If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
about:blank virus/spyware
Hello friends,
my system is running xp-sp2 and got infected with about:blank virus/spyware. I ran Nortan tool and it removed some virus, also I ran MS-AntiSpyware beta relese. This MS tool reports the presence of about:blank virus/spyware and shows status as removed. But virus is coming back again in the form of overriding the IE default URL settings. So whenevr I open IE or Yahoo Messenger, the popups come which points to some page with all tools info and other popups showing wrong info about system like system is infected with the below virus etc.. Am running Norton everyday and it gives a clean report. Now am using Netscpae as broser and about:blank virus/spyware is not giving anyproblem to Netscape. But yahoo messenger is still triggering about:blank virus/spyware. I tried re-installing yahoo messenger but of no use. Can I leave this about:blank virus/spyware without using yahoo messenger OR will it pose more severe problem in future.. Also Please advise method for the removal of this dirty virus. thanks in advance. |
Ads |
#2
|
|||
|
|||
about:blank virus/spyware
IndianFriend wrote:
my system is running xp-sp2 and got infected with about:blank virus/spyware. I ran Nortan tool and it removed some virus, also I ran MS-AntiSpyware beta relese. Get CWShredder from http://www.aumha.org/freeware/freeware.php - third item - and run it. It will clean most versions of this pernicious malware -- Alex Nichol MS MVP (Windows Technologies) Bournemouth, U.K. (remove the D8 bit) |
#3
|
|||
|
|||
about:blank virus/spyware
OK, this about:blank thing is driving me nuts......i ran CWS and it said I
had no infection.....but I clearly do, because whenever i start IE, i get about:blank. I also get it when i sign into Yahoo Messenger and AOL IM.......the CWS Shredder didn't help. Help me Obie Wan....you're my only hope! "Alex Nichol" wrote: IndianFriend wrote: my system is running xp-sp2 and got infected with about:blank virus/spyware. I ran Nortan tool and it removed some virus, also I ran MS-AntiSpyware beta relese. Get CWShredder from http://www.aumha.org/freeware/freeware.php - third item - and run it. It will clean most versions of this pernicious malware -- Alex Nichol MS MVP (Windows Technologies) Bournemouth, U.K. (remove the D8 bit) |
#4
|
|||
|
|||
about:blank virus/spyware
Alex Nichol wrote:
Get CWShredder from http://www.aumha.org/freeware/freeware.php - third item - and run it. It will clean most versions of this pernicious malware Hi, regarding docmemory on that page the only thing that you can download now from them is version 2.2 BETA as far as I know. Different install process, and you may get mouse terds as now it loads a mouse driver by default. |
#5
|
|||
|
|||
about:blank virus/spyware
Hi Cricchise - We've been seeing this a lot lately, and these are very
difficult CWS parasite variants to remove. Read ALL of this carefully to begin with, then: A good general "malware" removal site FAQ's with pretty good step-by-step instructions is available for review he http://www.spywarenation.com/modules.php?name=FAQ #########IMPORTANT######### Before you try to remove spyware using any of the programs below, download both a copy of LSPFIX he http://www.cexx.org/lspfix.htm AND a copy of Winsockfix for W95, W98, and ME http://www.tacktech.com/pub/winsockfix/WinsockFix.zip Directions he http://www.tacktech.com/display.cfm?ttid=257 or here for Win2k/XP http://files.webattack.com/localdl834/WinsockxpFix.exe Info he http://www.spychecker.com/program/winsockxpfix.html Directions he http://www.iup.edu/house/resnet/winfix.shtm The process of removing certain malware may kill your internet connection. If this should occur, these programs, LSPFIX and WINSOCKFIX, will enable you to regain your connection. NOTE: It is reported that in XP SP2, the Run command netsh winsock reset will fix this problem without the need for these programs. (You can also try this if you're on XP SP1. There has also been one, as yet unconfirmed, report that this also works there.) Also, one MS technician suggested the following sequence: netsh int reset all ipconfig /flushdns See also: http://windowsxp.mvps.org/winsock.htm for additional XPSP2 info/approaches using the netsh command. #########IMPORTANT######### #########IMPORTANT######### Show hidden files and run all of the following removal tools from Safe mode or a "Clean Boot" when possible. Reboot and test if the malware is fixed after using each tool. HOW TO Enable Hidden Files http://service1.symantec.com/SUPPORT...02092715262339 Clean Boot - General Win2k(if w/msconfig)/XP procedure, but see below for links for other OS's: 1. Start|Run enter msconfig. 