karbowiak
asked on
EXTREME difficulty removing about:blank from Windows 98
I've read solutions listed in a previous post with a similar problem, but nothing has worked so far. I've tried Ad Aware (paid $29.95 for registration key), CWShredder, Spybot, etc., but about:blank keeps reappearing -- defaulting my home page to it. Plus, there are 4 porn site addresses that keep getting added to my "Add Favorites" drop down list. All this seems to occur once I access the Internet. My Yahoo homepage works the first time, but subsequent times it changes to about:blank. When I run Spybot, for example, it identifies 102 critical issues. But when Spybot is in the process of deleting these, my pc always freezes up during the "Deleting Files" phase and the job never gets finished, especially when trying to delete what I found to be "Trojans"?? I think the file names are something like "dirc"? Also, I keep getting error messages that force me to close windows programs, pop-ups keep appearing, internal error messages come up that will not allow me to click on "Ignore" to continue, the pc is SLOW, often having to wait because programs are "Not Responding", etc., etc., etc. I can never get anythig accomplished! Various other messages I've received at times include, "Default URL Search Hook Missing" (NOTE: Ad Aware does not fix this issue when I click on "Fix It"). I've also received "C:\Windows\System\Nethx32
I am not an expert with computers, but I am technical enough to understand technical solution ideas and work on my computer with them. I hope this is all helpful information, and thank you in advance for your time. I am rating this as 500 points because of all the troubles I have had, so I hope I am doing this correctly. Thanks, Ken
I am not an expert with computers, but I am technical enough to understand technical solution ideas and work on my computer with them. I hope this is all helpful information, and thank you in advance for your time. I am rating this as 500 points because of all the troubles I have had, so I hope I am doing this correctly. Thanks, Ken
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
LaQ
Go to www.adwareaway.com and download the trial of Adware Away. This gotten rid of the About Blank on a Windows 98 machine of my clients.
To use click remove hijackers from the left panel. Choose Scan All. When it completes click on the results button and it will tell you what the scan found.
In the results list you have to one by one click the icon of the found hijacker and click the remove button. Hoe this explanation helps.
In the results list you have to one by one click the icon of the found hijacker and click the remove button. Hoe this explanation helps.
Also try running your antispyware programs like SpyBot and AdAware in Safe Mode(at boot up hit F5 continuously to get to Safe Mode). Also do a virus scan on your system.
Here is a site about ‘about:blank
It gives instructions to do it manually and software
http://www.adwareaway.com/aboutblank.htm
gonzal13(joe)
It gives instructions to do it manually and software
http://www.adwareaway.com/aboutblank.htm
gonzal13(joe)
LaQ:
Just saw your comment which duplicates my comment. I apologize.
JOe
Just saw your comment which duplicates my comment. I apologize.
JOe
ASKER
Zee -
I failed to mention that I also tried 'Hijack This' to no avail (along with various other spyware removers). But I will try Hijack This again and copy/paste the log and post the link as you suggested. I'll need to do it this evening and hope that I can get that far before the system crashing.
LaQ -
I did go through the 'Scan All' detail with Ad Aware as you suggested (one by one), but it did not find any hijackers, strangely enough. I eventually scanned everything and removed the errors found (trojans, etc.), but it did not allow me to "fix" the "URL Search Hook" error. I will try your Safe Mode suggestion.
I will get back with you this evening or tomorrow morning with hopefully good news. Thanks so much. Ken
I failed to mention that I also tried 'Hijack This' to no avail (along with various other spyware removers). But I will try Hijack This again and copy/paste the log and post the link as you suggested. I'll need to do it this evening and hope that I can get that far before the system crashing.
LaQ -
I did go through the 'Scan All' detail with Ad Aware as you suggested (one by one), but it did not find any hijackers, strangely enough. I eventually scanned everything and removed the errors found (trojans, etc.), but it did not allow me to "fix" the "URL Search Hook" error. I will try your Safe Mode suggestion.
I will get back with you this evening or tomorrow morning with hopefully good news. Thanks so much. Ken
Ken,
Thanks for the feedback.
I hope we can help you find a way out of trouble.
