General discussion

Locked

about:blank

By Oz_Media ·
Yeah I know, a common one isn't it?

Constant about:blank windows popping up in Explorer. Customer has win2K, has run CW shredder, AVG, Norton, spybot, adaware etc. nothing cleaned up yet.

I have found one virus in his files but it is not accessible in Windows. Dyfica, that resides apprently in the Administrator>local settings>Temporary Internet Files in a folder that doesn't appear in Windows, not was I able to find the directory from the command prompt.

I have read a few removal instructions from various sites and they all point to registry entires or supposedly infected files that don't show up on his computer.

Anyone else have ideas??

Cheers,
OM

This conversation is currently closed to new comments.

26 total posts (Page 2 of 3)   Prev   01 | 02 | 03   Next
Thread display: Collapse - | Expand +

All Comments

Collapse -

by willcomp In reply to about:blank

Oz,

Did you try CWShredder and VX2 Finder?

Here's a cut and paste from a discussion thread regarding difficult spyware. It ain't plagarism, I wrote this stuff.

Another major pain is VX2. A finder and removal assist program is available at link below. I have found it highly effective and only way to really eliminate VX2. It is for Win 2000 and Win XP only.

http://subratam.org/?page=removal

VX2Finder can be a difficult program to find if you don't alrady know about it.

CWShredder was taken over by Intermute and incorporated into their SpySubtract Pro software. It is being updated to address latest variations of CoolWebSearch.

However, CWShredder is still available as a free stand-alone program. Link is:

http://www.intermute.com/spysubtract/cwshredder_download.html

Discussion URL is:

http://techrepublic.com.com/5208-6230-0.html?forumID=5&threadID=165555&messageID=1693368

Incidentally, Dyfica and Dyfuca are apparently the same critter called by different names depending on detection software. As best I recall it is a porn dialer and not associated with about:blank hijackers.

Happy hunting.

Dalton

Collapse -

by willcomp In reply to

System Restore is disabled, I assume.

Collapse -

by Oz_Media In reply to

Hi, yeah I tried both CW shredder and VX2, no go came up clean. Dyfica/Dyfuca no longer show up, scans come clean. Yet the files listed for manual removal aren't there, registry has no entires listed as related to it either, even the symptoms are different than listed for those two.



But hey you have all been a great help anyway and should I not get this sometime today I will just fork out some points for all of our suggestions,
Thanks

OM

Collapse -

by ReWrite In reply to about:blank

The about:blank seems to be running rampant these days. I just read through a 6+ page forum log where a guy was trying everything to get rid of it. Funny coincidence was that he was using yahoo as his home page also (very strange). Anyway, the result that worked was to run AboutBuster and then Housecall online virus scanner. Here's the links:

http://www.iamnotageek.com/a/428-p1.php
http://housecall.antivirus.com/housecall/start_frame.asp

Cheers and good luck.

RW

Collapse -

by Oz_Media In reply to

Well rewrite you offered some stuff I hadn't tried, have tried most online scans but not house call, nothing found there either.

The other link had some new suggestions also, but no files listed were found on his system.

I think I will be adding an anchor to my kayak soon !

Collapse -

by sgt_shultz In reply to about:blank

its ok, we speak tyko, i mean, typo...
well, that point stuck out that somehow you found this virus but can't get at the file/folder to delete it. could we hear more about that and you don't think that is causing this? something is active/running dont you think. you used Windows Search with wild cards and looking at h r s files, yes? and could not find to del from that window, yes? what properties/security on that folder if you did find it that way? how did virus program find it. do you have exact path/foldername in virus log. at command prompt you did attrib -r -h -s , yes? wonder if recent dos shell of pcanywhere could see this folder. wonder if deltree would hurt. bet temp internet folder would recreate on boot but i would try it first somewhere. anything in event log (lame) or what processes don't look right. does this happen in fresh user profile. (lame).
do you ever get anything to affect this? does it work ok for a little while until you go on network or internet? (reinfection from hidden files still residing on your pc or infected network shares or from internet)
i'd be backing up the email and data on this computer and maybe at least thinking about any advantages to a reinstall or a dual install. but you will be stubborn and fix it. will you please let us know what it was...

Collapse -

by Oz_Media In reply to

Thanks for the tips, I was there yesterday and found that Yahoo was creating a set of four temp files. Deleting them and rebooting is fine, as soon as you hit that page they are back (just images and such from he page that he has always been pokay with, nothing that I can see would have problems. There are afew basic Javascript files associated with the page but I have read through the scripts and it appears nothing abnormal is running off of them.

EVERy online and offline Virus check has come up clean, I have tried a zillion differet adware and spyware programs, CW shredder, VX2 and others reccommended but nothing shows up in the scans.

The once infected file found was finally removed and has not reappeared, scans are clean. I see very few of the symptoms related to the Dyfica/dyfuca trojan and any tell tale files/registry entries listed on various sites don't appear in his system.

I will be tryig a few cleanup tips I picked up last night ad will see where it ends up. This guy is not on a big network, home based business. He also just about fell out of his chair when I suggested a fresh install, his setup files are on a partition and the disk he has is for recovery only. I have rn a SFC form the prompt and it found no missing or damaged files.

He is just a really nice guy that I would really like to help with this without ruining his day and reformatting, of course he has no RECENT backups (14 days old and he thinks he MAY have had it back then too) and would lose some data that he deems important.

Yes it took some digging but I found and removed the files found as infected, no regustry entries showed up anywhere or anything else that I can see really. No unknown processes running, nothing found in any scans!! Pull hair out and scream! NAH, it isn't MY PC! LOL

Collapse -

by DouglasB In reply to about:blank

I have found AdwareAway to be a very useful program to get rid of hijackers. It also handles keyloggers, adware, spyware and trojans. Download it here: http://www.adwareaway.com It has worked for me every time.

Collapse -

by Oz_Media In reply to

Thank you for your reply Douglas, but as you can probably see in my replies, I have tried a LOT of different cleaners and ad removal software already. This is always my first step and first recommendation for similar issues.

I did try it as per your suggestion but it didn't find anything related to this issue. It uses VERY similar algorhythms to all the others.

Thanks anyway,

Collapse -

by Mike (from Canada) In reply to about:blank

Open your registry and search for c

As soon as you find a DLL (DLL, EXE, DRV, VXD, or COM) file in your registry, go to the folder the DLL file actually resides in (usually c:\windows\system). Check out the properties of that DLL. If you believe it doesn't belong in your system, remove it.

Also if winstart.bat exists in your c:\windows or c:\windows\system folder, examine it. this file is loaded when windows is 3/4 loaded, and before the GUI appears.

Check autoexec.bat and config.sys. Drivers are loaded here. Remove any lines that represent virus-based files.

Back to Windows Forum
26 total posts (Page 2 of 3)   Prev   01 | 02 | 03   Next

Related Discussions

Related Forums