2. On the General tab, click Selective Startup, and then clear the Process System.ini File, Process WIn.ini File, and Load Startup Items check boxes. Leave the boot.ini boxes however they are currently set. 3. In the Services tab, check the "Hide All Microsoft Services" checkbox, and then click the "Disable All" button. 4. Click OK and then reboot. For additional information about how to clean boot your operating system, click the following article numbers to view the articles in the Microsoft Knowledge Base: 310353 How to Perform a Clean Boot in Windows XP http://support.microsoft.com/kb/310353 281770 How to Perform Clean-Boot Troubleshooting for Windows 2000 http://support.microsoft.com/kb/281770/EN-US/ 267288 How to Perform a Clean Boot in Windows Millennium Edition http://support.microsoft.com/kb/267288/EN-US/ 192926 How to Perform Clean-Boot Troubleshooting for Windows 98 http://support.microsoft.com/kb/192926/EN-US/ 243039 How to Perform a Clean Boot in Windows 95 http://support.microsoft.com/kb/243039/EN-US/ #########IMPORTANT######### Sometimes the tools below will find files which they are unable to delete because they are in use. A program called Copylock, here, http://noeld.com/programs.asp?cat=misc#CopyLock can aid in the process of "replacing, moving, renaming or deleting one or many files which are currently in use (e.g. system files like comctl32.dll, or virus/trojan files.)" Another is Killbox, he http://www.downloads.subratam.org/KillBox.zip A third which is a bit different but often useful is Delete Invalid File, he http://www.purgeie.com/delinv.htm which handles invalid/UNC file/folder name deleting, rather than the in use problem Download and run Stinger.exe, he http://download.nai.com/products/mca...rt/stinger.exe or from the link on this page: http://vil.nai.com/vil/stinger/ ME/XP users be sure to read: http://vil.nai.com/vil/SystemHelpDoc...SysRestore.htm Download sysclean.com , from Trend Micro, he http://www.trendmicro.com/download/dcs.asp along with the latest pattern file, he http://www.trendmicro.com/download/pattern.asp Be sure to read the "How-to" info he http://www.trendmicro.com/ftp/products/tsc/readme.txt (You might also want to get Art's updater, SYS-UP.Zip, here for future updating of these: http://home.epix.net/~artnpeg/). (If you download and use the updater from the beginning, it will automatically handle downloading the other files.) Place them in a dedicated folder after appropriate unzipping. Show hidden and system files (HowTo he http://service1.symantec.com/SUPPORT...02092715262339) Disable Restore if you're on XP or ME (directions he http://vil.nai.com/vil/SystemHelpDoc...SysRestore.htm), then boot to Safe mode (HowTo he http://service1.symantec.com/SUPPORT...01052409420406) Read tscreadme.txt carefully, then do a complete scan of your system in Safe mode and clean or delete anything it finds. Reboot to normal mode and re-run the scan again. This scan may take a long time, as Sysclean is VERY extensive and thorough. For example, one user reported that Sysclean found 69 hits that an immediately prior Norton AV v. 11.0.2.4 run had missed. Download and run the trial version of A2 Personal, he http://www.emsisoft.com/en/ Run from a Clean Boot or Safe Mode with Show Hidden Files enabled as above PRIMARY REMOVAL PROCEDURES Then, READ CAREFULLY and then apply the four steps exactly using the scripts and programs described he http://www.silentrunners.org/sr_cwsremoval.html IMPORTANT - Before you start, be sure to clear all TIF and Temp files/folders and log on as an Administrator. You might also want to look at the procedure