Zee
http://www.spywareremove.com/about_blank.shtml
Also go here , its a PAQ:
https://www.experts-exchange.com/questions/21104781/about-blank.html?query=about+blank&clearTAFilter=true
about buster is a good suggestion from there :)
Also go here , its a PAQ:
https://www.experts-exchange.com/questions/21104781/about-blank.html?query=about+blank&clearTAFilter=true
about buster is a good suggestion from there :)
http://www.majorgeeks.com/download4289.html
http://www.google.com/search?hl=en&lr=&q=about%3Abuster
My search so you can fnd other URL's to download it from , if the first does not work :)
http://www.google.com/search?hl=en&lr=&q=about%3Abuster
My search so you can fnd other URL's to download it from , if the first does not work :)
Also if you try and use microsofts anti spyware :
http://www.microsoft.com/athome/security/spyware/software/default.mspx
Also if you install any relevant applications and then go into safe mode and do the scans and remove them in safe mode, that helps :)
http://www.microsoft.com/athome/security/spyware/software/default.mspx
Also if you install any relevant applications and then go into safe mode and do the scans and remove them in safe mode, that helps :)
Hi!
about:buster does not work on all variants of about:blank.
Do as Zee suggests above and post a LINK to your HijackThis log.
There's also a variant of L2M that seems to appear in conjuction with
about:blank that is VERY difficult to remove!
Good luck!
RF
about:buster does not work on all variants of about:blank.
Do as Zee suggests above and post a LINK to your HijackThis log.
There's also a variant of L2M that seems to appear in conjuction with
about:blank that is VERY difficult to remove!
Good luck!
RF
karbowiak
I would always suggest Safe Mode, but there are also configuration settings in Adaware which MIGHT help it to remove processes if run in normal Windows mode.
Open the Configuration dialog, and select the "Tweak" section. Look for all tick-boxes that instruct Adaware to "unload" modules/processes before deletion, and also the option to allow Windows to delete files at the next reboot.
Go up to the "Scanning Engine" section (still under "Tweak"), and look for the options to "Unload recognised processes and modules during scan" and "Scan registry for all users instead of current user only".
Back in the configuration dialog, choose the "Scanning" section, and there tell it to scan inside archives, not to exclude any files, and tick all the boxes under the "memory and registry" part.
Open the "Defaults" section, and make sure that your HomePage and SearchPage are set to what you want them to be.
Restart Adaware.
Always be sure to shut down to power off after Adaware (or any other utilities) find and remove rogue processes. This gets rid of everything in memory before restarting. On occasions, files can be stored in memory and may reappear in the system.
I would always suggest Safe Mode, but there are also configuration settings in Adaware which MIGHT help it to remove processes if run in normal Windows mode.
Open the Configuration dialog, and select the "Tweak" section. Look for all tick-boxes that instruct Adaware to "unload" modules/processes before deletion, and also the option to allow Windows to delete files at the next reboot.
Go up to the "Scanning Engine" section (still under "Tweak"), and look for the options to "Unload recognised processes and modules during scan" and "Scan registry for all users instead of current user only".
Back in the configuration dialog, choose the "Scanning" section, and there tell it to scan inside archives, not to exclude any files, and tick all the boxes under the "memory and registry" part.
Open the "Defaults" section, and make sure that your HomePage and SearchPage are set to what you want them to be.
Restart Adaware.
Always be sure to shut down to power off after Adaware (or any other utilities) find and remove rogue processes. This gets rid of everything in memory before restarting. On occasions, files can be stored in memory and may reappear in the system.
Note: Microsoft's Anti-Spyware incarnation does not run in Windows 98 or 98se.
what about ad aware or spy sweeper ? Do they run in win 98 ?
www.webroot.com for spy sweeper and
http://www.lavasoftusa.com/software/adaware/ for ad aware :)
www.webroot.com for spy sweeper and
http://www.lavasoftusa.com/software/adaware/ for ad aware :)
ASKER
Zee & LaQ -
I followed your help tips and everything appears to be functioning normally now, in terms of "about:blank." THANKS!!! You have been godsends. The system was more "stable" than the previous day, so I was able to accomplish more. For your records, and for anyone else who may find this helpful, this is what I did to KILL about:blank:
-Booted up in Safe Mode
-Ran Adware Away, which discovered a corrupted "load=" and "run=" (under the AutoRun tab, I think). It instructed me to fix it in sysedit.exe. While there, I deleted "load=" and "run=" in the window named C:\Windows|win.ini
-Ran Spybot and it said, "Congratulations! No immediate threats were found". But it also said, "Error during check! Winpup32 (Ungultiger Datentyp fur)". I haven't brushed up on my German to know what this means!
