Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1223
  • Last Modified:

ABOUT BLANK IS DRIVING ME CRAZY!!!!!

PLEASE HELP ME REMOVE THE ABOUT BLANK FROM MY HOMEPAGE!!!!!!!!!!!!! I CANT TAKE IT ANYMORE!!!!!!!!!!!!!!!!!
I HAVE DOWNLOADED SPYWARE DOCTOR, SPYBOT S & D, NORTON ANTIVIRUS, MICROSOFT ANTISPYWARE, SPYWARE BLASTER, ADADAWARE, & CC CLEANER. NOTHING WILL STOP IT!!!!!!!!!!!! PLEASE HELP RIGHT AWAY!! BY THE WAY I HAVE WINDOWS 2000 PROFESSIONAL.
0
steph62898
Asked:
steph62898
  • 15
  • 9
  • 5
  • +1
1 Solution
 
sajuksCommented:
download hijackthis from http://tools.radiosplace.com/HijackThis.exe
Click analyse, scroll down the page
Save the Analysis, a new page will open,
post that at http://www.hijackthis.de and check the recmnd. be sure to remove all unwanted/unknown processes.

aslo take a look at this
http://www.besttechie.net/forums/index.php?showtopic=1488
0
 
steph62898Author Commented:
i have removed about blank from my hijack this several times now, why is this not being corrected?
0
 
sajuksCommented:
did you do this in safe mode ?
did u try using AboutBuster ?
0
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

 
steph62898Author Commented:
i did not do it in safe mode    i didnt try about buster
0
 
sajuksCommented:
please try that too.

Check the manual soln at
http://www.pchell.com/support/aboutblank.shtml
Also could you post a link to the hijacklog that got generated.
0
 
steph62898Author Commented:
this is the most recent hijack log from the scan..

Logfile of HijackThis v1.99.1
Scan saved at 6:05:51 PM, on 3/13/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Compaq\Compaq Management Agents\cpqalert.exe
C:\WINNT\Cpqdiag\Cpqdfwag.exe
C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\System32\NMSSvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Compaq\Compaq Management
Agents\Dmi\Win32\bin\Win32sl.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\PROGRA~1\Compaq\COMPAQ~1\cpqdmi.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINNT\system\jjmca.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\SPYWAR~2\swdoctor.exe
C:\WINNT\explorer.exe
C:\Program Files\Yahoo!\Messenger\YPager.exe
C:\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
C:\WINNT\about.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP =
about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP =
about:blank
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} -
C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor -
{B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
Shared\ccApp.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft
AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search
& Destroy\TeaTimer.exe
O4 - Global Startup: Microsoft Find Fast.lnk.disabled
O4 - Global Startup: Microsoft Office Shortcut Bar.lnk.disabled
O4 - Global Startup: Office Startup.lnk.disabled
O9 - Extra button: Spyware Doctor -
{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links -
{c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O13 - DefaultPrefix:
O16 - DPF: Yahoo! Chess -
http://download.games.yahoo.com/games/clients/y/ct2_x.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} -
http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}
(MsnMessengerSetupDownloadControl Class) -
http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer
ActiveX Control) - http://download.toontown.com/sv1.0.14.41/ttinst.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object)
- http://download.games.yahoo.com/games/popcap/zuma/popcaploader_v6.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation
- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec
Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec
Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Compaq Local Alerter (CPQALERT) - Compaq Computer
Corporation - C:\Program Files\Compaq\Compaq Management Agents\cpqalert.exe
O23 - Service: Compaq Remote Diagnostics Enabling Agent
(CpqDfwWebAgent) - Compaq Computer Corporation - C:\WINNT\Cpqdiag\Cpqdfwag.exe
O23 - Service: cpqdmi - Compaq Computer Corporation -
C:\PROGRA~1\Compaq\COMPAQ~1\cpqdmi.exe
O23 - Service: Compaq DMI Web Agent (cpqWebDmi) - Compaq Computer
Corporation - C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) -
VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) -
Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation -
C:\WINNT\System32\NMSSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) -
Symantec Corporation - C:\Program Files\Norton
AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton
AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec
Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation -
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program
Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Win32Sl (WIN32SL) - Intel - C:\Program
Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe
0
 