he http://www.securiteam.com/securityre...RP0L0UD5U.html /PRIMARY REMOVAL PROCEDURES If that doesn't fix it, then try about:Blank Specific and then Basic Cleaning, below FIRST and then ONLY IF NECESSARY Approach 1 and/or Approach 2 and/or Approach 3 and/or Approach 4 and/or Approach 5. Test after applying each fix. ******** Please post back with your results in detail if possible - what you tried, what happened, how you ended up - so that we'll know better what to advise others. ******** Approach 1 - If your hijacker is Home Search Assistant or one of these: - Only The Best - Home Search Extender - Shopping Wizard - res://****.dll/index.html#***** (or simply res .dll) first see he http://www.short-media.com/forum/sho...774#post172774, and he http://www.pchell.com/support/onlythebest.shtml. Then you can try AT YOUR OWN RISK, HSRemove, free, he http://www.hsremove.com/. "A few days ago I got hijacked - Nothing new in that, except this time it was a real [censored] to get rid of. - There were simply no tools available to remove this "Home Search" thing. Finally I ended up creating my own tool for it. USE IT AT YOUR OWN RISK. And if you find it helpful, then please do not hesitate to make a contribution." Or, you can try AboutBuster, here, which is also designed to remove Home Search Assistant: http://www.malwarebytes.biz/ Approach 2 - You can try this AT YOUR OWN RISK. I normally wouldn't advise using a malware provider's uninstall, but this particular approach has been reported to work ONLY IF you have the about:blank CWS variant (there appear to be at least three or four currently) which leads you to a Search page. Paste the following IP into your browser: 195.190.118.131 On the screen you arrive at, you see a "Search For" window, and below it a red "Uninstall Software". Download their uninstaller, uninstall.exe. At this point I would either use TotalUninstall or make a complete backup/Restore Point of my system for safety's sake (on the basis of "at least keep what you've got"). Total Uninstall, http://www.geocities.com/ggmartau/tu.html or direct dwnld he http://files.webattack.com/localdl834/tun234.zip Run this uninstall program that you downloaded from the malware site, then UPDATE them and go to Safe mode to run UPDATED versions CWShredder, AdAware and SpyBot per the directions in Basic, below. Approach 3 - Courtesy of "Win" (Win J. Moore) in 24hoursupport.helpdesk "I had a variant of this CWS.SearchX sucker for about 3 weeks, and I FINALLY seem to be rid of it for good! It is aka Troj_StartPage.sp and BackDoor.Agent.BA. This is what I did: 1. Run Regedit, and DELETE the following key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs The value of this key may look blank for you, but it is not. They hide the value so you can't see it. This registry key tells Windows to load the Trojan DLL every time ANY application is run giving it complete control to do whatever it wants. So you need to remove it so that the Trojan DLL cannot load and keep re-infecting your PC. The way to remove the registry key is not obvious. If you just delete it from RegEdit, since the Trojan DLL is loaded, it will re-add it right back. (Try it. Delete the AppInit_DLLs registry key and hit F5. Notice that it's added right back by the Trojan). So what you have to do is the following which worked for me (many thanks to "acomputerpro" at the SpywareInfo.com forums!) 2. Rename the HLM\Software\Microsoft\Windows NT\CurrentVersion\Windows folder to Windows2. 3. Now delete the AppInit_DLLs key under the Windows2 folder. 