-Ran Ad Aware SE, which found 28 New Critical Objects (5 registry keys, 14 registry values and 9 files). I was able to delete them.
-I rebooted in Normal Mode and downloaded Hijack This.
-I scanned and logged what it found, and noticed 3 entries that had "about:blank" in the name. Since I knew that "about:blank" was the cause of my troubles, I deleted these entries to see if that worked rather than posting the log in this forum for follow up.
-I downloaded an ran CWS Shredder, which was okay. Subsequently, I ran Spybot (okay), Adware Away (okay) and Ad Aware SE (found 4 new critical objects, which I deleted).
-I rebooted once again in Normal Mode and ran the spyware removers above. All were again fine except Ad Aware SE, which found 1 new critical item (which I deleted).
-I rebooted a 3rd time in Normal Mode. Ad Aware SE found 3 more critical, which I deleted. I saw that these were "low risk" cookie items (tribal fusion, atdmt and doubleclick).
-I reran Ad Aware SE and modified my scan using the "Tweak" option and "scanning inside archives". No critical objects found.
I rebooted a 4th time in Normal Mode and all spyware remover applications listed above were okay, even Ad Aware SE.
FOLLOW UP QUESTIONS:
1. CWS Shredder results were fine. But when I ran it to "Scan Only", the report listed a message stating, "Hosts file not present. Found win.ini file: C:\Windows\win.ini". Should I be concerned with this?
2. When I reboot now, I am directed to a DOS screen, requiring me to either enter a code to boot up in Normal or Safe Mode. Is there a way to adjust my settings so that this is bypassed, allowing the computer to boot up in Normal Mode at all times unless I choose to hit F5?
3. Some web pages now (not all) load up with VERY, VERY SMALL FONT that is almost unreadable. How can I correct this?
Thanks, Ken
I followed your help tips and everything appears to be functioning normally now, in terms of "about:blank." THANKS!!! You have been godsends. The system was more "stable" than the previous day, so I was able to accomplish more. For your records, and for anyone else who may find this helpful, this is what I did to KILL about:blank:
-Booted up in Safe Mode
-Ran Adware Away, which discovered a corrupted "load=" and "run=" (under the AutoRun tab, I think). It instructed me to fix it in sysedit.exe. While there, I deleted "load=" and "run=" in the window named C:\Windows|win.ini
-Ran Spybot and it said, "Congratulations! No immediate threats were found". But it also said, "Error during check! Winpup32 (Ungultiger Datentyp fur)". I haven't brushed up on my German to know what this means!
-Ran Ad Aware SE, which found 28 New Critical Objects (5 registry keys, 14 registry values and 9 files). I was able to delete them.
-I rebooted in Normal Mode and downloaded Hijack This.
-I scanned and logged what it found, and noticed 3 entries that had "about:blank" in the name. Since I knew that "about:blank" was the cause of my troubles, I deleted these entries to see if that worked rather than posting the log in this forum for follow up.
-I downloaded an ran CWS Shredder, which was okay. Subsequently, I ran Spybot (okay), Adware Away (okay) and Ad Aware SE (found 4 new critical objects, which I deleted).
-I rebooted once again in Normal Mode and ran the spyware removers above. All were again fine except Ad Aware SE, which found 1 new critical item (which I deleted).
-I rebooted a 3rd time in Normal Mode. Ad Aware SE found 3 more critical, which I deleted. I saw that these were "low risk" cookie items (tribal fusion, atdmt and doubleclick).
-I reran Ad Aware SE and modified my scan using the "Tweak" option and "scanning inside archives". No critical objects found.
I rebooted a 4th time in Normal Mode and all spyware remover applications listed above were okay, even Ad Aware SE.
FOLLOW UP QUESTIONS:
1. CWS Shredder results were fine. But when I ran it to "Scan Only", the report listed a message stating, "Hosts file not present. Found win.ini file: C:\Windows\win.ini". Should I be concerned with this?
