CSW and about: blank

Posted on 2004-11-27
Last Modified: 2010-04-11
My system has CWS and ie hijackers. I have been trying to get rid of it since yesterday. I have following all the suggestions/recommendation posted in various links in Bugs and Alerts. Here is what i have done so far:

Run -- Adaware(latest)
          Hijackthis.exe(latest)  analyzed at
          Reboot in safe mode
         Deleted cookies and history
         Deleted all temporary internet files fromC:\Document and Settings\username\Local Settings\Temp, for each user(currently 4) , EXCEPT for one user, there is a folder called Temporary Internet Files inside Temp which refused to be deleted. There are some .tmp files. Any attempt to delete any file results in message that This cannot be found/check the path etc etc. (I am for sure know this is account where the problem started from.)
         Rebooted in Normal Mode
         Followed the same drill.
I have also installed Giant AntiSpyware, which seems to have stopped my home page from being hijacked, but my hijack log still show the R1s files hanging around. I am in an infinite LOOP here.

Any help will be greatly appreciated.

Thnx in advance

Question by:kushpaw
    LVL 65

    Expert Comment

    Hello kushpaw =)

    Are you disabling the System Restore before cleaning the system if its WinXP >>

    Are you running CWSHredder v2.0 >>

    >> but my hijack log still show the R1s files hanging around.
    are they somehting like res:// thingies ??

    Author Comment

    Yes, all the enteries have res://thingies and also there some suspicious entries in windows\system32. I also ran CSWHredder. I found some DSO and CWS enteries.

    My home page was set to about:blank again although page was blank but my browser showed about:blank.

    LVL 65

    Accepted Solution

    Then plzz follow the instructions here to remove that res:// hijacker

    Homepage set to res://random.dll/index.html#randomnumber Removal Instructions and Help

    About:Blank Homepage Hijacker Removal Instructions and Help

    Author Comment

    Thanks for prompt response.
    I followed instructions from I don't see "only the best" and "about: blank" anymore. However when I started my computer in selective mode, CSWHredder did not catch anything but Spybot caught DSO exploit and couple other.
    I have BHOdemon.exe, Antispyware, Mcfee running and still my system in not clean enough.
    Is there something else I have to do?
    LVL 65

    Expert Comment

    >> Spybot caught DSO exploit and couple other
    DSO Exploit is a bug in Spybot.... plzz update it to the lates version, or try some possibel solutions from here,

    Spybot keeps finding DSO exploit

    Featured Post

    Top 6 Sources for Identifying Threat Actor TTPs

    Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

    Join & Write a Comment

    As a financial services provider, your business is impacted by two of the strictest federal regulations on record: the Sarbanes-Oxley Act and the Gramm-Leach-Bliley Act. Correctly implementing faxing into your organization to provide secure, real-ti…
    Even if you have implemented a Mobile Device Management solution company wide, it is a good idea to make sure you are taking into account all of the major risks to your electronic protected health information (ePHI).
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…
    Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

    728 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    22 Experts available now in Live!

    Get 1:1 Help Now