?
Solved

EXTREME difficulty removing about:blank from Windows 98

Posted on 2005-03-23
22
Medium Priority
?
469 Views
Last Modified: 2013-12-29
I've read solutions listed in a previous post with a similar problem, but nothing has worked so far.  I've tried Ad Aware (paid $29.95 for registration key), CWShredder, Spybot, etc., but about:blank keeps reappearing -- defaulting my home page to it.  Plus, there are 4 porn site addresses that keep getting added to my "Add Favorites" drop down list. All this seems to occur once I access the Internet.  My Yahoo homepage works the first time, but subsequent times it changes to about:blank.  When I run Spybot, for example, it identifies 102 critical issues.  But when Spybot is in the process of deleting these, my pc always freezes up during the "Deleting Files" phase and the job never gets finished, especially when trying to delete what I found to be "Trojans"??  I think the file names are something like "dirc"?  Also, I keep getting error messages that force me to close windows programs, pop-ups keep appearing, internal error messages come up that will not allow me to click on "Ignore" to continue, the pc is SLOW, often having to wait because programs are "Not Responding", etc., etc., etc.  I can never get anythig accomplished!  Various other messages I've received at times include, "Default URL Search Hook Missing" (NOTE:  Ad Aware does not fix this issue when I click on "Fix It").  I've also received "C:\Windows\System\Nethx32.exe not found".  These are not consistent errors, but I have seen them appear.  Other issues noted by spyware removal programs that appear to be problems include, CWS, Side Search, Power Scan, Booked Space, 180Solutions, Spyware Distribution, eUniverse, eGroup, Bargain Buddy, A Better Internet and Browser Hijack.

I am not an expert with computers, but I am technical enough to understand technical solution ideas and work on my computer with them.  I hope this is all helpful information, and thank you in advance for your time.  I am rating this as 500 points because of all the troubles I have had, so I hope I am doing this correctly.  Thanks, Ken
0
Comment
Question by:karbowiak
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
  • 3
  • +5
22 Comments
 
LVL 29

Accepted Solution

by:
blue_zee earned 2000 total points
ID: 13613030

Download HijackThis:

http://www.majorgeeks.com/download3155.html

Scan your system, save the log. Copy and paste it here:

http://www.hijackthis.de/

Click the "Analyze" button. Scroll down the analysis resulte and click the Save analysis.

Post here the LINK to that page, DON'T post the log.

We will take a look at it as soon as you post the link.

Zee
0
 
LVL 2

Expert Comment

by:LaQ
ID: 13613552
Go to www.adwareaway.com and download the trial of Adware Away.  This gotten rid of the About Blank on a Windows 98 machine of my clients.
0
 
LVL 2

Expert Comment

by:LaQ
ID: 13613589
To use click remove hijackers from the left panel.  Choose Scan All.  When it completes click on the results button and it will tell you what the scan found.  

In the results list you have to one by one click the icon of the found hijacker and click the remove button.  Hoe this explanation helps.  
0
Get real performance insights from real users

Key features:
- Total Pages Views and Load times
- Top Pages Viewed and Load Times
- Real Time Site Page Build Performance
- Users’ Browser and Platform Performance
- Geographic User Breakdown
- And more

 
LVL 2

Expert Comment

by:LaQ
ID: 13613629
Also try running your antispyware programs like SpyBot and AdAware in Safe Mode(at boot up hit F5 continuously to get to Safe Mode).  Also do a virus scan on your system.
0
 
LVL 13

Expert Comment

by:gonzal13
ID: 13614496
Here is a site about ‘about:blank

It gives instructions to do it manually and software

http://www.adwareaway.com/aboutblank.htm

gonzal13(joe)
0
 
LVL 13

Expert Comment

by:gonzal13
ID: 13614511
LaQ:

Just saw your comment which duplicates my comment. I apologize.

JOe
0
 

Author Comment

by:karbowiak
ID: 13614634
Zee -

I failed to mention that I also tried 'Hijack This' to no avail (along with various other spyware removers).  But I will try Hijack This again and copy/paste the log and post the link as you suggested.  I'll need to do it this evening and hope that I can get that far before the system crashing.

LaQ -

I did go through the 'Scan All' detail with Ad Aware as you suggested (one by one), but it did not find any hijackers, strangely enough.  I eventually scanned everything and removed the errors found (trojans, etc.), but it did not allow me to "fix" the "URL Search Hook" error.  I will try your Safe Mode suggestion.

