IE home page..about:blank possible hijack.

Hi,
Recently when i'm browsing the net, some software(spyware/adware) might have got installed in my PC(WIn98). When the internet explorer is loaded , the initial page is set to 'about:blank' .This page opens up with the address bar pointing to 'about:blank'. But in the page, there are several links(something similar to a Search Assistant) . There are different sections in it(Health:,Adult:,Online Gambling:,Homes:,Finances:,Careers:, and so on).When the mouse is moved over to any of the link, say, Travel section under Insurance ,it is pointing to "http://nyam-nyam.biz/search.cgi?acc=1010;q=Travel Insurance". All the links are point to "nyam-nyam.biz/....".
  I tried to remove it by using Ad-adware 6.0, it says possible browser hijack and shows some bugs and when i press 'Delete', everything gets deleted. But the about:blank page still points to the search links. Also, sometimes i get some pop-ups in between that my system may be infected with spyware/adware asking me to press the given submit button. I'm closing the popup without submitting.

  ANy help to get rid of this problem is highly appreciated. I want the about:blank to be just a blank page woth out any links further.

Thanks in advance..

Ramesh Chandra


vvrchandraAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

joseywalesCommented:
Sounds like a trojan virus, we had one that kept opening yahoo like pages with an addy of j0r.biz

run the online scanner at trendmicro
housecall.trendmicro.com

then try AVG antivirus
www.grisoft.com

run a combination of antispyware products, one is never enough

run hijack this and post the logfile here or use a webbased log analysis tool like this one

http://www.tomcoyote.org/hjt/

get a personal firewall
http://www.sygate.com/
www.zonelabs.com

make sure you have all the windows 98 patches
www.windowsupdate.com

also remember, if you dont update your AV software and anti spyware software, its useless, so update each time you run it and set for automatic updates if possible

0
TolomirAdministratorCommented:
Petelong was so nice ;-)


 about:blank Removal

Automated Removal
Download http://66.38.1.249/helpdesk/tools/AboutBuster.zip
Then unzip all files from the zip folder to a folder or your desktop. Start it and hit ok. Then hit update. A new screen should popup. On that screen hit Check for Updates. If it says it found an update hit Download Updates. If it doesnt it will automatically tell you and exit. Now for the scanning part. Hit start and then Ok. The program should start scanning. Then hit exit and reboot. Once rebooted run AboutBuster 4.0 once more to make sure everything is ok. The database will be updated very frequently so check your versions once a day.

http://www.experts-exchange.com/Operating_Systems/WinXP/Q_21300301.html?query=&clearTAFilter=true



Tolomir
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
TolomirAdministratorCommented:
Latest version and a tutorial can be found here:

http://www.besttechie.net/forums/index.php?showtopic=1488

I see there is an update available: Version 4 instead of version 3, in the link above.

Tolomir
0
ON-DEMAND: 10 Easy Ways to Lose a Password

Learn about the methods that hackers use to lift real, working credentials from even the most security-savvy employees in this on-demand webinar. We cover the importance of multi-factor authentication and how these solutions can better protect your business!

tmehmetCommented:
once you use mulitple tools to clean the offending files (make sure the scanners include deep registry scans and memory scan), do not open the browser afterwards, instead, open the registry and go the the hkey_local_machine/software/IE*

go thur every element, i know its boring but double check for anything that has a odd looking URL or IP addresses and remove them. If you have these in there then when you run the browser you are back to square 1 again. Also, if you open the browser before you check, theres a chance that if the trojan file survived the scans (and they usually do), it will see your browser and again you are back to square 1 again.

NOTE: editing the registry can break your machine, be careful.

If after cleaning and registry check still shows suspect behaviour then I would suggest you really clean the machine by backing up your data and reformat becuase you can not trust your machine.

0
TolomirAdministratorCommented:
I think it would be sufficient to use the "about:black" remover I have posted above and try firefox (www.getfirefox.com)

Tolomir
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Security

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.