?
Solved

ABOUT BLANK IS DRIVING ME CRAZY!!!!!

Posted on 2005-03-13
31
Medium Priority
?
1,221 Views
Last Modified: 2008-01-09
PLEASE HELP ME REMOVE THE ABOUT BLANK FROM MY HOMEPAGE!!!!!!!!!!!!! I CANT TAKE IT ANYMORE!!!!!!!!!!!!!!!!!
I HAVE DOWNLOADED SPYWARE DOCTOR, SPYBOT S & D, NORTON ANTIVIRUS, MICROSOFT ANTISPYWARE, SPYWARE BLASTER, ADADAWARE, & CC CLEANER. NOTHING WILL STOP IT!!!!!!!!!!!! PLEASE HELP RIGHT AWAY!! BY THE WAY I HAVE WINDOWS 2000 PROFESSIONAL.
0
Comment
Question by:steph62898
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 15
  • 9
  • 5
  • +1
31 Comments
 
LVL 33

Expert Comment

by:sajuks
ID: 13530782
download hijackthis from http://tools.radiosplace.com/HijackThis.exe
Click analyse, scroll down the page
Save the Analysis, a new page will open,
post that at http://www.hijackthis.de and check the recmnd. be sure to remove all unwanted/unknown processes.

aslo take a look at this
http://www.besttechie.net/forums/index.php?showtopic=1488
0
 

Author Comment

by:steph62898
ID: 13530814
i have removed about blank from my hijack this several times now, why is this not being corrected?
0
 
LVL 33

Expert Comment

by:sajuks
ID: 13530828
did you do this in safe mode ?
did u try using AboutBuster ?
0
Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

 

Author Comment

by:steph62898
ID: 13530843
i did not do it in safe mode    i didnt try about buster
0
 
LVL 33

Expert Comment

by:sajuks
ID: 13530859
please try that too.

Check the manual soln at
http://www.pchell.com/support/aboutblank.shtml
Also could you post a link to the hijacklog that got generated.
0
 

Author Comment

by:steph62898
ID: 13531308
this is the most recent hijack log from the scan..

Logfile of HijackThis v1.99.1
Scan saved at 6:05:51 PM, on 3/13/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Compaq\Compaq Management Agents\cpqalert.exe
C:\WINNT\Cpqdiag\Cpqdfwag.exe
C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\System32\NMSSvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Compaq\Compaq Management
Agents\Dmi\Win32\bin\Win32sl.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\PROGRA~1\Compaq\COMPAQ~1\cpqdmi.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINNT\system\jjmca.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\SPYWAR~2\swdoctor.exe
C:\WINNT\explorer.exe
C:\Program Files\Yahoo!\Messenger\YPager.exe
C:\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
C:\WINNT\about.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP =
about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP =
about:blank
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} -
C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor -
{B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
Shared\ccApp.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft
AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search
& Destroy\TeaTimer.exe
O4 - Global Startup: Microsoft Find Fast.lnk.disabled
O4 - Global Startup: Microsoft Office Shortcut Bar.lnk.disabled
O4 - Global Startup: Office Startup.lnk.disabled
O9 - Extra button: Spyware Doctor -
{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links -
{c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O13 - DefaultPrefix:
O16 - DPF: Yahoo! Chess -
http://download.games.yahoo.com/games/clients/y/ct2_x.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} -
http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}
(MsnMessengerSetupDownloadControl Class) -
http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer
ActiveX Control) - http://download.toontown.com/sv1.0.14.41/ttinst.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object)
- http://download.games.yahoo.com/games/popcap/zuma/popcaploader_v6.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation
- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec
Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec
Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Compaq Local Alerter (CPQALERT) - Compaq Computer
Corporation - C:\Program Files\Compaq\Compaq Management Agents\cpqalert.exe
O23 - Service: Compaq Remote Diagnostics Enabling Agent
(CpqDfwWebAgent) - Compaq Computer Corporation - C:\WINNT\Cpqdiag\Cpqdfwag.exe
O23 - Service: cpqdmi - Compaq Computer Corporation -
C:\PROGRA~1\Compaq\COMPAQ~1\cpqdmi.exe
O23 - Service: Compaq DMI Web Agent (cpqWebDmi) - Compaq Computer
Corporation - C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) -
VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) -
Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation -
C:\WINNT\System32\NMSSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) -
Symantec Corporation - C:\Program Files\Norton
AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton
AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec
Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation -
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program
Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Win32Sl (WIN32SL) - Intel - C:\Program
Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe
0
 