steph62898Author Commented:
CAN SOMEONE HELP ME WITH THIS LOG PLEASE?? I AM SO AT MY WITS END! LOL  THANK YOU
0
 
sajuksCommented:
first fix these entries from ur log

         C:\WINNT\system\jjmca.exe
         O2 - BHO: PCTools Browser Monitor -
         O4 - Global Startup: Microsoft Find Fast.lnk.disabled                 
        O4 - Global Startup: Microsoft Office Shortcut Bar.lnk.disabled
         O4 - Global Startup: Office Startup.lnk.disabled
         O9 - Extra button: Spyware Doctor -         To be fixed if the entry 'Spyware Doctor ' is unknown.
O9 - Extra 'Tools' menuitem: Show &Related Links -         To be fixed if the entry 'Show &Related Links ' is unknown.
       O13 - DefaultPrefix:       
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} -                 Check if you know this site and fix it if you do not.
        O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}               Check if you know this site and fix it if you do not.
        O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer               Check if you know this site and fix it if you do not.
        O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object)Check if you know this site and fix it if you do not.


0
 
steph62898Author Commented:
OK I DID THAT, BUT, I COULDNT FIX THE C:\WINNT\system\jjmca.exe BECAUSE THERE WAS NO BOX TO CHECK NEXT TO IT...WHAT SHOULD I DO, IM STILL GETTING POP-UPS.

Logfile of HijackThis v1.99.1
Scan saved at 8:41:17 PM, on 3/13/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Compaq\Compaq Management Agents\cpqalert.exe
C:\WINNT\Cpqdiag\Cpqdfwag.exe
C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\System32\NMSSvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\PROGRA~1\Compaq\COMPAQ~1\cpqdmi.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINNT\system\jjmca.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Yahoo!\Messenger\YPager.exe
C:\WINNT\explorer.exe
C:\Program Files\CCleaner\ccleaner.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\administrator.WS-W2K-EVP2A\Local Settings\Temp\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\ADMINI~1.WS-\LOCALS~1\Temp\se.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/old
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct2_x.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/popcap/zuma/popcaploader_v6.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Compaq Local Alerter (CPQALERT) - Compaq Computer Corporation - C:\Program Files\Compaq\Compaq Management Agents\cpqalert.exe
O23 - Service: Compaq Remote Diagnostics Enabling Agent (CpqDfwWebAgent) - Compaq Computer Corporation - C:\WINNT\Cpqdiag\Cpqdfwag.exe
O23 - Service: cpqdmi - Compaq Computer Corporation - C:\PROGRA~1\Compaq\COMPAQ~1\cpqdmi.exe
O23 - Service: Compaq DMI Web Agent (cpqWebDmi) - Compaq Computer Corporation - C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Win32Sl (WIN32SL) - Intel - C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe
0
 
sajuksCommented:
reboot in safe mode.
make sure in windows explorer the option "show all files" are on.
now try deleting it.

also
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\ADMINI~1.WS-\LOCALS~1\Temp\se.dll/sp.html
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
needs to be fixed.

try doing an online scan ar http://housecall.trendmicro.com/
0
 
steph62898Author Commented:
i just downloaded mazilla as a browser. now that ive done that, can i remove internet explorer? if i do remove IE, will that get rid of all this crap?
0
 
sajuksCommented:
yes that would solve most of your problems.But be aware that IE cannot be completely removed from ur system ( microsoft has ensured that). Set mozilla as ur default browser and you should be a happy person.
and mozilla is the rite way, i gave up browsing using IE a long time ago
0
 
steph62898Author Commented:
oh ok   lol
well even though i am using mozilla for the last hour, IE pop-ups keep poping up???? what shall i do??
0
 
steph62898Author Commented:
can i set up mozilla home page to be yahoo instead of google?
0
 
sajuksCommented:
"well even though i am using mozilla for the last hour, IE pop-ups keep poping up???? what shall i do??"
have you got ie running in the background ??


