General discussion

Locked

Remove about:blank

By prei ·
I have been infected by a home page hijacker. I have read and tried every suggestion I could find, including those from Norton and Pest Patrol; but I still have the problem. Has anyone used a successful method of getting rid of this pest? I am running Windows XP, Sp1.

This conversation is currently closed to new comments.

9 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by FuzzyPup In reply to Remove about:blank

http://www.securiteam.com/securityreviews/5RP0L0UD5U.html

Collapse -

by dmiles In reply to Remove about:blank

When all else fails backup important data and wipe the drive clean then do a fresh install

Collapse -

by w2ktechman In reply to Remove about:blank

try Ad-Aware from Lavasoft
Spybot Search and Destroy
Spyware Blaster
try deleting cookies, temp Internet files, and cached data
Try uninstalling unfamiliar programs in add/remove programs.
Look through c:\program files for other programs that look suspiciuos, and see if you can uninstall them. If they do not have an uninstall, write down the .exe files and the main folder name. Find the company name (right click on an .exe file and look at properties). Write these down and do a web search for the program name, you might find removal instructions, if not, delete the directory. Then scan for each of the .exe names, company name, and program name in the registry (see below though)
if these do not work, you may need to scan through the registry to find the culprit, this can be tedious and take a lot of time. If you are not familiar with the registry DO NOT MAKE CHANGES TO IT. You would most likely be looking for Browser Helper Objects. But also search for Friendly URLS, write down the names and search for these as well, it may lead to the program which keeps reinstalling the hijacker.

If none of these work, you can try a system restore at a time before the problem started (I havent tried this yet), or a rebuild the system(backup data).

Collapse -

by johndoe2 In reply to Remove about:blank

My answer may not be what you are looking for but it should work. I recently help a friend with a browser hijack problem that we could not fix so we downloaded Firefox 1.o pr. After a little training he was good to go.

Collapse -

by pbtj In reply to Remove about:blank

Another thing along with those that have already been listed is to check in your favorites files for the offending file and remove it there as well, but it is probably in the registry, and if you are not totally comfortable taking the risk of SERIOUSLY MESSING UP YOUR SYSTEM, do not delete any files from the registry, but have a professional look at it.

Collapse -

by Walkerxp92 In reply to Remove about:blank

I have used almost every spyware removal tool out there because of a recent problem with a clients pc. I had some real pesky spyware and couldn't get it off but I found this Giant AntiSpyware it is only a 15 day trial but it works great finds tons of stuff that spybot ect doesn't.

http://www.giantcompany.com/files/GiantAntiSpyware.exe

Collapse -

by wlbowers In reply to Remove about:blank

Turn off system restore if it is used in your os.

Download, update, and run the following.

Your Antivirus Software.

If you don?t have a current antivirus You can get a free copy of Computer Associates etrust EZArmor.
http://www.my-etrust.com/microsoft/

Spybot: Cootie Remover
http://tinyurl.com/ziar

Ad-Aware: Cootie Remover
http://tinyurl.com/tek5

Stinger: Virus Specific Remover
http://vil.nai.com/vil/stinger/
This item will not update through the program. You have to download the new version.

CWshredder: Trojan and Toolbar Cootie Remover
http://tinyurl.com/2bzef
Or
http://tinyurl.com/2k642
Look for the file in English CWShredder.exe

ProcInfo:
http://www.snapfiles.com/get/procinfo.html

ProcInfo provides you with a quick overview of all currently running processes and displays detailed information for a lot of them.

There are programs that will provide you with information about what is running on startup or what is loaded currently.

StartUpList:
http://www.mac-net.com/576482.page

StartUpList is information only. Startup, Registery, and others. You can?t fix anything from within the program.

Hijack This:
http://mjc1.com/mirror/hjt/

Hijack This
This program is useful in that it shows what is currently loading on startup. You must know what is good and what is bad. Once you check it and fix it is gone. So be sure. Items you are not sure of do a Google search for them.

Winaudit
http://www.pxserver.com/WinAudit.htm

Winaudit does an extensive audit of you computer. Complete list of installed software, dll, and other good stuff.

