General discussion

Locked

highjacker

By jmac0225 ·
my IE has been highjacked by About:blank, and I can't seem to get rid of it. i have deleted everything from the registry, ran spyware, and still it comes back.
Any help out there?
Thanks!! jmac0225

This conversation is currently closed to new comments.

19 total posts (Page 1 of 2)   01 | 02   Next
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by gbrownlee In reply to highjacker

About blank is usually caused by cool web search or the loveletter virus. For the former, download and run cwshredder. An up to date virus checker should find it if it is the latter.

Collapse -

by jmac0225 In reply to

Did that, but it still comes back. Thanks though

Collapse -

by willcomp In reply to highjacker

In addition to CWShredder; download, install, update, and run Ad-Aware SE available at download.com or lavasoft.com. Ad-Aware usually removes the two adware programs that I have seen cause your problem.

Dalton

Collapse -

by jmac0225 In reply to

Thanks for the tip, but nothing has worked yet. It still comes back.

Collapse -

by wcp In reply to highjacker

Try ?Hijack This? and remove anything that relates to ?about blank?.

http://tinyurl.com/2rqv2

Make sure that your IE startup page has been changed from ?about blank? to yours.

IE (right click) > Tools > Internet Options > Address:

Collapse -

by jmac0225 In reply to

have tried all that, and it still comes back. Thanks, it got rid of a lot of stuff, but about:blank, still highjacks my browser.

Collapse -

by dmiles In reply to highjacker

There are two malicious .dll files on you computer. One is visible and can be easily deleted. The other is HIDDEN. The hidden .dll regenerates the viewable .dll if it is deleted or changed. The hidden file is the problem.

To rid your self of the hidden .dll, which is the core of the problem, do the following.

Solution

Step 1

The key is to find the hidden DLL

Use Regedit to go here.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Windows\\AppInit_DLLs

Then double click:

AppInit_DLLs

You should be able to see a file with this address:

C:\Windows\System32\"Hidden".dll

For example on my W2K box, the hidden file is called wdm.dll


Step 2

Install the Windows Recovery Console Option if not already done:

The Windows Recovery Console is not the plain DOS prompt you can find in your START menu, here's how you can access this console:

(X = your CD Drive)
1. Pop in the Win2000/WinXP CD.
2. Run X:\i386\winnt32.exe /cmdcons
3. A dialog comes up saying it takes 10mb, etc., etc. - Click yes to install.

If you already see the boot menu you're done. If you don't then lets make it appear:

Right Click My Computer
Click Properties
Click advanced tab
Click startup and Recovery Settings
Check Time to Display List of Operating Systems
Set the timeout to something reasonable like 10 seconds
Apply the settings, reboot, and you should see the new option to go into the recovery console. You'll need the Administrator password for your computer to access the console.
Then in to the Windows Recovery Console go to C:\Windows\System32, there modify the file by using the Attrib command

C:\Winnt\System32: rename wdm.dll about_blank
C:\Winnt\System32: attrib -R about_blank

Step 3

Reboot your system and open regedit, go back to the same key:

AppInit_DLLs and delete the value.

Collapse -

by jmac0225 In reply to

Thanks, I tried this, but there was no applnit_dll in that key, and the recovery also didn't work. I am still highjacked by About:blank, after every thing I've tried.

Collapse -

by wcp In reply to highjacker

You ran Ad-Aware SE Personal, Spybot S&amp (V1.3), CWShredder, and Hijack this with the latest updates?
If you did, run a few more times with Ad-Aware SE Personal. Still no dice? Try the following.

1. Disable all startup programs from msconfig. If it is Win 2000 pro, copy the command from other OS to Winnt/System32 folder.

2. Remove any programs that you do not need.

3. Scan for virus and remove any if found. You may want to try Kaspersky 30 day trial version.

4. If you still have the same problem, clean install Windows unless you have time to kill.

Collapse -

by wcp In reply to

You need to close this thread.

I have to conclude

1. You have not followed the instructions,

2. You have no idea what you do, or

3. You're just killing your time.

Back to Desktop Forum
19 total posts (Page 1 of 2)   01 | 02   Next

Related Discussions

Related Forums