BScottMac
asked on
Web hijacker about:blank
My broser has been hijacked. It keeps coming up about:blank. I have tried several spyware solutions and none have worked. I have tried, ad-aware, spybot seach and destroy, CWS shredder. I cannot find a solution.
If anyone has advice, I would appreciate it. I am not a computer expert, so please give step by step instructions if I need to remove manually.
Thanks!!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Hi BScottMac,
about:blank is a very tricky web hijacker..
You may want to try this about:buster
http://www.bleepingcomputer.com/files/aboutbuster.php ( I donot think this one is given in the link that has been given in the previous suggestion, i just did a page search )
I would also do this
a) Start --> run --> Type in "msconfig" and press "Enter"
goto Startup tab
Disable all the applications there except anti-virus.Reboot the machine and check if the webpage is still hijacked.
If not, then enable one at a time in the same startup tab and find the application or process that might cause this
at startup
b) lock the homepage using Spybot
First go to IE --> tools --> Internet options and setup a homepage of your choice
Then what you can do is this.. Install spybot 1.3 : www.softpedia.com/public/cat/10/17/10-17-21.shtml
open it and update it
go to mode --> advanced mode
now on the bottom left navigation pane , you should see tools
click on it and go to "IE tweaks"
and check " lock IE startup page setting against user changes"
Close spybot
SR..
about:blank is a very tricky web hijacker..
You may want to try this about:buster
http://www.bleepingcomputer.com/files/aboutbuster.php ( I donot think this one is given in the link that has been given in the previous suggestion, i just did a page search )
I would also do this
a) Start --> run --> Type in "msconfig" and press "Enter"
goto Startup tab
Disable all the applications there except anti-virus.Reboot the machine and check if the webpage is still hijacked.
If not, then enable one at a time in the same startup tab and find the application or process that might cause this
at startup
b) lock the homepage using Spybot
First go to IE --> tools --> Internet options and setup a homepage of your choice
Then what you can do is this.. Install spybot 1.3 : www.softpedia.com/public/cat/10/17/10-17-21.shtml
open it and update it
go to mode --> advanced mode
now on the bottom left navigation pane , you should see tools
click on it and go to "IE tweaks"
and check " lock IE startup page setting against user changes"
Close spybot
SR..
This has already been answered at EE:
https://www.experts-exchange.com/questions/21049590/CoolWebSearch-About-Blank-hijacker-taken-over-please-help.html?qid=21049590
Cheers!
https://www.experts-exchange.com/questions/21049590/CoolWebSearch-About-Blank-hijacker-taken-over-please-help.html?qid=21049590
Cheers!
I used avast home edition to remove the about:blank hijack
http://www.avast.com/eng/down_home.html
http://www.avast.com/eng/down_home.html
I have been using Firefox for awhile now, every now and then I have to use IE and its dogie even with SP2.
FireFox has never been hijacked in the 6months Ive had it, its quality software and
is far more secure than IE.
FireFox has never been hijacked in the 6months Ive had it, its quality software and
is far more secure than IE.
I switched to the Fox because of problems like this, but you can get rid of this hijack. You would need the software HijackThis and a registry analyzer like Registrar Lite(both free).
Update your windows operating system with all microsoft updates. If you want a shortcut to windows update,go to control panel and look in upper left hand corner, you will see it there. Select and download all of the critical updates for XP.
Disable the System Restore feature in Windows XP (you can re-enable it again once your system is clean). Here is a link on how to disable it.
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001111912274039?OpenDocument&src=sec_doc_nam
Next, make sure all browser and all Windows Explorer windows are closed, then run "Hijack This!" and have it fix these entries:
O4 - HKLM\..\Run: [UpdReg] C:\WINNT\Updreg.exe
O4 - HKLM\..\Run: [AutoLoader2sre1POVNYXP] "C:\WINNT\System32\mlluery
O4 - HKLM\..\Run: [2F8U35T] mlluery.exe
O4 - Global Startup: APC UPS Status.lnk = ?
You want to make sure that the items that contain 'start page' or 'main' in it have your correct Home Page
When done, reboot your system and bring it up in "Safe Mode" (F5 or F8 when starting Windows). At this point make sure Windows is configured to see hidden files and folders.
While in "Safe Mode", find this file and delete it from your system:
C:\WINNT\System32\mlluery.
When finished, reboot your system again and bring it back up in normal mode. Run MSCONFIG and enable everything in the startup area. To get to MSCONFIG, click on Start -> Run -> type in MSCONFIG -> click OK.
From here use the reg tool and go to this key in the program ---> HKEY_LOCAL_MACHINE\SOFTWAR
Update your windows operating system with all microsoft updates. If you want a shortcut to windows update,go to control panel and look in upper left hand corner, you will see it there. Select and download all of the critical updates for XP.
Disable the System Restore feature in Windows XP (you can re-enable it again once your system is clean). Here is a link on how to disable it.
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001111912274039?OpenDocument&src=sec_doc_nam
Next, make sure all browser and all Windows Explorer windows are closed, then run "Hijack This!" and have it fix these entries:
O4 - HKLM\..\Run: [UpdReg] C:\WINNT\Updreg.exe
O4 - HKLM\..\Run: [AutoLoader2sre1POVNYXP] "C:\WINNT\System32\mlluery
O4 - HKLM\..\Run: [2F8U35T] mlluery.exe
O4 - Global Startup: APC UPS Status.lnk = ?
You want to make sure that the items that contain 'start page' or 'main' in it have your correct Home Page
When done, reboot your system and bring it up in "Safe Mode" (F5 or F8 when starting Windows). At this point make sure Windows is configured to see hidden files and folders.
While in "Safe Mode", find this file and delete it from your system:
C:\WINNT\System32\mlluery.
When finished, reboot your system again and bring it back up in normal mode. Run MSCONFIG and enable everything in the startup area. To get to MSCONFIG, click on Start -> Run -> type in MSCONFIG -> click OK.
From here use the reg tool and go to this key in the program ---> HKEY_LOCAL_MACHINE\SOFTWAR
AUTHOR, UPDATE PLEASE!
and always run the removal tools in Safemode except Hijackthis !!
Delete the Temp and History Files of IE also !!
Run Disk Cleanup to delete all the extra and temp files from ur hard drive !!
Check if u can get rid of it or not ?? :)
!! GOOD LUCK !!