Posted on 2006-04-27
Last Modified: 2013-12-04
Each time I click on IE, opens instead of my home page. The content says that I am under the control of a remote computer and the only way to fix this is to click a link that will sell me the removal tools,ie. Spyware and Malware removal software.

I have tried smitrem and smitfraudfix, but even though they say they are cleaning my machine, when I reboot and open IE, I still am at the safetydefender website.

Has anyone else encountered this and overcome it?
Question by:jerryvoss
    LVL 32

    Assisted Solution

    Please download HijackThis from and run it. Post the resulting log back to that same web page (not here) then click on "analyze" and then on the next page click on "Save Analysis" at the bottom.
    Finally, post the link to the saved analyzed page here.

    Author Comment

    Thank you, r-k

    I hope this is the right way to post the link.

    LVL 32

    Expert Comment

    That is the ight way, thanks.

    I would suggest running HJT again and asking it fix the following entries:

     R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
     R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
     O2 - BHO: Nothing - {edbf1bc8-39ab-48eb-a0a9-c75078eb7c8e} - C:\WINNT\system32\hpB1F9.tmp
    Then reboot and re-run HJT to see if these entries are really gone. If so, the problem should be mostly solved and you should be able to reset you home page.

    Author Comment

    After rebooting, I ran HJT again.  Two of the entries are gone, and the BHO has changed, but is still there.

    When I opened IE, it didn't open to ","  instead, there is an empty page with the address "about:blank" and when I try to reset my home page it returns to about:blank as soon as I leave the page.

    I resubmitted the logfile from the latest scan. It is:

    How do I get rid of about:blank?

    Thank you for your help.

    LVL 23

    Assisted Solution

    hi there

    the manual method of removing the About:Blank hijacker is probably the most difficult, since if it is not followed absolutely correctly it can return quickly. There are two programs that are needed to help with this removal. The first is HijackThis and the next is a registry program called Reglite.exe, this particular program for whatever reason seems to be able to find the hidden dll file without the hijacker trying to undo the work and attack the system again.

    Once you've downloaded HijackThis and Reglite, open Registrar Lite and navigate to the following entry:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows

    Look for the Key named AppInit_DLLs, the value in this key is the hidden dll file that is causing your problems. Write down the name of this file and think of it as the hidden.dll file

    Secondly, use the Windows Recovery Console in Windows XP to rename the file.

    Restart the computer in Recovery Console mode using the Windows XP or Windows 2000 CD or by the option show below

    Type cd \windows\system32 and press Enter

    Type the following line to remove the read-only characteristic, replacing hidden.dll with the name of the dll file found with RegLite
              ATTRIB -R hidden.dll

    Rename the hidden.dll file by typing the following command (replacing the word hidden.dll with the actual filename)
             RENAME hidden.dll badfile.dll

    Type Exit and press Enter to Reboot Windows

    LVL 47

    Accepted Solution

    Did you download this version of Smitfraudfix on this date? --> SmitfraudFix v2.36 (April 27, 2006)

    This file below (which is showing in your running processes, respawn the whole infection, and it has been included in the latest smitfraudfix update (April 27,2006)

    If yours is not the latest version please download smitfraudfix again and do the whole cleanup process.
    Please download SmitfraudFix:
    Extract the content (a folder named SmitfraudFix) to your Desktop.

    Next, please reboot your computer in Safe Mode by rebooting the computer,
    and repeatedly tapping the F8 key as the pc starts. Choose "Safe Mode" from
    the options listed.
    Once in Safe Mode, open the SmitfraudFix folder again and double-click
    Select option #2 - Clean by typing 2 and press "Enter" to delete infected
    You will be prompted : "Registry cleaning - Do you want to clean the
    registry ?" answer "Yes" by typing Y and press "Enter" in order to remove
    the Desktop background and clean registry keys associated with the
    The tool will now check if wininet.dll is infected. You may be prompted to
    replace the infected file (if found); answer "Yes" by typing Y and press
    The tool may need to restart your computer to finish the cleaning process;
    if it doesn't, please restart it into Normal Windows.

    2. If problem persists:
    Then, download roguescanfix.exe , and save it to your desktop.
    Double click roguescanfix.exe to install it.
    Open the roguescanfix folder, and doubleclick run.bat. Make Sure you have an active internet connection!
    Your desktop and icons will disappear and then reappear again, this is normal.
    Wait till the message "Completed script execution" appears, then click OK.
    Click "Exit" to close BFU.
    Click "OK" to start the SpywareQuake/Spyfalcon uninstaller, after that click "uninstall". Please wait until it is finished.
    WARNING: You will be asked to reboot your computer. Wait until the uninstallers did their job before clicking YES.

    *In case you still get the message BFU.exe is not present, download
    Unzip it and place BFU.exe in the Roguescanfix-folder. Then doubleclick Run.bat again.
    LVL 47

    Expert Comment

    Oh yeah, remove the entries that r-k suggested if they're still present after running the tool, :)

    Ooops, the rougescanfix canned speech is a little outdated but the fix itself is also updated with removing the the re-spawner "C:\WINNT\system32\dcomcfg.exe"

    Author Comment

    Thank you all for your help.  I won't be able to try them until later in the day.

    LVL 2

    Expert Comment


    Hi There, Check Out this link , Someone has the same problem    ;)

    Author Comment

    Thank you all for your help!

    After I ran the newer version of SmitFraudFix in Safe Mode, I got a message saying: "Cannot inport cleanup.reg:  Error accessing the registry" but when the text file came up at the end, it reported that the registry was cleaned.

    I restarted the computer in normal mode, and IE opened up to MSN, and then I reset it to my normal home page.  I've opened and closed the browser several times, and it seems to be back to normal.  Again, thank you all very much!

    LVL 47

    Expert Comment

    Glad to hear your problem's resolved.

    Thanks, :)

    Featured Post

    Highfive + Dolby Voice = No More Audio Complaints!

    Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

    Join & Write a Comment

    The term "Bad USB" is a buzz word that is usually used when talking about attacks on computer systems that involve USB devices. In this article, I will show what possibilities modern windows systems (win8.x and win10) offer to fight these attacks wi…
    This is a short article about OS X KeRanger, and what people can do to get rid of it.
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…
    In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

    755 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    20 Experts available now in Live!

    Get 1:1 Help Now