4. Hit F5 and notice that AppInit_DLLs doesn't come back. 5. Rename the Windows2 folder back to Windows. Now that AppInit_DLLs is gone, run the latest AdAware 6 to remove the Trojan for good. 6. Reboot your machine, and check the registry and make sure AppInit_DLLs is still gone. Your computer should be free of this for good now. Hope it works for you... It seemed to do the trick for me!" Approach 4 - If you've already tried CWShredder to get rid of this parasite (See below, v.159.0.1 or better and fully updated before use), then take a look at this thread about manual removal of this parasite: http://www.akadia.com/services/about_blank_virus.html and this one: http://www.daniweb.com/techtalkforums/thread5531.html and this one: http://computercops.biz/article-5199-nested-0-0.html Some nice clean removal directions he http://www.securiteam.com/securityre...RP0L0UD5U.html Approach 5 - I don't usually recommend anything but freeware that I've confidence in, but AT YOUR OWN RISK, not free ($29.95), Adware Away, he http://www.adwareaway.com/ claims to fix it automatically, and several users now have reported success using it. I would backup my system before using it, however - always try to "keep what you've got". ___________________________________ about:Blank Specific Fixes about:Blank Specific fixes. Do the Basic Cleaning steps also after finding one of these that works AND if none do: Then try in order: 1) See the procedures he http://www.pchell.com/support/onlythebest.shtml and especially he http://www.pestpatrol.com/pestinfo/c/cws_aboutblank.asp and he http://www.securiteam.com/securityre...RP0L0UD5U.html Pest Patrol (free) claims to remove at least some of the about:blank variants 2) Download AboutBuster, he http://www.malwarebytes.biz/AboutBuster.zip or he http://www.majorgeeks.com/download4289.html Then, "First unzip all files from the zip folder to a folder or your desktop. Start it and hit ok. Then hit update. A new screen should popup. On that screen hit Check for Updates. If it says it found an update hit Download Updates. If it doesnt it will automatically tell you and exit. Now for the scanning part. Hit start and then Ok. The program should start scanning. Then hit exit and reboot. Once rebooted run about:Buster once more to make sure everything is ok. The database will be updated very frequently so check your versions once a day." 3) Download dllfix.exe and CWShredder from he http://www.renonce.com/pub/utils/dllfix.exe and http://209.133.47.200/~merijn/files/CWShredder.exe or http://www.zerosrealm.com/downloads/CWShredder.zip or http://downloads.subratam.org/CWShredder.exe Unzip or install dllfix.exe to its own folder, run it and do options 1 and 2. Now proceed with the Basic Cleaning steps, below. 4) It has been reported that the evaluation version of Panda Software's Titanium Antivirus 2004, he http://www.pandasoftware.com/registe...ry=Us&sec=down will completely remove about:blank. I have not been able to independently verify this yet, however, so this is AT YOUR OWN RISK. You'll have to give them some information, and I expect you may want to uncheck some of the "opt-in" boxes at the bottom just above and below the send button. 5. Courtesy of MVP Ron Kinner "There is a German program called Spoonweg.exe which might help. http://lunatic-skydance.de/mr/soft/SpoonWeg.exe It will start to download. Save it somewhere you can find it again then Open it and say YES then Click on Trojaner- Suchen. If it finds the version of about:blank that it is meant to kill it will go and do it then reboot the PC. Otherwise it will say Trojaner Spooner wird nicht gefunden. Another German program is SpHjFix.exe. http://www.trojaner-info.de/cgi-bin/download.cgi? file=sphjfix This one speaks English so just Press on Start Disinfection If it doesn't find its target it will say Not Infected across the top of the little window. Otherwise follow the instructions. Both of these probably run better in Safe Mode (F8 - without Networking)" /about:Blank Specific Fixes _____________________________ Basic Cleaning Basic Cleaning - Note that this symptom often indicates the possibility of other malware. You might want go to this page at Jim Eshelman's site, he http://aumha.org/a/noads.htm or he http://inetexplorer.mvps.org/parasite.htm and wait a little bit (be patient), while an analysis of a number of possible parasites on your machine will be made to help you identify and remove them. NOTE: You will need to disable Ad Blocking in Zone Alarm 3.x, if present or any other Ad Blocking software which interferes with Java Scripting for this scan to work. You should get a message between the two lines of **** giving the results of the scan. For the general hijack case, the best way to start is to get Ad-Aware SE Personal Edition, he