Learn how to a build a cloud-first strategyRegister Now

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 353
  • Last Modified:

CSW and about: blank

My system has CWS and ie hijackers. I have been trying to get rid of it since yesterday. I have following all the suggestions/recommendation posted in various links in Bugs and Alerts. Here is what i have done so far:

Run -- Adaware(latest)
          Hijackthis.exe(latest)  analyzed at http://hijackthis.de/index.php 
          Reboot in safe mode
         Deleted cookies and history
         Deleted all temporary internet files fromC:\Document and Settings\username\Local Settings\Temp, for each user(currently 4) , EXCEPT for one user, there is a folder called Temporary Internet Files inside Temp which refused to be deleted. There are some .tmp files. Any attempt to delete any file results in message that This cannot be found/check the path etc etc. (I am for sure know this is account where the problem started from.)
         Rebooted in Normal Mode
         Followed the same drill.
I have also installed Giant AntiSpyware, which seems to have stopped my home page from being hijacked, but my hijack log still show the R1s files hanging around. I am in an infinite LOOP here.

Any help will be greatly appreciated.

Thnx in advance

  • 3
  • 2
1 Solution
Hello kushpaw =)

Are you disabling the System Restore before cleaning the system if its WinXP >> http://www.pchell.com/virus/systemrestore.shtml

Are you running CWSHredder v2.0 >> http://www.softpedia.com/public/cat/10/17/10-17-150.shtml

>> but my hijack log still show the R1s files hanging around.
are they somehting like res:// thingies ??
kushpawAuthor Commented:
Yes, all the enteries have res://thingies and also there some suspicious entries in windows\system32. I also ran CSWHredder. I found some DSO and CWS enteries.

My home page was set to about:blank again although page was blank but my browser showed about:blank.

Then plzz follow the instructions here to remove that res:// hijacker

Homepage set to res://random.dll/index.html#randomnumber Removal Instructions and Help

About:Blank Homepage Hijacker Removal Instructions and Help
kushpawAuthor Commented:
Thanks for prompt response.
I followed instructions from pchell.com. I don't see "only the best" and "about: blank" anymore. However when I started my computer in selective mode, CSWHredder did not catch anything but Spybot caught DSO exploit and couple other.
I have BHOdemon.exe, Antispyware, Mcfee running and still my system in not clean enough.
Is there something else I have to do?
>> Spybot caught DSO exploit and couple other
DSO Exploit is a bug in Spybot.... plzz update it to the lates version, or try some possibel solutions from here,

Spybot keeps finding DSO exploit

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now