorados:0
Nuevos objetos:17
"Bmac" <bmac8903@yahoo.com> wrote in message news:<90aa01c432fd$66ccd0b0$a001280a@phx.gbl>..
.
> ok, so about a week and a half ago i contracted a vicious
> spyware that I call the "about :blank" spyware. this
> thing changed my homepage to the URL "about :blank" but a
> webpage that is titled "Seach For..." with various
> subjects like "art," "cars," and "shopping."
>
> now, im no fool. i tried basic anti-spyware programs
> like Webroot and Spybot Search and Destroy, but nothing
> changed. So i got Hijack This and ran it. I found what
> the spyware was, deleted it and changed my homepage back
> to Google. Everything went fine for maybe 24 hours and
> then it re-appeared. So i ran Hijack This again and
> found the spyware's file in the System32 folder and
> deleted it in SAFE MODE. for a while, everything went
> well, but now it's back and angry.
>
> its given me two Trojan viruses and now i get
> two "about :blank" popups everytime i start up IE along
> with my homepage URL being "about :blank". so, does
> anyone know how to stop the "about :blank" spyware? if so,
> please help me and the many other victims.
>
> i run Windows XP on a Falcon NorthWest Fragbox. i have
> NAV.
[ Post a follow-up to this message ]
|
|
|
|
|
|
|
|
|
|
|
Re: about:blank SPYWARE... help me!!! |
|
|
|
|
05-18-04 02:19 PM
Marco Wrote
marcos_dipaolo@hotmail.com (Marcos) wrote in message news:<a272553d.0405160544.7a5e316c@post
ing.google.com>...
> ok, i have EXACTLY THE SAME THAN YOU, so, i'm using ad-aware 6 and of
> course i find the register keys and files some times and erase it, and
> not much later it come up again, below i send you the log of my
> ad-aware erasing action, you are gonna see in some places the keys
> founded and tha "about :blank" key , the ad-aware 6 name it as a
> possible browser jacked, or something (i have it in spanish), i know
> is not very useful, but maybe with it you can ask for more help as i'm
> doing, thanks and sorry i didn't help you more
>
I have the same problem. No Virus is found by Nortons or AVG
Anti-virus. Spy bot & AdAware find nothing. Trying to do a remote scan
from Nortons and Mcafee both hang after about 30 sec. IE and outlook
express crash if they start and there is no internet connection I also
have random reboots and other apps crash. It is driving me crazy Is
there anyone who knows the answer.
Ron
[ Post a follow-up to this message ]
|
|
|
|
|
|
|
|
 |
|
|
Re: Re: about:blank SPYWARE... help me!!! |
|
|
|
|
05-19-04 05:35 AM
I have the same problem and here is a log from Hijackthis:
Logfile of HijackThis v1.97.7
Scan saved at 9:39:45 PM, on 5/18/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\iRiver\iHP100\iHPDetect.exe
C:\PROGRA~1\mcafee.com\agent\mcregwiz.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\program files\mcafee.com\agent\mcagent.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\NOOBZ-~1\LOCALS~1\Temp\Rar$EX00.954\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WI
NDOWS\System32\hpb.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\W
INDOWS\System32\hpb.dll/sp.html (obfuscated)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]www.google.com[/u
rl]
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res:
//C:\WINDOWS\System32\hpb.dll/sp.html (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url]www.google.com[/u
rl]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WI
NDOWS\System32\hpb.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\W
INDOWS\System32\hpb.dll/sp.html (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res:
//C:\WINDOWS\System32\hpb.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about :blank
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {9790FDBD-4421-4382-9D65-7E1ECCE47352} - C:\WINDOWS\Sy
stem32\hpb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\S
ystem32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:
\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [iHP-100] C:\Program Files\iRiver\iHP100\iHPDetect.exe
O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.ex
e"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [Ultimate Popup Blocker] C:\Program Files\Ultimate Pop-up
Blocker\Ultimate Pop-up Blocker.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Offic
e\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Interne
t Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Interne
t Explorer\Control Panel presen
t
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Save As Scholar's Aid WebNote (HKLM)
O9 - Extra 'Tools' menuitem: Save As Scholar's Aid WebNote (HKLM)
O9 - Extra button: AIM (HKLM)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) -
http://download.mcafee.com/molbin/s...meInstaller.exe
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windo
wsupdate.mic...8051.0659490741
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://d
ownload.mcafee.com/...,19/mcgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http:
//download.macromedia....ash/swflash.cab
If anyone out there can give me instructions as to what to do that would be
great.
[ Post a follow-up to this message ]
|
|
|
|
|
|
|
|
|
|
|
Re: Re: Re: about:blank SPYWARE... help me!!! |
|
|
|
|
05-23-04 08:11 PM
Simple fix
run ad-aware and delete all finds
reboot in safe mode by holding down F8 key durring reboot.
go to c/windows/system 32
Delete jdkgj.dll
reboot normally
IE will not work anymore at this point.
Re-run ad-aware and delete all finds
reboot normally
Fixed.
[ Post a follow-up to this message ]
|
|
|
|
|
|
|
|
Re: Re: Re: Re: about:blank SPYWARE... help me!!! |
|
|
|
|
05-26-04 02:05 PM
Has anyone tried this routine with any success? When you say "IE will not wo
rk anymore at this point," once you reboot, will IE operate properly or will
you need to re-install anything, etc.?
quote:
Originally posted by antjaw
Simple fix
run ad-aware and delete all finds
reboot in safe mode by holding down F8 key durring reboot.
go to c/windows/system 32
Delete jdkgj.dll
reboot normally
IE will not work anymore at this point.
Re-run ad-aware and delete all finds
reboot normally
Fixed.
[ Post a follow-up to this message ]
|
|
|
|
|
|
|
|
|
|
|
Re: Re: Re: Re: Re: about:blank SPYWARE... help me!!! |
|
|
|
|
05-31-04 04:12 PM
quote:
Originally posted by rtgrimm
Has anyone tried this routine with any success? When you say "IE will not work anymore a
t this point," once you reboot, will IE operate properly or will you need to re-install
anything, etc.?
I had to figure this out on my own.. I did it and it worked... There is no n
eed to re-install anything to make I.E. Work again. Just re-boot and it work
s.. Please post your results.
[ Post a follow-up to this message ]
|
|
|
|
|
|
|
|
Sponsored Links |
|
|
|
|
 |
All times are GMT. The time now is 11:01 AM. |
 |
|
|
 |
|
 |
|
|
 |
|
Forum Rules:
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
|
HTML code is OFF
vB code is ON
Smilies are ON
[IMG] code is OFF
|
|
|
|
Medical and Health forum | Computer Games Reviews | Graphics design forum
|
 |
|
 |
|