http://www.lavasoftusa.com/support/download/. UPDATE, set it up in accordance with this: http://forum.aumha.org/viewtopic.php?t=5877 or the directions immediately below and run this regularly to get rid of most "spyware/hijackware" on your machine. If it has to fix things, be sure to re-boot and rerun AdAware again and repeat this cycle until you get a clean scan. The reason is that it may have to remove things which are currently "in use" before it can then clean up others. Configure Ad-aware for a customized scan, and let it remove any bad files found..... Begin Setup Directions Then, courtesy of NonSuch at Lockergnome, open Ad-aware then click the gear wheel at the top and check these options to configure Ad-aware for a customized scan: General activate these: "Automatically save log-file" and "Automatically quarantine objects prior to removal" Scanning activate these: "Scan within archives", "Scan active processes", "Scan registry", "Deep scan registry," "Scan my IE Favorites for banned sites," and "Scan my Hosts file" Tweaks Scanning Engine activate this: "Unload recognized processes during scanning." Tweaks Cleaning Engine: activate these: "Automatically try to unregister objects prior to deletion" and "Let Windows remove files in use after reboot." Click "Proceed" to save your settings, then click "Start." Make sure "Activate in-depth scan" is ticked green, then scan your system. When the scan is finished, the screen will tell you if anything has been found, click "Next." The bad files will be listed. Right click the pane and click "Select all objects" - This will put a check mark in the box at the side, click "Next" again and click "OK" at the prompt "# objects will be removed. Continue?" End Setup Directions Courtesy of http://www.nondisputandum.com/html/anti_spyware.html: HINT: If Ad Aware is automatically shut-down by a malicious software, first run AWCloak.exe, http://www.lavasoftnews.com/downloads/AAWCloak.exe, before opening Ad Aware. When AAWCloak is open, click “Activate Cloak”. Than open Ad Aware and scan your system. Another excellent program for this purpose is SpyBot Search and Destroy available he http://security.kolla.de/ SpyBot Support Forum he http://www.net-integration.net/cgi-b.../ikonboard.cgi. Tutorial he http://www.safer-networking.org/en/index.html I recommend using both normally. Be sure and use the Default (NOT Advanced or Beta) Mode in Settings. After UPDATING and fixing ONLY RED things with SpyBot S&D, be sure to re-boot and rerun SpyBot again and repeat this cycle until you get a clean "no red" scan. The reason is that SpyBot sometimes has to remove things which are currently "in use" before it can then clean up others. Note that sometimes you need to make a judgement call about what these programs report as spyware. See here, for example: http://www.imilly.com/alexa.htmNote that sometimes you need to make a judgment call about what these programs report as spyware. See here, for example: http://www.imilly.com/alexa.htm A currently common parasite is some malware called CoolWebSearch. Do the following: Download, UPDATE before running, and run: http://cwshredder.net/bin/CWSInstall.exe from this page: http://www.intermute.com/spysubtract..._download.html (The new v.2+ which will automatically install in C:\Program Files\InterMute\SpySubtract\CWShredder.exe and put a shortcut on the Desktop. Run the program from this install location or the shortcut after installation. This recommendation for CWShredder is NOT automatically a recommendation for the other programs adverstised by Intermute in conjunction with this install.) or from he http://www.aumha.org/downloads/cwshredder.exe (v.2+ standalone) or he http://www.softpedia.com/public/scri...ero/10-17-150/ (v.2+) to remove the parasite. Try to run from Safe mode or a Clean Boot and be sure to close ALL other programs to the extent possible, expecially ALL instances of IE and OE. There's a good tutorial about CWS and using CWShredder he http://www.bleepingcomputer.com/foru...rial=47#domain See also: http://cwshredder.net/cwshredder/cwschronicles.html BE SURE that you get v.1.59.0.1 or later or the new v.2! Note that CWShredder may make