2. When I reboot now, I am directed to a DOS screen, requiring me to either enter a code to boot up in Normal or Safe Mode. Is there a way to adjust my settings so that this is bypassed, allowing the computer to boot up in Normal Mode at all times unless I choose to hit F5?
3. Some web pages now (not all) load up with VERY, VERY SMALL FONT that is almost unreadable. How can I correct this?
Thanks, Ken
Ken,
That was a nice and detailed feedback report.
Congrats on your patience and persistence. As always that seems to have paid back.
1)
WIN.INI is OK, shouldn't be concerned.
Regarding the HOSTS file, I would suggest you read this to understand what it and how it can be used to protect your system (my suggestion is try it):
Blocking Unwanted Parasites with a Hosts File
http://mvps.org/winhelp2002/hosts.htm
2)
If you are directed to the start menu by default, check this first:
Start > Run > type MSCONFIG and press enter.
This will launch the System Configuration Utility. Under the General tab, click the "Advanced" button. UNtick "Enable Startup menu". Click OK, Apply and OK to close the utility.
Restart. The Startup Menu should not appear now and Windows should load as usually.
If this is not your problem, do post back as there are other possibilities we can check.
3)
To configure text size in IE, try View > Text size and select Medium or other size that may please you.
See if that solves the problem.
I hope you find the above tips useful.
Cheers,
Zee
Hi!
Concerning removing the "load=" and "run=" entries in win.ini
Those are normal entries - the only thing you should worry about is what
is after the = sign.
As for your "Hosts" file: this may help -
Download Hoster from here:
http://members.aol.com/toadbee/hoster.zip
Unzip, install the program and run it.
Press *Restore Original Hosts* and press OK*
Exit Hoster, and you should now be able to access the sites you need.
Good luck!
RF
Concerning removing the "load=" and "run=" entries in win.ini
Those are normal entries - the only thing you should worry about is what
is after the = sign.
As for your "Hosts" file: this may help -
Download Hoster from here:
http://members.aol.com/toadbee/hoster.zip
Unzip, install the program and run it.
Press *Restore Original Hosts* and press OK*
Exit Hoster, and you should now be able to access the sites you need.
Good luck!
RF
karbowiak
I was reading back through your original question again, and I see that you mentioned the following parasites are being found on your system:
CWS (CoolWebSearch)
SideSearch (Lycos SideSearch)
PowerScan
BookedSpace
180Solutions
eGroup
BargainBuddy
A Better Internet
I have thoroughly researched all of these, including the known variants and affiliated programs installed by (or installed from) each of them. I have just filled notepad to full capacity with a list of folders/files and registry settings that these create.
Your self-appraisal stated "I am not an expert with computers, but I am technical enough to understand technical solution ideas and work on my computer with them".
What you are up against here are very persistent processes that are launched from several different places, and need to be "killed" before any of the programs suggested will remove them successfully. Some utilities are better than others at removing specific ones, but there are variants of each and all it takes is one registry entry or file to slip the net and one or more of those parasites can reconfigure itself.
The main problem here, given the number of different parasites being reported, is that where one utility DOES manage to remove associated files and settings, you would normally power down and then restart to allow total removal. If that utility hadn't totally targeted and eliminated one of the OTHER parasites present, then that restart would probably restore the partially-removed parasite.
It's a "catch-22" situation: "To reboot, or not to reboot?". I mean, do you try and run several utilities all one after the other WITHOUT rebooting, and THEN power off and reboot? It's hard to say for certain what would be the best approach, because each utility works differently, and each parasite works differently.
I believe that I have compiled sufficient information to enable me to create a .REG file and a batch file to get rid of most (if not all) of these parasites, and these could be run either by booting to DOS, or be run before your system actually boots into Windows. That's the best time to delete files and remove settings, but it isn't guaranteed to work, and (although I always double-check things before allowing others to run them), there is always a small risk that a tiny error in one of the files could cause some minor knock-on problems.
Put it this way. Your computer really seems to be riddled with parasites to such an extent that my personal instinct (if it was mine), would be to format the drive and reinstall if repeated attempts to remove parasites were unsuccessful. I hate giving up, but I am a realist. As this potential last option seems to be more of a reality, I do suggest that you begin backing up essential data to CD in case you have to reinstall from scratch.