Aida32
http://www.webattack.com/get/aida32.shtml

Everest (This replaced Aida32)
http://www.lavalys.com/products.php?lang=en

Everest used to be Aida32. Good system information.

Run Your Antivirus again

Download and install all OS updates.

I have had to boot into safe mode and run the removal programs.

Good Luck Lee

Collapse -

by black_eyed_pea In reply to Remove about:blank

I've nursed many machines back to health with these, but I still have to manually edit the Windows Registry on occasion to get rid of some nasties such as WinTools, KeenValue, and Incredimail (Incredi-anything). Here are my checklists:

Spyware Removal Checklist

1. Boot into Safe Mode with Networking (some spyware can only be removed in Safe Mode).
2. Open Add/Remove programs and remove any application that both you and the principal user do not recognize or deem to be spyware.
3. Install Spybot Search & Destroy, update it, and run it on the infected system.
4. Install Ad-Aware, update it, and run it on the infected system.
5. Install and run CWShredder.
6. Launch HijackThis and click the Scan button. Make sure you run this after other malware removal apps. (WARNING: Reference the HijackThis tutorial at http://www.spywareinfo.com/~merijn/htlogtutorial.html before removing anything.)
7. Reboot and run both Ad-Aware and Spybot again until the system is clean.
8. Launch Internet Explorer and browse the Web to verify Winsock was not broken while removing
spyware. If you cannot browse the Web, run the WinSockFix utility and perform another Web test.

Ad-Aware - http://www.lavasoftusa.com
CWShredder - http://cwshredder.net/bin/CWSInstall.exe
Spybot Search & Destroy - http://www.safer-networking.org/en/download/
WinSockFix - http://www.spychecker.com/program/winsockxpfix.html

Collapse -

by black_eyed_pea In reply to Remove about:blank

Spyware Prevention Checklist

1. Open Internet Explorer, click Internet Options, click the Security tab, and click Default Level on each Security Zone.
2. Install all Windows Critical Updates.
3. Install and update Spyware Blaster. Remember to click the link to Enable All Protection.
4. Download XPSP2 and use the built-in popup blocker.
5. Run GRC's Shoot the Messenger applet.
6. Run GRC's Unplug & Pray applet (Windows XP Only).
7. Run GRC's DCOMbobulator, click the DCOMbobulate Me! tab and then click the Disable DCOM button.
8. Execute DSOStop2 and click the Protect Internet Explorer button.
9. Execute HTAStop and click the Protect Internet Explorer button (WARNING: Windows XP Only - Will cause problems on Windows 2000).
10. Install IE-Spyad. This is profile specific, so you must run it under each Windows profile you wish to protect.
11. Run GRC's SocketLock utility.
12. Install and update JavaCool's Spyware Guard.
13. Rename the default Windows Hosts file located at %windir%\system32\drivers\etc and place the Gorilla Design HOSTS file in the same directory.
14. Install eDexter to reduce the efficiently handle the new HOSTS file.
15. Educate the principal user on Internet best practices.

DSOstop2 - http://www.wilders.org/downloads.htm
eDexter - http://www.pyrenean.com/distribution/dxtr135.exe
Firefox - http://www.mozilla.org/products/firefox/
Google Toolbar - http://www.google.com/options/index.html
Hosts File - http://accs-net.com/hosts/get_hosts.html
HTAStop - http://www.wilders.org/downloads.htm
IE-Spyad - http://www.pcworld.com/downloads/file_download.asp?fid=23332&fileidx=1
Shoot The Messenger - http://www.grc.com/freepopular.htm
SocketLock - http://www.grc.com/freepopular.htm
Spyware Blaster - http://www.javacoolsoftware.com/spywareblaster.html
Spyware Guard - http://www.javacoolsoftware.com/sgdownload.html
Unplug & Pray - http://www.grc.com/freepopular.htm
WinSockFix - http://www.spychecker.com/program/winsockxpfix.html

Back to Windows Forum
9 total posts (Page 1 of 1)  

Related Discussions

Related Forums