Author Comment

by:steph62898
ID: 13531486
CAN SOMEONE HELP ME WITH THIS LOG PLEASE?? I AM SO AT MY WITS END! LOL  THANK YOU
0
 
LVL 33

Expert Comment

by:sajuks
ID: 13531586
first fix these entries from ur log

         C:\WINNT\system\jjmca.exe
         O2 - BHO: PCTools Browser Monitor -
         O4 - Global Startup: Microsoft Find Fast.lnk.disabled                 
        O4 - Global Startup: Microsoft Office Shortcut Bar.lnk.disabled
         O4 - Global Startup: Office Startup.lnk.disabled
         O9 - Extra button: Spyware Doctor -         To be fixed if the entry 'Spyware Doctor ' is unknown.
O9 - Extra 'Tools' menuitem: Show &Related Links -         To be fixed if the entry 'Show &Related Links ' is unknown.
       O13 - DefaultPrefix:       
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} -                 Check if you know this site and fix it if you do not.
        O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}               Check if you know this site and fix it if you do not.
        O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer               Check if you know this site and fix it if you do not.
        O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object)Check if you know this site and fix it if you do not.


0
 

Author Comment

by:steph62898
ID: 13531659
OK I DID THAT, BUT, I COULDNT FIX THE C:\WINNT\system\jjmca.exe BECAUSE THERE WAS NO BOX TO CHECK NEXT TO IT...WHAT SHOULD I DO, IM STILL GETTING POP-UPS.

Logfile of HijackThis v1.99.1
Scan saved at 8:41:17 PM, on 3/13/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Compaq\Compaq Management Agents\cpqalert.exe
C:\WINNT\Cpqdiag\Cpqdfwag.exe
C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\System32\NMSSvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\PROGRA~1\Compaq\COMPAQ~1\cpqdmi.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINNT\system\jjmca.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Yahoo!\Messenger\YPager.exe
C:\WINNT\explorer.exe
C:\Program Files\CCleaner\ccleaner.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\administrator.WS-W2K-EVP2A\Local Settings\Temp\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\ADMINI~1.WS-\LOCALS~1\Temp\se.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/old
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct2_x.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/popcap/zuma/popcaploader_v6.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Compaq Local Alerter (CPQALERT) - Compaq Computer Corporation - C:\Program Files\Compaq\Compaq Management Agents\cpqalert.exe
O23 - Service: Compaq Remote Diagnostics Enabling Agent (CpqDfwWebAgent) - Compaq Computer Corporation - C:\WINNT\Cpqdiag\Cpqdfwag.exe
O23 - Service: cpqdmi - Compaq Computer Corporation - C:\PROGRA~1\Compaq\COMPAQ~1\cpqdmi.exe
O23 - Service: Compaq DMI Web Agent (cpqWebDmi) - Compaq Computer Corporation - C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Win32Sl (WIN32SL) - Intel - C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe
0
 
LVL 33

Expert Comment

by:sajuks
ID: 13531921
reboot in safe mode.
make sure in windows explorer the option "show all files" are on.
now try deleting it.

also
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\ADMINI~1.WS-\LOCALS~1\Temp\se.dll/sp.html
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
needs to be fixed.

try doing an online scan ar http://housecall.trendmicro.com/
0
 

Author Comment

by:steph62898
ID: 13531954
i just downloaded mazilla as a browser. now that ive done that, can i remove internet explorer? if i do remove IE, will that get rid of all this crap?
0
 
LVL 33

Expert Comment

by:sajuks
ID: 13531968
yes that would solve most of your problems.But be aware that IE cannot be completely removed from ur system ( microsoft has ensured that). Set mozilla as ur default browser and you should be a happy person.
and mozilla is the rite way, i gave up browsing using IE a long time ago
0
 

Author Comment

by:steph62898
ID: 13531977
oh ok   lol
well even though i am using mozilla for the last hour, IE pop-ups keep poping up???? what shall i do??
0
 

Author Comment

by:steph62898
ID: 13531979
can i set up mozilla home page to be yahoo instead of google?
0
 
LVL 33

Expert Comment

by:sajuks
ID: 13531992
"well even though i am using mozilla for the last hour, IE pop-ups keep poping up???? what shall i do??"
have you got ie running in the background ??