deletions/changes to your HOSTS file (sometimes as false positives), and that after cleanup you may need to restore it with a fresh copy of any local DNS and/or blocking entries or disable it before running CWShredder. You will need to show Hidden files first and then at the end clear the malware garbage from your System Restore backups after you've cleaned up. It's best to perform CWShredder (and most other malware fixers too) from Safe mode and then reboot. AFTER cleaning things up, then you can disable and then re-enable System Restore. See ******** below. The following links give instructions on how to do these various functions: HOW TO Restart in Safe Mode http://service1.symantec.com/SUPPORT...01052409420406 HOW TO Enable Hidden Files http://service1.symantec.com/SUPPORT...02092715262339 HOW TO Disable/Flush System Restore (do this at the end AFTER cleaning or use the suggested procedure for XP at the ******'s) http://service1.symantec.com/SUPPORT...01111912274039 (WinXP) http://service1.symantec.com/SUPPORT...01012513122239 (WinME) Then download and run: http://www.kellys-korner-xp.com/regs.../iegentabs.reg to restore your tabs and remove any restrictions that the parasite has put in place. Now download and run: http://www.kellys-korner-xp.com/regs...oreSearch2.REG to restore your search functions if they've been affected (as they probably will have been). Be sure that you also download and install hotfix Q816093, he http://support.microsoft.com/?kbid=816093 which blocks the exploit upon which this parasite family depends. There are extensive, detailed instructions for manual removal of CWS variants he http://www.pestpatrol.com/PestInfo/c/cws.asp You may want to check these to be sure everything's been cleaned up. When done, go to Start|Run and enter one line at a time (or even easier, open a DOS box and copy the following in its entirety and then paste it into the box): regsvr32 hlink.dll regsvr32 /i browseui.dll regsvr32 /i shdocvw.dll regsvr32 /i mshtml.dll regsvr32 mshtmled.dll regsvr32 actxprxy.dll regsvr32 /i urlmon.dll regsvr32 scrrun.dll regsvr32 comcat.dll regsvr32 Oleaut32.dll regsvr32 /i Shell32.dll regsvr32 Msoeacct.dll regsvr32 "C:\Program Files\Outlook Express\Msoe.dll" regsvr32 msjava.dll regsvr32 jscript.dll regsvr32 Olepro32.dll regsvr32 Hlink.dll regsvr32 Asctrls.ocx regsvr32 Inetcpl.cpl /i regsvr32 Dxtrans.dll regsvr32 Dxtmsft.dll regsvr32 Imgutil.dll regsvr32 Msxml.dll regsvr32 Msjava.dll regsvr32 Jscript.dll regsvr32 Softpub.dll regsvr32 Wintrust.dll regsvr32 Initpki.dll regsvr32 Dssenh.dll regsvr32 Rsaenh.dll regsvr32 Gpkcsp.dll regsvr32 Slbcsp.dll regsvr32 Cryptdlg.dll regsvr32 Msjet40.dll regsvr32 pdm32.dll regsvr32 Msjtor40.dll regsvr32 Dao360.dll regsvr32 Sccbase.dll with a Return after each .dll. You'll get a message about successful completion of the re-registration process after each one, then enter the next (with the DOS box they'll be continuous except for the last one). If you use Win98x and get an error on Shell32.dll, ignore it. Only the ME, Win2k and XP versions of windows have shell32 as an object that needs registering. (For these earlier operating systems, run "regsvr32 shdoc401.dll " instead of "regsvr32 Shell32.dll".) Depending on your system, you may also get "not found" error messages on some or all of the last five - if so, ignore them. Re-start your computer when you've finished. If they don't fix it then start he Download HijackThis, free, he http://209.133.47.200/~merijn/files/HijackThis.exe (Always download a new fresh copy of HijackThis [and CWShredder also] - It's UPDATED frequently.) You may also get it here if that link is blocked: http://www.majorgeeks.com/downloadge...8baee6434cfc13 There's a good "How-to-Use" tutorial he http://computercops.biz/HijackThis.html In Windows Explorer, click on Tools|Folder Options|View and check "Show hidden files and folders" and uncheck "Hide protected operating system files". (You may want to restore these when you're all finished with HijackThis.) Place HijackThis.exe or unzip HijackThis.zip into its own dedicated folder at the root level such as C:\HijackThis (NOT in a Temp folder or on your Desktop), reboot