If backing up your Favorites, just be careful not to include rogue ones dropped in there by any one of these parasites. If backing up the installer files for downloaded programs, be aware that it could easily have been one or more downloaded freeware ones that installed all this scumware. I suggest restricting backups to ONLY those documents and files that cannot be replicated eg. images, mp3's, videos, documents, etc.
IF you want me to carry on and complete a .REG file and Batch file, then you will find my email address in my profile (at the end of the "profile" field). Just click on my username at the top of this question. Send me an email, and I can email you a zip file containing the necessary files and instructions.
If you prefer not to do that, and I respect your privacy, then I might be able to paste the text here for you to create your own files. In either case, I would keep the other experts updated with details of what I was suggesting, because it defeats the spirit of Experts-Exchange to engage in exchanges away from the question.
In the meantime, carry on with running the utilities suggested in this thread from Safe Mode and see if you can meet with success.
Bill
I was reading back through your original question again, and I see that you mentioned the following parasites are being found on your system:
CWS (CoolWebSearch)
SideSearch (Lycos SideSearch)
PowerScan
BookedSpace
180Solutions
eGroup
BargainBuddy
A Better Internet
I have thoroughly researched all of these, including the known variants and affiliated programs installed by (or installed from) each of them. I have just filled notepad to full capacity with a list of folders/files and registry settings that these create.
Your self-appraisal stated "I am not an expert with computers, but I am technical enough to understand technical solution ideas and work on my computer with them".
What you are up against here are very persistent processes that are launched from several different places, and need to be "killed" before any of the programs suggested will remove them successfully. Some utilities are better than others at removing specific ones, but there are variants of each and all it takes is one registry entry or file to slip the net and one or more of those parasites can reconfigure itself.
The main problem here, given the number of different parasites being reported, is that where one utility DOES manage to remove associated files and settings, you would normally power down and then restart to allow total removal. If that utility hadn't totally targeted and eliminated one of the OTHER parasites present, then that restart would probably restore the partially-removed parasite.
It's a "catch-22" situation: "To reboot, or not to reboot?". I mean, do you try and run several utilities all one after the other WITHOUT rebooting, and THEN power off and reboot? It's hard to say for certain what would be the best approach, because each utility works differently, and each parasite works differently.
I believe that I have compiled sufficient information to enable me to create a .REG file and a batch file to get rid of most (if not all) of these parasites, and these could be run either by booting to DOS, or be run before your system actually boots into Windows. That's the best time to delete files and remove settings, but it isn't guaranteed to work, and (although I always double-check things before allowing others to run them), there is always a small risk that a tiny error in one of the files could cause some minor knock-on problems.
Put it this way. Your computer really seems to be riddled with parasites to such an extent that my personal instinct (if it was mine), would be to format the drive and reinstall if repeated attempts to remove parasites were unsuccessful. I hate giving up, but I am a realist. As this potential last option seems to be more of a reality, I do suggest that you begin backing up essential data to CD in case you have to reinstall from scratch.
If backing up your Favorites, just be careful not to include rogue ones dropped in there by any one of these parasites. If backing up the installer files for downloaded programs, be aware that it could easily have been one or more downloaded freeware ones that installed all this scumware. I suggest restricting backups to ONLY those documents and files that cannot be replicated eg. images, mp3's, videos, documents, etc.
IF you want me to carry on and complete a .REG file and Batch file, then you will find my email address in my profile (at the end of the "profile" field). Just click on my username at the top of this question. Send me an email, and I can email you a zip file containing the necessary files and instructions.
If you prefer not to do that, and I respect your privacy, then I might be able to paste the text here for you to create your own files. In either case, I would keep the other experts updated with details of what I was suggesting, because it defeats the spirit of Experts-Exchange to engage in exchanges away from the question.
In the meantime, carry on with running the utilities suggested in this thread from Safe Mode and see if you can meet with success.
Bill
Hey, I type too slow ;-)
Let me digest what has transpired while I was typing.
Let me digest what has transpired while I was typing.
Phew. Well done, karbowiak. Rerunning the utilities like that has certainly worked well.
Just one point about the new boot menu that you are seeing. I actually like to have this boot menu show every time windows starts, because it saves me the bother of having to try and show it by jabbing at the F8 key during early boot when I need to boot to Safe Mode or DOS.