" can i set up mozilla home page to be yahoo instead of google?"
in firefox....go to tools > options>general> location...here you can've multiple home pages
for eg: www.yahoo.com;www.google.com whcih would then open in two seperate tabs in the same browser
0
 

Author Comment

by:steph62898
ID: 13532005
IE doesnt appear to be running, but i do have a cable modem, isnt it running always?
0
 
LVL 33

Expert Comment

by:sajuks
ID: 13532028
nope...i'd recommend doing an antivirus scan on ur pc.
try this tool
http://www.scosoft.com/download-remove-about-blank-buddy.htm

0
 

Author Comment

by:steph62898
ID: 13532036
i have pop ups even when i dont click on internet explorer & i have norton antivirus, spybot s & d, microsoft antipsyware, hijack this, &  a couple other spyware protectors
0
 

Author Comment

by:steph62898
ID: 13532038
my spybot s & d keeps telling me that a registry change is trying to be made, "about blank & trojan.startpage" are trying to get in the registry
0
 
LVL 33

Expert Comment

by:sajuks
ID: 13532047
running cwshredder http://www.spywareinfo.com/~merijn/files/cwshredder.zip and then using hijackthis should've sorted it out.
can you run cwshredder and post ur hijackthis log file again ( just save the link at http://www.hijackthis.de and post the link reference).
0
 
LVL 29

Expert Comment

by:blue_zee
ID: 13535090

SearchExe Manual Removal:

Follow these steps to remove Search-Exe from your machine. Begin by backing up your registry and your system, and/or setting a Restore Point, to prevent trouble if you make a mistake.

   1. Kill these running processes with Task Manager:
      se.exe

   2. Unregister these DLLs with Regsvr32, then reboot:
      se.dll

(regsvr32 /u c:\....\.....\se.dll from the Run command box)

   3. Remove these files (if present) with Windows Explorer:
      app.dat
      bm.dat
      se.dll
      se.exe

Source:

http://www.securemost.com/articles/trou_3_remove_searchexe.htm

regsvr32 /u c:\winnt\winshow.dll

Good luck (you will need it).

Zee
0
 
LVL 29

Expert Comment

by:blue_zee
ID: 13535099

Please disregard the regsvr32 /u c:\winnt\winshow.dll (Not on topic at all)
0
 
LVL 6

Accepted Solution

by:
caza13 earned 2000 total points
ID: 13539997
Open the Internet Options window from the control panel, and delete all Cookies and Temporary Internet Files.  In the Documents and Settings folder open the folders for each user including the Administrator and find the Temp sub-folder in the Local Settings folder.  Delete everything that you can from each Temp folder but leave the empty folder.  Use the Task Manager to locate and end the jjmca.exe process.  Then delete the file.  Fix the following items, and delete the files below:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\ADMINI~1.WS-\LOCALS~1\Temp\se.dll/sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

C:\WINNT\system\jjmca.exe
C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
C:\DOCUME~1\ADMINI~1.WS-\LOCALS~1\Temp\se.dll/sp.html
0
 
LVL 6

Expert Comment

by:caza13
ID: 13540040
Correction!  Leave the following items:

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
0
 

Author Comment

by:steph62898
ID: 13541504
WHAT IS THE JJMCA.EXE?  
AFTER NORTONS ANTIVIRUS DETECTS THE TROJAN.STARTPAGE, IT DELETES IT & THEN THE NEXT DAY DETECTS IT AGAIN & DELETES IT AGAIN. WHY DOES IT FIND & DELETE IT SO MUCH? SHOULDNT IT BE GONE. I HAVE LIKE 4 SPYWARE PROGRAMS??
0
 
LVL 6

Expert Comment

by:caza13
ID: 13541680
Thanks.  The file jjmca.exe seems to be a spyware service.  They often use random filenames.  To reduce the chance of reinfection use Windows Update ( v4.windowsupdate.microsoft.com ) to make sure that all of the latest security patches are installed.
0
 

Author Comment

by:steph62898
ID: 13541744
ok i was able to remove the jjmca.exe but i cannot find the se.dll....my homepage still says about blank & when i run my hijack this, it doesnt remove the R1's or RO's that say about blank?????
0
 
LVL 6

Expert Comment

by:caza13
ID: 13542182
Find the C:\Documents and Settings\Administrator.ws-\Local Settings\Temp folder, and delete everything that is there.  Is it possible that one of the spyware scanners has the start page locked?  You should also be able to change the start page in the Internet Options window.  Access it from the Tools menu in IE or from the Control Panel.
0
 

Author Comment

by:steph62898
ID: 13550996
the se.dll file is not in the temp folder. only the jjmca was in there. also, i am able to change the home page in the internet options, however, it just keeps rechanging it self to about blank?????????????????? im sooooooooooooo tireddddddddddddddddddd  lol
0
 

Author Comment

by:steph62898
ID: 13552084
i would like to know how to get rid of about blank....i have tried many different things now to do this & it is not going away...i would like to have an answer soon if possible. thank you
0
 
LVL 6

Expert Comment

by:caza13
ID: 13552523
Maybe the following link will help.

About:Blank Homepage Hijacker Removal Instructions and Help
http://www.pchell.com/support/aboutblank.shtml
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
This story has been written with permission from the scammed victim, a valued client of mine – identity protected by request.
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question