to Safe mode, start HT then press Scan. Click on SaveLog when it's finished which will create hijackthis.log. Now click the Config button, then Misc Tools and click on Generate StartupList.log which will create Startuplist.txt Then go to one of the following forums: Spyware and Hijackware Removal Support, he http://216.180.233.162/~swicom/forums/ or Net-Integration he http://www.net-integration.net/cgi-b...ST;f=27;t=6949 or Tom Coyote he http://forums.tomcoyote.org/index.php?act=idx Register if necessary, then sign in and READ THE DIRECTIONS at the beginning of the particular site's HiJackThis forum, then copy and paste both files into a message asking for assistance, Someone will answer with detailed instructions for the removal of your parasite(s). Be sure you include at the beginning of your post a description of "What specific problem(s)/symptoms you're trying to solve" and "What steps you've already taken." ******* ONLY IF you've successfully eliminated the malware, you can now make a new, clean Restore Point and delete any previously saved (possibly infected) ones. The following suggested approach is courtesy of Gary Woodruff: For XP you can run a Disk Cleanup cycle and then look in the More Options tab. The System Restore option removes all but the latest Restore Point. If there hasn't been one made since the system was cleaned you should manually create one before dumping the old possibly infected ones. ******* /Basic Cleaning Once you get this cleaned up, you might want to consider installing Eric Howes' IESpyAds, SpywareBlaster and SpywareGuard here to help prevent this kind of thing from happening in the futu IESpyads - https://netfiles.uiuc.edu/ehowes/www/resource.htm "IE-SPYAD adds a long list of sites and domains associated with known advertisers, marketers, and crapware pushers to the Restricted sites zone of Internet Explorer. Once you merge this list of sites and domains into the Registry, the web sites for these companies will not be able to use cookies, ActiveX controls, Java applets, or scripting to compromise your privacy or your PC while you surf the Net. Nor will they be able to use your browser to push unwanted pop-ups, cookies, or auto-installing programs on your PC." Read carefully. http://www.javacoolsoftware.com/spywareblaster.html (Prevents malware Active X installs) (BTW, SpyWareBlaster is not memory resident ... no CPU or memory load - but keep it UPDATED) The latest version as of this writing will prevent installation or prevent the malware from running if it is already installed, and it provides information and fixit-links for a variety of parasites. http://www.javacoolsoftware.com/spywareguard.html (Monitors for attempts to install malware) Keep it UPDATED. All three Very Highly Recommended SpywareBlaster is probably the best preventive tool currently available, expecially if supplemented by using the Immunize function in SpyBot S&D and a good HOSTS file (see next). IMPORTANT NOTE: A good additional source of preventive blocking for ActiveX components is the Blocking List available he http://www.spywareguide.com/blockfile.php While smaller than the SpywareBlaster list, it contains some different malware CLSIDs and appears to be updated with new threats more frequently. Recommended as a supplement to SpywareBlaster. Read all of the instructions in the Expert package download carefully. You might want to consider using: http://www.changedetection.com/monitor.html to monitor and notify you of changes/updates to this (or others, for that matter) list. Next, install and keep updated a good HOSTS file. It can help you avoid most adware/malware. See he http://www.mvps.org/winhelp2002/hosts.htm (Be sure it's named/renamed HOSTS - all caps, no extension) Additional tutorials he http://www.bleepingcomputer.com/foru...wt utorial=51 (detailed) and he http://www.spywarewarrior.com/viewtopic.php?t=410 (overview) Finally, be sure that you have a good hardware or software firewall and an AntiVirus installed, and bring your OS up-to-date with ALL Critical updates from Windows Update. -- Please respond in the same thread. Regards, Jim Byrd, MS-MVP In , cricchise typed: OK, this about:blank