The only problem is that the "enable startup menu" setting in MSCONFIG (as discussed by blue_zee) makes it show for 30 seconds if there is no user interaction. If you want to keep the menu, but make it only show for say 6 seconds, here's how to change that.
Start menu > Folder Options > "View" tab
Make sure that the tick-boxes are set to show all files and not to hide extensions of known file types.
Find C:\MSDOS.SYS and right-click on it. Select "Properties" and make sure that the "Read Only" box is not ticked. If you have to untick it, click "Apply" and then "OK" to close the "properties" box.
Hold down the SHIFT key and RIGHT-Click MSDOS.SYS. Select "Open With" and make sure that the box that says "always use this program to open files of this type" is NOT ticked. Scroll down to "Notepad" and double-click on it.
The top part before the lines of "x's" should look like this:
[Paths]
WinDir=C:\WINDOWS
WinBootDir=C:\WINDOWS
HostWinBootDrv=C
UninstallDir=C:\
[Options]
BootMulti=1
BootGUI=1
DoubleBuffer=1
AutoScan=1
WinVer=4.10.2222 <--- This will be 4.10.1998 if it is Win98 First Edition.
After the last row of x's, you MAY see some extra lines. I suggest that you either ADD new lines or alter existing ones to read:
BootMenu=1
BootMenuDelay=6
Bootkeys=1
Logo=0
Set this way, the boot menu will always show, but will default to option 1 (normal windows boot) if these is no user intervention within 6 seconds. If "Logo=0" then it won't show the Win98 logo and you can often see boot errors that are sometimes hidden behind it.
If you see a line BootWarn=? then I suggest that you change it to BootWarn=1 or just delete the line. This affects whether you are warned that you are entering Safe Mode and shown a prompt.
If there is a line BootSafe=? then I suggest you delete it . This affects whether the system automatically boots into safe Mode.
Save the changes, then Right-Click > Properties > tick the "Read-Only" box > "Apply" > "OK".
The decision is up to you, but that's my personal preference.
Just one point about the new boot menu that you are seeing. I actually like to have this boot menu show every time windows starts, because it saves me the bother of having to try and show it by jabbing at the F8 key during early boot when I need to boot to Safe Mode or DOS.
The only problem is that the "enable startup menu" setting in MSCONFIG (as discussed by blue_zee) makes it show for 30 seconds if there is no user interaction. If you want to keep the menu, but make it only show for say 6 seconds, here's how to change that.
Start menu > Folder Options > "View" tab
Make sure that the tick-boxes are set to show all files and not to hide extensions of known file types.
Find C:\MSDOS.SYS and right-click on it. Select "Properties" and make sure that the "Read Only" box is not ticked. If you have to untick it, click "Apply" and then "OK" to close the "properties" box.
Hold down the SHIFT key and RIGHT-Click MSDOS.SYS. Select "Open With" and make sure that the box that says "always use this program to open files of this type" is NOT ticked. Scroll down to "Notepad" and double-click on it.
The top part before the lines of "x's" should look like this:
[Paths]
WinDir=C:\WINDOWS
WinBootDir=C:\WINDOWS
HostWinBootDrv=C
UninstallDir=C:\
[Options]
BootMulti=1
BootGUI=1
DoubleBuffer=1
AutoScan=1
WinVer=4.10.2222 <--- This will be 4.10.1998 if it is Win98 First Edition.
After the last row of x's, you MAY see some extra lines. I suggest that you either ADD new lines or alter existing ones to read:
BootMenu=1
BootMenuDelay=6
Bootkeys=1
Logo=0
Set this way, the boot menu will always show, but will default to option 1 (normal windows boot) if these is no user intervention within 6 seconds. If "Logo=0" then it won't show the Win98 logo and you can often see boot errors that are sometimes hidden behind it.
If you see a line BootWarn=? then I suggest that you change it to BootWarn=1 or just delete the line. This affects whether you are warned that you are entering Safe Mode and shown a prompt.
If there is a line BootSafe=? then I suggest you delete it . This affects whether the system automatically boots into safe Mode.
Save the changes, then Right-Click > Properties > tick the "Read-Only" box > "Apply" > "OK".
The decision is up to you, but that's my personal preference.