kiver1
asked on
About Blank hijacked My home page with a pop up warning statin I have sspMydoom.cih
My start up page starts up with About:blank....Then I get a warning message stating I have sspMydoom.cih....I suspect malware.....I have run xblock, spybot, and adaware and they come up with critical problems. I delete the problems but they still remain....HELP...I am getting porn feeds and free porn bookmarks....Must I say I am at work...HELP!!!!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Download this virus removal tool:- http://securityresponse.symantec.com/avcenter/FxMydoom.exe
As posted above you probably have the MyDoom Virus. Microsoft has a tool to remove it along with some others it installs. Source:
http://www.microsoft.com/downloads/details.aspx?FamilyID=c14bfbe4-3d50-464d-a26c-9c287f8a08c5&displaylang=en
Mydoom, Zindos, and Doomjuice Worm Removal Tool (KB836528)
This tool will help to remove the Mydoom.A, Mydoom.B, Mydoom.E, Mydoom.F, Mydoom.G, Mydoom.J, Mydoom.L, Mydoom.O, Zindos.A, Doomjuice.A, and Doomjuice.B worms from infected machines.
Mydoom, Zindos, and Doomjuice Worm Removal Tool
English
Quick Info
File Name:
DoomCln-KB836528-v4-ENU.ex e
Download Size:
120 KB
Date Published:
8/3/2004
Version:
4.0
Related Resources
More Information About This Download (KB836528)
Mydoom Information
Protect Your PC: 3 Steps
Windows Support
Overview
This tool helps to remove the Mydoom.A, Mydoom.B, Mydoom.E, Mydoom.F, Mydoom.G, Mydoom.J, Mydoom.L, Mydoom.O, Zindos.A, Doomjuice.A, and Doomjuice.B worms from infected systems. Once the tool has run—after the End-User License Agreement (EULA) is accepted—it automatically checks for infection and removes any of the targeted worms that are found. If a machine is infected with the Mydoom.B worm, the tool also provides the user with the default version of the hosts file and set the "read-only" attribute for that file. This action enables the user to visit previously-blocked Microsoft and antivirus Web sites.
After running, the tool displays a message describing the outcome of the detection and removal process. The tool can be safely deleted after it has run. Also, the tool creates a log file named doomcln.log in the %WINDIR%\debug folder.
This tool will not:
Detect or remove any viruses or worms other than Mydoom.A, Mydoom.B, Mydoom.E, Mydoom.F, Mydoom.G, Mydoom.J, Mydoom.L, Mydoom.O, Zindos.A, Doomjuice.A, and Doomjuice.B
Detect or remove future variants of Mydoom, Zindos, or Doomjuice
Prevent a machine from being re-infected with Mydoom if, for example, an infected e-mail attachment is re-executed
Detect or remove malware that exists on a system as a result of the backdoor component created by a Mydoom variant, besides Zindos.A, Doomjuice.A and Doomjuice.B
Delete any e-mail that contains a Mydoom variant
Run on any version of Windows NT 4.0
The user must be an administrator to run this tool.
Release History:
Version 1.0 - Released 2/5/04. Detected and removed Mydoom.A and Mydoom.B. Support for Windows XP and Windows 2000.
Version 2.0 - Released 2/9/04. Added detection/removal for Doomjuice.A and support for Windows 98, Windows ME, and Windows Server 2003.
Version 3.0 - Released 2/11/04. Added detection/removal for Doomjuice.B.
Version 4.0 - Released 7/29/04. Added detection/removal for Mydoom.E, Mydoom.F, Mydoom.G, Mydoom.J, Mydoom.L, Mydoom.O, and Zindos.A.
It is recommended that all users run the current version of the tool even if a previous version was used.
System Requirements
Supported Operating Systems: Windows 2000, Windows 98, Windows 98 Second Edition, Windows ME, Windows Server 2003, Windows XP
-------------------------- ---------- ---------- ---------- ---------- ---------- ----
Instructions
Click the Download button in the upper right corner of this page to start the download.
Do one of the following:
To start the installation immediately, click Open or Run this program from its current location.
To copy the download to your computer for installation at a later time, click Save or Save this program to disk.
http://www.microsoft.com/downloads/details.aspx?FamilyID=c14bfbe4-3d50-464d-a26c-9c287f8a08c5&displaylang=en
Mydoom, Zindos, and Doomjuice Worm Removal Tool (KB836528)
This tool will help to remove the Mydoom.A, Mydoom.B, Mydoom.E, Mydoom.F, Mydoom.G, Mydoom.J, Mydoom.L, Mydoom.O, Zindos.A, Doomjuice.A, and Doomjuice.B worms from infected machines.
