Security

General discussion

Gravatar
0 Votes
Locked

about:blank hiJack

By dossr ·
I have an XP SP2 pc that seems to have it Internet Explorer 6.0 hijacked. Whenever I try to set the homepage to any address, it will open the correct one on the first launch of IE, but then the homepage will change to "about:blank" and the HOME SEARCH page opens in it's place.(HomeSearch with all the cheaploans, viagra, and gambling sites)

I have used HiJackThis to create a log and will post it at the end of this question. There are 3 programs that are in my Add/Remove directory that I can't seem to uninstall. They are [WebRebates] - [Home Search Assitent] and [Search Extender]. All of these point me to http://looking-for.cc/uninstall/HomeSearchAssistant.html which of course isn't any help in uninstalling.
I've scoured through the processes under TskMgr. and through MSCONFIG to see if there are any "foreign" processes, but all seem to be legitimate.

Any help would be Most Appriciated.

HiJackThis 1.98 Log File
Logfile of HijackThis v1.98.2
Scan saved at 2:52:35 PM, on 10/15/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Windows\system32\spoolsv.exe
C:\COMPAQ\ACLIENT\ACLIENT.exe
C:\Program Files\Compaq\Compaq Management Agents\cpqalert.exe
C:\Windows\Cpqdiag\Cpqdfwag.exe
C:\PROGRA~1\Compaq\COMPAQ~2\CPQWEB~1\WebDmi.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Compaq\LCRMS\LCRMS.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Windows\System32\NMSSvc.exe
C:\Windows\System32\nvsvc32.exe
C:\Windows\system32\crec32.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

gravatar
Collapse -

by matherg In reply to about:blank hiJack

Your computer has been infected with spyware. You can download and run one of several different spyware removal tools:
SpyBot S& http://www.safer-networking.org/en/download/index.html
Adaware: http://www.lavasoftusa.com/software/adaware/
SpySweeper: http://www.webroot.com/

gravatar
Collapse -

by statykserver In reply to about:blank hiJack

Have you tried running spybot and adware?

I think together they do a fairly good job.

gravatar
Collapse -

by dossr In reply to about:blank hiJack

Yes, I have ran updated versions SB and Ad-Aware many times till they find nothing and still the problem exists.

gravatar
Collapse -

by willcomp In reply to about:blank hiJack

Download and run cwshredder available at the link below:

http://www.spywareinfo.com/~merijn/downloads.html

Also run Spybot in advanced mode and select Tools. Check box by BHO in right pane and then click on BHO in left pane. Remove any suspicious entries. May want to only leave Spybot and any Antivirus add-ins.

Let me know if this works. If not, we'll put our thinking cap back on.

Dalton

gravatar
Collapse -

by jonno112 In reply to about:blank hiJack

All the above are good answers but if not used right you will be reinfected.

Go to this link

http://forums.majorgeeks.com/showthread.php?t=35407

This is a good tutorial

gravatar
Collapse -

by dparaschiv In reply to about:blank hiJack

you have a dll.file that you need to find & delete
use taskinfo to find it

Back to Security Forum

Start or search

Related Discussions

Related Forums