I will get back with you this evening or tomorrow morning with hopefully good news.  Thanks so much.  Ken
0
 
LVL 29

Expert Comment

by:blue_zee
ID: 13614656

Ken,

Thanks for the feedback.

I hope we can help you find a way out of trouble.

Zee
0
 
LVL 23

Expert Comment

by:gecko_au2003
ID: 13615126
0
 
LVL 23

Expert Comment

by:gecko_au2003
ID: 13615140
http://www.majorgeeks.com/download4289.html

http://www.google.com/search?hl=en&lr=&q=about%3Abuster

My search so you can fnd other URL's to download it from , if the first does not work :)
0
 
LVL 23

Expert Comment

by:gecko_au2003
ID: 13615151
Also if you try and use microsofts anti spyware :

http://www.microsoft.com/athome/security/spyware/software/default.mspx

Also if you install any relevant applications and then go into safe mode and do the scans and remove them in safe mode, that helps :)
0
 
LVL 12

Expert Comment

by:rossfingal
ID: 13615189
Hi!

about:buster does not work on all variants of about:blank.

Do as Zee suggests above and post a LINK to your HijackThis log.

There's also a variant of L2M that seems to appear in conjuction with
about:blank that is VERY difficult to remove!

Good luck!

RF
0
 
LVL 38

Expert Comment

by:BillDL
ID: 13615348
karbowiak

I would always suggest Safe Mode, but there are also configuration settings in Adaware which MIGHT help it to remove processes if run in normal Windows mode.

Open the Configuration dialog, and select the "Tweak" section.  Look for all tick-boxes that instruct Adaware to "unload" modules/processes before deletion, and also the option to allow Windows to delete files at the next reboot.

Go up to the "Scanning Engine" section (still under "Tweak"), and look for the options to "Unload recognised processes and modules during scan" and "Scan registry for all users instead of current user only".

Back in the configuration dialog, choose the "Scanning" section, and there tell it to scan inside archives, not to exclude any files, and tick all the boxes under the "memory and registry" part.

Open the "Defaults" section, and make sure that your HomePage and SearchPage are set to what you want them to be.

Restart Adaware.

Always be sure to shut down to power off after Adaware (or any other utilities) find and remove rogue processes.  This gets rid of everything in memory before restarting.  On occasions, files can be stored in memory and may reappear in the system.
0
 
LVL 38

Expert Comment

by:BillDL
ID: 13615368
Note:  Microsoft's Anti-Spyware incarnation does not run in Windows 98 or 98se.
0
 
LVL 23

Expert Comment

by:gecko_au2003
ID: 13615449
what about ad aware or spy sweeper ? Do they run in win 98 ?

www.webroot.com for spy sweeper and

http://www.lavasoftusa.com/software/adaware/   for ad aware :)
0
 
LVL 92

Expert Comment

by:nobus
ID: 13619613
and run housecall too :

http://housecall.trendmicro.com/                                                                      online scan for trojans
0
 

Author Comment

by:karbowiak
ID: 13622646
Zee & LaQ -

I followed your help tips and everything appears to be functioning normally now, in terms of "about:blank."  THANKS!!!  You have been godsends.  The system was more "stable" than the previous day, so I was able to accomplish more.  For your records, and for anyone else who may find this helpful, this is what I did to KILL about:blank:

-Booted up in Safe Mode
-Ran Adware Away, which discovered a corrupted "load=" and "run=" (under the AutoRun tab, I think).  It instructed me to fix it in sysedit.exe.  While there, I deleted "load=" and "run=" in the window named C:\Windows|win.ini
-Ran Spybot and it said, "Congratulations!  No immediate threats were found".  But it also said, "Error during check!  Winpup32 (Ungultiger Datentyp fur)".  I haven't brushed up on my German to know what this means!
-Ran Ad Aware SE, which found 28 New Critical Objects (5 registry keys, 14 registry values and 9 files).  I was able to delete them.
-I rebooted in Normal Mode and downloaded Hijack This.
-I scanned and logged what it found, and noticed 3 entries that had "about:blank" in the name.  Since I knew that "about:blank" was the cause of my troubles, I deleted these entries to see if that worked rather than posting the log in this forum for follow up.
-I downloaded an ran CWS Shredder, which was okay.  Subsequently, I ran Spybot (okay), Adware Away (okay) and Ad Aware SE (found 4 new critical objects, which I deleted).
-I rebooted once again in Normal Mode and ran the spyware removers above.  All were again fine except Ad Aware SE, which found 1 new critical item (which I deleted).
-I rebooted a 3rd time in Normal Mode.  Ad Aware SE found 3 more critical, which I deleted.  I saw that these were "low risk" cookie items (tribal fusion, atdmt and doubleclick).
-I reran Ad Aware SE and modified my scan using the "Tweak" option and "scanning inside archives".  No critical objects found.
I rebooted a 4th time in Normal Mode and all spyware remover applications listed above were okay, even Ad Aware SE.