Mydoom, Zindos, and Doomjuice Worm Removal Tool
English
Quick Info
File Name:
DoomCln-KB836528-v4-ENU.ex
Download Size:
120 KB
Date Published:
8/3/2004
Version:
4.0
Related Resources
More Information About This Download (KB836528)
Mydoom Information
Protect Your PC: 3 Steps
Windows Support
Overview
This tool helps to remove the Mydoom.A, Mydoom.B, Mydoom.E, Mydoom.F, Mydoom.G, Mydoom.J, Mydoom.L, Mydoom.O, Zindos.A, Doomjuice.A, and Doomjuice.B worms from infected systems. Once the tool has run—after the End-User License Agreement (EULA) is accepted—it automatically checks for infection and removes any of the targeted worms that are found. If a machine is infected with the Mydoom.B worm, the tool also provides the user with the default version of the hosts file and set the "read-only" attribute for that file. This action enables the user to visit previously-blocked Microsoft and antivirus Web sites.
After running, the tool displays a message describing the outcome of the detection and removal process. The tool can be safely deleted after it has run. Also, the tool creates a log file named doomcln.log in the %WINDIR%\debug folder.
This tool will not:
Detect or remove any viruses or worms other than Mydoom.A, Mydoom.B, Mydoom.E, Mydoom.F, Mydoom.G, Mydoom.J, Mydoom.L, Mydoom.O, Zindos.A, Doomjuice.A, and Doomjuice.B
Detect or remove future variants of Mydoom, Zindos, or Doomjuice
Prevent a machine from being re-infected with Mydoom if, for example, an infected e-mail attachment is re-executed
Detect or remove malware that exists on a system as a result of the backdoor component created by a Mydoom variant, besides Zindos.A, Doomjuice.A and Doomjuice.B
Delete any e-mail that contains a Mydoom variant
Run on any version of Windows NT 4.0
The user must be an administrator to run this tool.
Release History:
Version 1.0 - Released 2/5/04. Detected and removed Mydoom.A and Mydoom.B. Support for Windows XP and Windows 2000.
Version 2.0 - Released 2/9/04. Added detection/removal for Doomjuice.A and support for Windows 98, Windows ME, and Windows Server 2003.
Version 3.0 - Released 2/11/04. Added detection/removal for Doomjuice.B.
Version 4.0 - Released 7/29/04. Added detection/removal for Mydoom.E, Mydoom.F, Mydoom.G, Mydoom.J, Mydoom.L, Mydoom.O, and Zindos.A.
It is recommended that all users run the current version of the tool even if a previous version was used.
System Requirements
Supported Operating Systems: Windows 2000, Windows 98, Windows 98 Second Edition, Windows ME, Windows Server 2003, Windows XP
--------------------------
Instructions
Click the Download button in the upper right corner of this page to start the download.
Do one of the following:
To start the installation immediately, click Open or Run this program from its current location.
To copy the download to your computer for installation at a later time, click Save or Save this program to disk.
Mydoom, Zindos, and Doomjuice Worm Removal Tool (KB836528)
Instructions
In the File Download dialog box, do one of the following:
To start the installation immediately, click Open or Run this program from its current location.
To copy the download to your computer for installation at a later time, click Save or Save this program to disk.
http://download.microsoft.com/download/f/a/7/fa7ff57d-edba-4836-bb03-499bc72aa5ba/DoomCln-KB836528-v4-ENU.exe
Instructions
In the File Download dialog box, do one of the following:
To start the installation immediately, click Open or Run this program from its current location.
To copy the download to your computer for installation at a later time, click Save or Save this program to disk.
http://download.microsoft.com/download/f/a/7/fa7ff57d-edba-4836-bb03-499bc72aa5ba/DoomCln-KB836528-v4-ENU.exe
ASKER
thanx petelong...it took awhile to fix all the issues but the about:blank buddy did the trick...your site on how to get rid of this was excellent.....much apreciated.
ThanQ
Automated Removal
Download http://66.38.1.249/helpdesk/tools/AboutBuster.zip
Then unzip all files from the zip folder to a folder or your desktop. Start it and hit ok. Then hit update. A new screen should popup. On that screen hit Check for Updates. If it says it found an update hit Download Updates. If it doesnt it will automatically tell you and exit. Now for the scanning part. Hit start and then Ok. The program should start scanning. Then hit exit and reboot. Once rebooted run AboutBuster 4.0 once more to make sure everything is ok. The database will be updated very frequently so check your versions once a day.
OR
Remove about:blank Buddy is a powerful tool to get rid of about:blank home page parasites. Remove about:blank Buddy lets you keep about blank home page from changing by disabling home page hijackers and restoring original configuration. http://www.scosoft.com/RemoveAboutBlankBuddy.exe
Manual Removal
About:Blank Homepage Hijacker Removal Instructions and Help
http://www.pchell.com/support/aboutblank.shtml