Stupid ABOUT:BLANK Problem!
Ok, you wonderful experts, the little lady is going crazy. How on earth do I finally get rid of this evil piece of (*&%(*&!!! I have Windows XP and I've ran the CSWshredder program and temporarily got rid of it. I know that there is much more to it than that but I don't feel I know enough to mess with the registry. I've been told that screwing it up, screws your computer. I am begging, down on my hands and knees, for someone to help me out. I ran the hijackthis program and will include the log below. I am not an expert, I am afraid of the registry so PLEASE be simple in your explanations. 500 points to the angel who helps me get rid of this thing once and for all.
Logfile of HijackThis v1.97.7
Scan saved at 12:09:37 PM, on 8/3/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon
C:\WINNT\system32\services
C:\WINNT\system32\lsass.ex
C:\WINNT\system32\svchost.
C:\WINNT\System32\svchost.
C:\WINNT\system32\spoolsv.
C:\WINNT\system32\pctspk.e
C:\WINNT\Explorer.EXE
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MA311 PCI Adapter Configuration Utility\wlanutil.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EX
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EX
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe
C:\WINNT\System32\wisptis.
C:\Documents and Settings\Jen\My Documents\HijackThis.exe
R1 - HKCU\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-7
O2 - BHO: (no name) - {4C5BD18F-06BD-4B51-9684-8
O2 - BHO: (no name) - {9B7AA30F-8FEF-4896-8DA0-D
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-C
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-0
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-0
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe
O4 - Global Startup: Configuration Utility.lnk = C:\Program Files\MA311 PCI Adapter Configuration Utility\wlanutil.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar
O9 - Extra button: Research (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-4
O16 - DPF: {9F1C11AA-197B-4942-BA54-4
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-4
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0
Logfile of HijackThis v1.97.7
Scan saved at 12:09:37 PM, on 8/3/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon
C:\WINNT\system32\services
C:\WINNT\system32\lsass.ex
C:\WINNT\system32\svchost.
C:\WINNT\System32\svchost.
C:\WINNT\system32\spoolsv.
C:\WINNT\system32\pctspk.e
C:\WINNT\Explorer.EXE
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MA311 PCI Adapter Configuration Utility\wlanutil.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EX
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EX
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe
C:\WINNT\System32\wisptis.
C:\Documents and Settings\Jen\My Documents\HijackThis.exe
R1 - HKCU\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-7
O2 - BHO: (no name) - {4C5BD18F-06BD-4B51-9684-8
O2 - BHO: (no name) - {9B7AA30F-8FEF-4896-8DA0-D
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-C
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-0
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-0
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe
O4 - Global Startup: Configuration Utility.lnk = C:\Program Files\MA311 PCI Adapter Configuration Utility\wlanutil.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar
O9 - Extra button: Research (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-4
O16 - DPF: {9F1C11AA-197B-4942-BA54-4
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-4
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Not sure exactly what the problem is but if you are just trying to stop IE from displaying about:blank and an empty page when you open it go to Internet Explorer and then click Tools --> Internet Options. You will see a general tab and a space for an address. You can type any webpage you want to start from....such as http://www.google.com or http://www.msn.com or even about:blank. I think this is what you are looking for.
Dis
Dis
Looking through your running processes, I would personally be worried about
C:\windows\System32\svchos
(thats the one with the capital for System)
Are you running Windows XP Home or Pro?
that path was the path for the Blaster.32 worm... so you may want to watch out for it.
C:\windows\System32\svchos
(thats the one with the capital for System)
Are you running Windows XP Home or Pro?
that path was the path for the Blaster.32 worm... so you may want to watch out for it.
Hey.. I have removed this about:blank hijacker with complete success many times off customers machines. There are a few programs that are
absolutely necessary. Here they are:
cwshredder.exe (This has to be version 1.59.1) This is the only one that truely removes the CWS about:blank hijacker.
http://www.downloads.subratam.org/CWShredder.exe
About:Buster Will remove the hidden .dll thats replacing the hijacker every time you reboot (You will want to update this to its latest version before you scan with it)
http://www.atribune.org/downloads/AboutBuster.zip
And my personal favorite.. There is one ultra hard to remove variant of this hijacker. For some reason the company that produces this hijacker actually made an uninstall.exe available on their site.. The site didn't last long.. they shortly took it down.. But I saved the uninstall file for later use. You can find it on my site:
http://www.angelfire.com/rpg/afkscript/uninstall.zip
I am almost positive one of these 3 will remove your problem permanently. I would try running them all in regular mode and then reboot your system into safe mode and run them all again just to be sure.
In case you didn't know: to get into safe mode, when you first turn on your computer hit f8 every 2-3 seconds. If you see the windows load screen you missed your chance and must restart and try again. If you did it right you'll see a menu with "Safe Mode" at the top. In this mode no viruses or malware will be loaded. This makes removal alot easier. But make sure you run the programs in regular mode first as about:buster needs the .dll to be hooked to a process in order to detect it.
absolutely necessary. Here they are:
cwshredder.exe (This has to be version 1.59.1) This is the only one that truely removes the CWS about:blank hijacker.
http://www.downloads.subratam.org/CWShredder.exe
About:Buster Will remove the hidden .dll thats replacing the hijacker every time you reboot (You will want to update this to its latest version before you scan with it)
http://www.atribune.org/downloads/AboutBuster.zip
And my personal favorite.. There is one ultra hard to remove variant of this hijacker. For some reason the company that produces this hijacker actually made an uninstall.exe available on their site.. The site didn't last long.. they shortly took it down.. But I saved the uninstall file for later use. You can find it on my site:
http://www.angelfire.com/rpg/afkscript/uninstall.zip
I am almost positive one of these 3 will remove your problem permanently. I would try running them all in regular mode and then reboot your system into safe mode and run them all again just to be sure.