FOLLOW UP QUESTIONS:

1. CWS Shredder results were fine.  But when I ran it to "Scan Only", the report listed a message stating, "Hosts file not present.  Found win.ini file: C:\Windows\win.ini".  Should I be concerned with this?
2. When I reboot now, I am directed to a DOS screen, requiring me to either enter a code to boot up in Normal or Safe Mode.  Is there a way to adjust my settings so that this is bypassed, allowing the computer to boot up in Normal Mode at all times unless I choose to hit F5?
3.  Some web pages now (not all) load up with VERY, VERY SMALL FONT that is almost unreadable.  How can I correct this?

Thanks, Ken




0
 
LVL 29

Expert Comment

by:blue_zee
ID: 13622889

Ken,

That was a nice and detailed feedback report.

Congrats on your patience and persistence. As always that seems to have paid back.

1)
WIN.INI is OK, shouldn't be concerned.

Regarding the HOSTS file, I would suggest you read this to understand what it and how it can be used to protect your system (my suggestion is try it):

Blocking Unwanted Parasites with a Hosts File
http://mvps.org/winhelp2002/hosts.htm

2)
If you are directed to the start menu by default, check this first:

Start > Run > type MSCONFIG and press enter.

This will launch the System Configuration Utility. Under the General tab, click the "Advanced" button. UNtick "Enable Startup menu". Click OK, Apply and OK to close the utility.

Restart. The Startup Menu should not appear now and Windows should load as usually.

If this is not your problem, do post back as there are other possibilities we can check.

3)
To configure text size in IE, try View > Text size and select Medium or other size that may please you.

See if that solves the problem.

I hope you find the above tips useful.

Cheers,

Zee
0
 
LVL 12

Expert Comment

by:rossfingal
ID: 13623146
Hi!

Concerning removing the "load=" and "run=" entries in win.ini
Those are normal entries - the only thing you should worry about is what
is after the = sign.

As for your "Hosts" file: this may help -
Download Hoster from here:
http://members.aol.com/toadbee/hoster.zip
Unzip, install the program and run it.
Press *Restore Original Hosts* and press OK*
Exit Hoster, and you should now be able to access the sites you need.

Good luck!

RF
0
 
LVL 38

Expert Comment

by:BillDL
ID: 13624064
karbowiak

I was reading back through your original question again, and I see that you mentioned the following parasites are being found on your system:

CWS (CoolWebSearch)
SideSearch (Lycos SideSearch)
PowerScan
BookedSpace
180Solutions
eGroup
BargainBuddy
A Better Internet

I have thoroughly researched all of these, including the known variants and affiliated programs installed by (or installed from) each of them.  I have just filled notepad to full capacity with a list of folders/files and registry settings that these create.

Your self-appraisal stated "I am not an expert with computers, but I am technical enough to understand technical solution ideas and work on my computer with them".

What you are up against here are very persistent processes that are launched from several different places, and need to be "killed" before any of the programs suggested will remove them successfully.  Some utilities are better than others at removing specific ones, but there are variants of each and all it takes is one registry entry or file to slip the net and one or more of those parasites can reconfigure itself.

The main problem here, given the number of different parasites being reported, is that where one utility DOES manage to remove associated files and settings, you would normally power down and then restart to allow total removal.  If that utility hadn't totally targeted and eliminated  one of the OTHER parasites present, then that restart would probably restore the partially-removed parasite.

It's a "catch-22" situation:  "To reboot, or not to reboot?".  I mean, do you try and run several utilities all one after the other WITHOUT rebooting, and THEN power off and reboot?  It's hard to say for certain what would be the best approach, because each utility works differently, and each parasite works differently.