" can i set up mozilla home page to be yahoo instead of google?"
in firefox....go to tools > options>general> location...here you can've multiple home pages
for eg: www.yahoo.com;www.google.com whcih would then open in two seperate tabs in the same browser
0
 
steph62898Author Commented:
IE doesnt appear to be running, but i do have a cable modem, isnt it running always?
0
 
sajuksCommented:
nope...i'd recommend doing an antivirus scan on ur pc.
try this tool
http://www.scosoft.com/download-remove-about-blank-buddy.htm

0
 
steph62898Author Commented:
i have pop ups even when i dont click on internet explorer & i have norton antivirus, spybot s & d, microsoft antipsyware, hijack this, &  a couple other spyware protectors
0
 
steph62898Author Commented:
my spybot s & d keeps telling me that a registry change is trying to be made, "about blank & trojan.startpage" are trying to get in the registry
0
 
sajuksCommented:
running cwshredder http://www.spywareinfo.com/~merijn/files/cwshredder.zip and then using hijackthis should've sorted it out.
can you run cwshredder and post ur hijackthis log file again ( just save the link at http://www.hijackthis.de and post the link reference).
0
 
blue_zeeCommented:

SearchExe Manual Removal:

Follow these steps to remove Search-Exe from your machine. Begin by backing up your registry and your system, and/or setting a Restore Point, to prevent trouble if you make a mistake.

   1. Kill these running processes with Task Manager:
      se.exe

   2. Unregister these DLLs with Regsvr32, then reboot:
      se.dll

(regsvr32 /u c:\....\.....\se.dll from the Run command box)

   3. Remove these files (if present) with Windows Explorer:
      app.dat
      bm.dat
      se.dll
      se.exe

Source:

http://www.securemost.com/articles/trou_3_remove_searchexe.htm

regsvr32 /u c:\winnt\winshow.dll

Good luck (you will need it).

Zee
0
 
blue_zeeCommented:

Please disregard the regsvr32 /u c:\winnt\winshow.dll (Not on topic at all)
0
 
caza13Commented:
Open the Internet Options window from the control panel, and delete all Cookies and Temporary Internet Files.  In the Documents and Settings folder open the folders for each user including the Administrator and find the Temp sub-folder in the Local Settings folder.  Delete everything that you can from each Temp folder but leave the empty folder.  Use the Task Manager to locate and end the jjmca.exe process.  Then delete the file.  Fix the following items, and delete the files below:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\ADMINI~1.WS-\LOCALS~1\Temp\se.dll/sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

C:\WINNT\system\jjmca.exe
C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
C:\DOCUME~1\ADMINI~1.WS-\LOCALS~1\Temp\se.dll/sp.html
0
 
caza13Commented:
Correction!  Leave the following items:

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
0
 
steph62898Author Commented:
WHAT IS THE JJMCA.EXE?  
AFTER NORTONS ANTIVIRUS DETECTS THE TROJAN.STARTPAGE, IT DELETES IT & THEN THE NEXT DAY DETECTS IT AGAIN & DELETES IT AGAIN. WHY DOES IT FIND & DELETE IT SO MUCH? SHOULDNT IT BE GONE. I HAVE LIKE 4 SPYWARE PROGRAMS??
0
 
caza13Commented:
Thanks.  The file jjmca.exe seems to be a spyware service.  They often use random filenames.  To reduce the chance of reinfection use Windows Update ( v4.windowsupdate.microsoft.com ) to make sure that all of the latest security patches are installed.
0
 
steph62898Author Commented:
ok i was able to remove the jjmca.exe but i cannot find the se.dll....my homepage still says about blank & when i run my hijack this, it doesnt remove the R1's or RO's that say about blank?????
0
 
caza13Commented:
Find the C:\Documents and Settings\Administrator.ws-\Local Settings\Temp folder, and delete everything that is there.  Is it possible that one of the spyware scanners has the start page locked?  You should also be able to change the start page in the Internet Options window.  Access it from the Tools menu in IE or from the Control Panel.
0
 
steph62898Author Commented:
the se.dll file is not in the temp folder. only the jjmca was in there. also, i am able to change the home page in the internet options, however, it just keeps rechanging it self to about blank?????????????????? im sooooooooooooo tireddddddddddddddddddd  lol
0
 
steph62898Author Commented:
i would like to know how to get rid of about blank....i have tried many different things now to do this & it is not going away...i would like to have an answer soon if possible. thank you
0
 
caza13Commented:
Maybe the following link will help.

About:Blank Homepage Hijacker Removal Instructions and Help
http://www.pchell.com/support/aboutblank.shtml
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 15
  • 9
  • 5
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now