thing is driving me nuts......i ran CWS and it said I had no infection.....but I clearly do, because whenever i start IE, i get about:blank. I also get it when i sign into Yahoo Messenger and AOL IM.......the CWS Shredder didn't help. Help me Obie Wan....you're my only hope! "Alex Nichol" wrote: IndianFriend wrote: my system is running xp-sp2 and got infected with about:blank virus/spyware. I ran Nortan tool and it removed some virus, also I ran MS-AntiSpyware beta relese. Get CWShredder from http://www.aumha.org/freeware/freeware.php - third item - and run it. It will clean most versions of this pernicious malware -- Alex Nichol MS MVP (Windows Technologies) Bournemouth, U.K. (remove the D8 bit) |
#6
|
|||
|
|||
Try going to "tools" in IE and go to Manage Addons...disable the offending
avctiveX. Let me know if it works for you. "IndianFriend" wrote: Hello friends, my system is running xp-sp2 and got infected with about:blank virus/spyware. I ran Nortan tool and it removed some virus, also I ran MS-AntiSpyware beta relese. This MS tool reports the presence of about:blank virus/spyware and shows status as removed. But virus is coming back again in the form of overriding the IE default URL settings. So whenevr I open IE or Yahoo Messenger, the popups come which points to some page with all tools info and other popups showing wrong info about system like system is infected with the below virus etc.. Am running Norton everyday and it gives a clean report. Now am using Netscpae as broser and about:blank virus/spyware is not giving anyproblem to Netscape. But yahoo messenger is still triggering about:blank virus/spyware. I tried re-installing yahoo messenger but of no use. Can I leave this about:blank virus/spyware without using yahoo messenger OR will it pose more severe problem in future.. Also Please advise method for the removal of this dirty virus. thanks in advance. |
#7
|
|||
|
|||
Run this combo, now!
Run Ad-Aware SE, Spybot and HijackThis: http://www.majorgeeks.com/downloads31.html Note: Update the first two programs, once installed, before running. Once done, go to IE/Tools/Internet Options/General/Address and type in: http://www.google.com Apply, ok. File/Close. Re-open. -- In memory of our dear friend, MVP Alex Nichol: http://www.dts-l.org/ All the Best, Kelly (MS-MVP) Troubleshooting Windows XP http://www.kellys-korner-xp.com "Elias at Boatbay.Org." Elias at wrote in message ... Try going to "tools" in IE and go to Manage Addons...disable the offending avctiveX. Let me know if it works for you. "IndianFriend" wrote: Hello friends, my system is running xp-sp2 and got infected with about:blank virus/spyware. I ran Nortan tool and it removed some virus, also I ran MS-AntiSpyware beta relese. This MS tool reports the presence of about:blank virus/spyware and shows status as removed. But virus is coming back again in the form of overriding the IE default URL settings. So whenevr I open IE or Yahoo Messenger, the popups come which points to some page with all tools info and other popups showing wrong info about system like system is infected with the below virus etc.. Am running Norton everyday and it gives a clean report. Now am using Netscpae as broser and about:blank virus/spyware is not giving anyproblem to Netscape. But yahoo messenger is still triggering about:blank virus/spyware. I tried re-installing yahoo messenger but of no use. Can I leave this about:blank virus/spyware without using yahoo messenger OR will it pose more severe problem in future.. Also Please advise method for the removal of this dirty virus. thanks in advance. |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Why is ABOUT:BLANK listed in these files? | Edw. Peach | Windows XP Help and Support | 3 | October 4th 04 02:37 PM |
Is About:Blank an essential part of the XP system? | Edw. Peach | Windows XP Help and Support | 3 | October 2nd 04 12:53 AM |
about:blank | tammie | Windows XP Help and Support | 1 | August 20th 04 04:39 PM |
about:blank - HELP | Leah | Security and Administration with Windows XP | 4 | August 14th 04 01:51 AM |
"about:blank" issue. | iLO | General XP issues or comments | 5 | August 10th 04 04:07 PM |