I've got some spyware type gizmo that keeps replacing my start page with a pseudo search engine results page entitled about.blank. This also throws up a pop-up ad trying to persuade me to buy some software to fix the problem it created. I run the latest version of Adaware, but it makes no difference. I also seen in another thread that MS have a product that will fix this anoyance. However, when I go to the MS site the about.blank page pops up and will not let me access MS site. I'm running on ME, so even if I did get on to MS the program would not run on my system. Anyone know how to get rig of this thing by accessing/deleting files on my computer ?
Oh boy! If you can't access the internet to download any tools you are in trouble unless you can get a buddy to download some tools for you and burn them to a CDrom and install them. Did you read the sticky on the top of this forum? Adaware is not the only tool to use.
Go to add/remove programs, and remove any programs that you don't recognize. Go to start - run - msconfig and uncheck and unrecognized programs that are running. Make sure that your spyware program is up to date with the latest defs. Run again. If you can get to downloads.com get spybot, update it and run it too.
This thing is getting worse, pops up all the time now. I found some solutions on the internet - on the Ad-Aware site forum for one. These require starting the computer in safe mode, but it won't allow me to do that either. If I find a better solution I'll post it, in the meantime, here is the one I found -----------------
Make sure that your adaware is it's updates before running in safe mode, because you can't update in safe mode. Safe mode is the best way to remove spyware. Also, make sure install spybot and update it as well. Run adaware, and then run spybot. You should be pretty clean after that.
Download the free version of A-Squared and get updates then run it http://www.emsisoft.com/en/software/free/
Yahoo toolbar with anti spyware works very well http://messages.yahoo.com/bbs?action=l&board=&tid=antispy&sid=394500001&mid=100000
Here is what I found on the Ad-Aware web site forums. Meant to post earlier, but it didn't work. I am unable to start in safe mode - more trouble. If I find out who created this they will be worm food ! =========================================================== First, download About:Buster from here. Unzip (extract) the zip file.... Make sure you are connected to the internet still..... At the first prompt, hit OK. Click 'Update'. A new screen should popup. On that screen hit 'Check for Updates'. If an update is found, then click 'Download Updates' and then once it has done, exit the program. If it doesn't find any update it will automatically tell you and exit. Either way, the program needs to be exited. Now, boot into safe mode. Instructions on how to do so are at : http://www.computerhope.com/issues/chsafe.htm Once in safe mode, Run HijackThis again, close all open windows, put a checkmark next to the following, and press "Fix Checked": R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\gfhrn.dll/sp.html#28129 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\gfhrn.dll/sp.html#28129 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\gfhrn.dll/sp.html#28129 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\gfhrn.dll/sp.html#28129 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\gfhrn.dll/sp.html#28129 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 R3 - Default URLSearchHook is missing O2 - BHO: (no name) - {C92DA44F-9FD6-9036-5C2C-BBF7930B7BA8} - C:\WINDOWS\system32\atlsj.dll O4 - HKCU\..\Run: [Ndxbii] C:\WINDOWS\System32\d?dplay.exe O15 - Trusted Zone: *.frame.crazywinnings.com O15 - Trusted Zone: *.static.topconverting.com O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM) O15 - Trusted IP range: (HKLM) O23 - Service: ISEXEng - Unknown - C:\WINDOWS\System32\angelex.exe (file missing) O23 - Service: Remote Procedure Call (RPC) Helper - Unknown - C:\WINDOWS\sdksd.exe Still in safe mode; Delete these files: C:\WINDOWS\sdksd.exe C:\WINDOWS\system32\gfhrn.dll Now, still in safe mode, launch AboutBuster(.exe) you had earlier downloaded. At the first prompt, hit OK. Now, to scan....Hit 'start' and then 'Ok'. The program should start scanning. (Note: if you receive any prompts about 'terminating explorer.exe', please let it do so - answer YES). Leave it scanning and then restart the computer. You'll be back into normal 'Windows' mode. Re-run HijackThis and post a new logfile from it.
This is a bad one, Ive worked on it a few times lately. This is not a simple remove. You need to download and run a program called hijackthis. Remove the offending things (if you do not understand the scan report, post it somewhere that people can tell you what to remove) then there is more to it. You need to clean out certain system folders, like system32, I dont remember all the details. Start with hijackthis.
If you are running Windows ME you must disable System Restore completely because the malware will be in the Restore Points. HijackThis is an excellent tool to discover and disable hijackers. A combination of HijackThis and about:Buster works well in removing the about:Blank homepage hijacker.
It seems like everytime I access one of these spymare tool sites the proram on my computer hijacks the browser and takes me to 'spyware doctor' page, or a phoney search engine results page that takes me to 'Stopzilla' Looks like whoever wrote this program is affiliated with Stopzilla and/or 'spyware doctor' Looks like a job for our friends at the FBI
See if you can install another browser http://www.mozilla.org/products/firefox/ and CCleaner is one of the best utilities for Windows ME http://www.ccleaner.com
Did you ever get it fixed? My brother got the same thing on his computer and has yet to figure it out.
No solution here yet. This thing has built in protection and won't let me access sites that may have a solution. It also won't allow me to start my computer in safe mode. I reported it to the FBI Internet Fraud department. I recommend that everyone report it, then they will track down who is responsible. If you click on the link that pops up telling you that you have an infection it takes you to Stopzilla.com, so I figure that these people must be the people behind it. All I can do is wait for AVG, Ad-Aware, or Spybot to come up with a solution. If it gets worse before they find a fix I will just have to rebuild the computer HD from scratch. If anyone knows more please let me know.
There is hope! I had the same "About Blank" infestation in my computer. A friend of mine who works in IT at a credit union was able to install a couple of programs that finally ferreted out the offending software. The browser hijacker apparently has some intelligence to it and was adapting to some of my tactics to get around it. It was getting quite agressive. SpyBot is one of the routines my friend installed, along with AVG (an anti-virus program), and Spyware Blaster. I already had a Microsoft anti spyware program (in Beta Test) and Spyware Vanisher. Between all of these we finally managed to rid my machine of its problems. I'd like to be able to spend 10 minutes alone in a room with the writer of the "About Blank" routines. He should be handcuffed, and I should have a baseball bat!
I talked my brother through some stuff over the phone. I had him run NAV, AdAware, SpyBot S&D, CWShredder and HijackThis! (new defs on everything). I ran the programs in safe mode after being unsuccessful in normal mode. NAV found nothing, AdAware found stuff related to CWS (which we then had it delete), CWShredder didn't fix it, and Spybot was also unsuccessful. Interestingly, the first time starting IE after trying to remove it, IE would start normally. The second time it'd be back to the about:blank. We haven't figured it out yet. It's likely he'll end up erasing everything and starting over. HijackThis!'s log is attached.