I believe that I have compiled sufficient information to enable me to create a .REG file and a batch file to get rid of most (if not all) of these parasites, and these could be run either by booting to DOS, or be run before your system actually boots into Windows.  That's the best time to delete files and remove settings, but it isn't guaranteed to work, and (although I always double-check things before allowing others to run them), there is always a small risk that a tiny error in one of the files could cause some minor knock-on problems.

Put it this way.  Your computer really seems to be riddled with parasites to such an extent that my personal instinct (if it was mine), would be to format the drive and reinstall if repeated attempts to remove parasites were unsuccessful.  I hate giving up, but I am a realist.  As this potential last option seems to be more of a reality, I do suggest that you begin backing up essential data to CD in case you have to reinstall from scratch.

If backing up your Favorites, just be careful not to include rogue ones dropped in there by any one of these parasites.  If backing up the installer files for downloaded programs, be aware that it could easily have been one or more downloaded freeware ones that installed all this scumware.  I suggest restricting backups to ONLY those documents and files that cannot be replicated eg. images, mp3's, videos, documents, etc.

IF you want me to carry on and complete a .REG file and Batch file, then you will find my email address in my profile (at the end of the "profile" field).  Just click on my username at the top of this question.  Send me an email, and I can email you a zip file containing the necessary files and instructions.

If you prefer not to do that, and I respect your privacy, then I might be able to paste the text here for you to create your own files.  In either case, I would keep the other experts updated with details of what I was suggesting, because it defeats the spirit of Experts-Exchange to engage in exchanges away from the question.

In the meantime, carry on with running the utilities suggested in this thread from Safe Mode and see if you can meet with success.

Bill
0
 
LVL 38

Expert Comment

by:BillDL
ID: 13624075
Hey, I type too slow ;-)

Let me digest what has transpired while I was typing.
0
 
LVL 38

Expert Comment

by:BillDL
ID: 13624292
Phew.  Well done, karbowiak.  Rerunning the utilities like that has certainly worked well.

Just one point about the new boot menu that you are seeing.  I actually like to have this boot menu show every time windows starts, because it saves me the bother of having to try and show it by jabbing at the F8 key during early boot when I need to boot to Safe Mode or DOS.

The only problem is that the "enable startup menu" setting in MSCONFIG (as discussed by blue_zee) makes it show for 30 seconds if there is no user interaction.  If you want to keep the menu, but make it only show for say 6 seconds, here's how to change that.

Start menu > Folder Options > "View" tab
Make sure that the tick-boxes are set to show all files and not to hide extensions of known file types.

Find C:\MSDOS.SYS and right-click on it.  Select "Properties" and make sure that the "Read Only" box is not ticked.  If you have to untick it, click "Apply" and then "OK" to close the "properties" box.

Hold down the SHIFT key and RIGHT-Click MSDOS.SYS.  Select "Open With" and make sure that the box that says "always use this program to open files of this type" is NOT ticked.  Scroll down to "Notepad" and double-click on it.

The top part before the lines of "x's" should look like this:

[Paths]
WinDir=C:\WINDOWS
WinBootDir=C:\WINDOWS
HostWinBootDrv=C
UninstallDir=C:\

[Options]
BootMulti=1
BootGUI=1
DoubleBuffer=1
AutoScan=1
WinVer=4.10.2222  <--- This will be 4.10.1998 if it is Win98 First Edition.

After the last row of x's, you MAY see some extra lines.  I suggest that you either ADD new lines or alter existing ones to read:

BootMenu=1
BootMenuDelay=6
Bootkeys=1
Logo=0

Set this way, the boot menu will always show, but will default to option 1 (normal windows boot) if these is no user intervention within 6 seconds.  If "Logo=0" then it won't show the Win98 logo and you can often see boot errors that are sometimes hidden behind it.

If you see a line  BootWarn=?  then I suggest that you change it to BootWarn=1 or just delete the line.  This affects whether you are warned that you are entering Safe Mode and shown a prompt.

If there is a line  BootSafe=?  then I suggest you delete it .  This affects whether the system automatically boots into safe Mode.

Save the changes, then Right-Click > Properties > tick the "Read-Only" box > "Apply" > "OK".

The decision is up to you, but that's my personal preference.
0

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Windows 10 Creator Update has just been released and I have it working very well on my laptop. Read below for issues, fixes and ideas.
In this modest contribution, I want to share with the IT community (especially system administrators, IT Support Engineers and IT Help Desks) about Windows crashes/hangs and how to deal with these particular problems.
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question