In case you didn't know: to get into safe mode, when you first turn on your computer hit f8 every 2-3 seconds. If you see the windows load screen you missed your chance and must restart and try again. If you did it right you'll see a menu with "Safe Mode" at the top. In this mode no viruses or malware will be loaded. This makes removal alot easier. But make sure you run the programs in regular mode first as about:buster needs the .dll to be hooked to a process in order to detect it.
FAO ignusb
Svchost.exe is a generic host process name for services that run from dynamic-link libraries (DLLs). The Svchost.exe file is located in the %SystemRoot%\System32 folder. At startup, Svchost.exe checks the services part of the registry to construct
a list of services that it must load. Multiple instances of Svchost.exe can run at the same time. Each Svchost.exe session can contain a grouping of services. Therefore, separate services can run, depending on how and where Svchost.exe is started.
It is not a particularly good indicator of blaster or of other worms.
Svchost.exe is a generic host process name for services that run from dynamic-link libraries (DLLs). The Svchost.exe file is located in the %SystemRoot%\System32 folder. At startup, Svchost.exe checks the services part of the registry to construct
a list of services that it must load. Multiple instances of Svchost.exe can run at the same time. Each Svchost.exe session can contain a grouping of services. Therefore, separate services can run, depending on how and where Svchost.exe is started.
It is not a particularly good indicator of blaster or of other worms.
Windows Worm doors cleaner gives you 1 click fixes for most of the holes that allow worms in. When run it also checks the memory footprint of all svchosts and lets you know if you are infected by any worms. It rocks. It even beats microsoft patches which leave the services still running and the ports still open.
http://www.firewallleaktester.com/wwdc.htm
http://www.firewallleaktester.com/wwdc.htm
fatlad
1) FAO? [is that from thunderbirds]
2) %SystemRoot%\system32 is the correct system32 folder, yea, that one, no the one next to it, yes, the one without the capital
1) FAO? [is that from thunderbirds]
2) %SystemRoot%\system32 is the correct system32 folder, yea, that one, no the one next to it, yes, the one without the capital
Ignusb
1) FAO = For Attention Of, I am pretty sure if orginates from paper mail days. Thunderbirds had FAB, which apparently does not stand for anything.
2) Not sure what you are on about here, Windows in not case sensitive for foldernames, e.g. it sees System32 the same as system32, and the two folders can not sit in the same parent. Unix is totally different and will treat these as two different entities.
1) FAO = For Attention Of, I am pretty sure if orginates from paper mail days. Thunderbirds had FAB, which apparently does not stand for anything.
2) Not sure what you are on about here, Windows in not case sensitive for foldernames, e.g. it sees System32 the same as system32, and the two folders can not sit in the same parent. Unix is totally different and will treat these as two different entities.
haha, sorry bout the FAO confusion... i never really cared about thunderbirds so didn't pay attention
in my experience with windows, it tends to freak out a bit when you use the wrong case at the beginning of a file/path... i've always had problems with that, maybe i just attract technology problems, in the last week, i've crashed linux 5 or 6 times, crashed my cellphone, made my wireless keyboard/mouse receiver pick up radio (that tends to send things a bit odd, i can't control the mouse very well) and to top it off, there's been some electrical faults in every vehicle i have travelled in (busses included)... Technology is raging against me, maybe i should stop using it and move to an amish village...
One more thing, MissB618 - Learn how to use linux to the extent of windows that you need to, and then use WINE to use any windows applications you may need.
in my experience with windows, it tends to freak out a bit when you use the wrong case at the beginning of a file/path... i've always had problems with that, maybe i just attract technology problems, in the last week, i've crashed linux 5 or 6 times, crashed my cellphone, made my wireless keyboard/mouse receiver pick up radio (that tends to send things a bit odd, i can't control the mouse very well) and to top it off, there's been some electrical faults in every vehicle i have travelled in (busses included)... Technology is raging against me, maybe i should stop using it and move to an amish village...
One more thing, MissB618 - Learn how to use linux to the extent of windows that you need to, and then use WINE to use any windows applications you may need.
lol ignusb, are you sure you are not my dad? He seems to have the same problems, except he can't even spell linux!
Ha, ur dad can say linux? mine says lunis...
But for MissB618... WE STILL DON'T KNOW THE EXACT QUESTION!!! *bump* Please tell us the exact problem...
Is this problem solved?
ASKER
My apologies for not getting an acceptance to this sooner everyone. We had a tragedy in the family and, needless to say, this was put on the back burner.
is a Hidden Folder, so to view it, open Explorer>Tools>Folder Options>View
and select Show Hidden Files, adn apply
now u shud see this folder :)