Join or sign in Register for your free TechRepublic membership or if you are already a member, sign in using your preferred method below. Use Your Email Use FacebookUse Linkedin

about:blank hiJack

Locked

I have an XP SP2 pc that seems to have it Internet Explorer 6.0 hijacked. Whenever I try to set the homepage to any address, it will open the correct one on the first launch of IE, but then the homepage will change to “about:blank” and the HOME SEARCH page opens in it’s place.(HomeSearch with all the cheaploans, viagra, and gambling sites)

I have used HiJackThis to create a log and will post it at the end of this question. There are 3 programs that are in my Add/Remove directory that I can’t seem to uninstall. They are [WebRebates] – [Home Search Assitent] and [Search Extender]. All of these point me to http://looking-for.cc/uninstall/HomeSearchAssistant.html which of course isn’t any help in uninstalling.
I’ve scoured through the processes under TskMgr. and through MSCONFIG to see if there are any “foreign” processes, but all seem to be legitimate.

Any help would be Most Appriciated.

HiJackThis 1.98 Log File
Logfile of HijackThis v1.98.2
Scan saved at 2:52:35 PM, on 10/15/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Windows\system32\spoolsv.exe
C:\COMPAQ\ACLIENT\ACLIENT.exe
C:\Program Files\Compaq\Compaq Management Agents\cpqalert.exe
C:\Windows\Cpqdiag\Cpqdfwag.exe
C:\PROGRA~1\Compaq\COMPAQ~2\CPQWEB~1\WebDmi.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Compaq\LCRMS\LCRMS.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Windows\System32\NMSSvc.exe
C:\Windows\System32\nvsvc32.exe
C:\Windows\system32\crec32.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe

Topic

Reply To: about:blank hiJack

In reply to about:blank hiJack

Your computer has been infected with spyware. You can download and run one of several different spyware removal tools:
SpyBot S&D: http://www.safer-networking.org/en/download/index.html
Adaware: http://www.lavasoftusa.com/software/adaware/
SpySweeper: http://www.webroot.com/

Reply To: about:blank hiJack

In reply to about:blank hiJack

Have you tried running spybot and adware?

I think together they do a fairly good job.

Reply To: about:blank hiJack

In reply to about:blank hiJack

Yes, I have ran updated versions SB and Ad-Aware many times till they find nothing and still the problem exists.

Reply To: about:blank hiJack

In reply to about:blank hiJack

Download and run cwshredder available at the link below:

http://www.spywareinfo.com/~merijn/downloads.html

Also run Spybot in advanced mode and select Tools. Check box by BHO in right pane and then click on BHO in left pane. Remove any suspicious entries. May want to only leave Spybot and any Antivirus add-ins.

Let me know if this works. If not, we’ll put our thinking cap back on.

Dalton

Reply To: about:blank hiJack

In reply to about:blank hiJack

All the above are good answers but if not used right you will be reinfected.

Go to this link

http://forums.majorgeeks.com/showthread.php?t=35407

This is a good tutorial

Reply To: about:blank hiJack

In reply to about:blank hiJack

you have a dll.file that you need to find & delete
use taskinfo to find it

[Author]

Replies