About Blank

[Dave]

Jan II posted some useful information in the thread "E 6 Hijacked by "about:blank"" (see below).

The link to the site http://www.akadia.com/services/about_blank_virus.html is very helpful. It explains that the virus consists of 2 dll files: a visible dll and a hidden dll. It explains how to get rid of the hidden file but it does not identify or explain how to get rid of the visible file.

When I ran the reglite, it told me the hidden file was C:\winnt\system32\kbdlh.dll. I followed the instructions, renamed it and deleted the registry value. I searched the computer for a visible kbdlh.dll file to delete but I could not find one.

After rebooting and resetting my homepage, the "about blank" search page still appears and I still get popups saying I am infected with Spyware.

Where is the visible dll file that I have to delete?



-------------------------

My browser is continually taken over by "about:blank". I
have installed Spyware Guard, and made sure the firewall
is on. But, How do I REMOVE this X?#!%<@@#!!! from my
system?

About Blank
http://www.akadia.com/services/about_blank_virus.html

CWShredder: Free
http://tinyurl.com/2l9kl

Aboutblank - for Win2K
http://www.akadia.com/services/about_blank_virus.html

RegLite - Use for About blank Registry removal
http://www.resplendence.com/download/reglite

Hope this helps.

Jan

 

[Kelly Cotter]

to start with i'd download and run these be sure to update them

http://www.lavasoftusa.com/software/adaware/ adaware

http://www.safer-networking.org/index.php?page=download spybot

http://www.safer-networking.org/index.php?page=download cwshredder

http://www.webattack.com/dlnow/rdir.dll?id=105693 spyware blaster

http://www.spywareinfo.com/~merijn/downloads.html some other usefull removal tools

also do a full virus scan

--
If the information posted above helps then let me know.
If it doesn't more fool you for believing me.
Jan II posted some useful information in the thread "E 6 Hijacked by "about:blank"" (see below).

The link to the site http://www.akadia.com/services/about_blank_virus.html is very helpful. It explains that the virus consists of 2 dll files: a visible dll and a hidden dll. It explains how to get rid of the hidden file but it does not identify or explain how to get rid of the visible file.

When I ran the reglite, it told me the hidden file was C:\winnt\system32\kbdlh.dll. I followed the instructions, renamed it and deleted the registry value. I searched the computer for a visible kbdlh.dll file to delete but I could not find one.

After rebooting and resetting my homepage, the "about blank" search page still appears and I still get popups saying I am infected with Spyware.

Where is the visible dll file that I have to delete?



-------------------------

My browser is continually taken over by "about:blank". I
have installed Spyware Guard, and made sure the firewall
is on. But, How do I REMOVE this X?#!%<@@#!!! from my
system?

About Blank
http://www.akadia.com/services/about_blank_virus.html

CWShredder: Free
http://tinyurl.com/2l9kl

Aboutblank - for Win2K
http://www.akadia.com/services/about_blank_virus.html

RegLite - Use for About blank Registry removal
http://www.resplendence.com/download/reglite

Hope this helps.

Jan

 

[Dave]

I have used spybot/hijack this/cw shredder and none of these tools remove
the "about blank" virus

Spybot reports that I am clean yet the "about blank" search page continues
to display.

The akadia.com site identified the virus and offered removal instructions.
However, the instructions were incomplete, they did not explain how to
remove the visible dll , only the hidden file.

My question is: What is the name of this visible file that I should delete?
(It is not the same name as the hidden file (kbdlh.dll) )




in message to start with i'd download and run these be sure to update them

http://www.lavasoftusa.com/software/adaware/ adaware

http://www.safer-networking.org/index.php?page=download spybot

http://www.safer-networking.org/index.php?page=download cwshredder

http://www.webattack.com/dlnow/rdir.dll?id=105693 spyware blaster

http://www.spywareinfo.com/~merijn/downloads.html some other usefull removal
tools

also do a full virus scan

--
If the information posted above helps then let me know.
If it doesn't more fool you for believing me.
Jan II posted some useful information in the thread "E 6 Hijacked by
"about:blank"" (see below).

The link to the site http://www.akadia.com/services/about_blank_virus.html
is very helpful. It explains that the virus consists of 2 dll files: a
visible dll and a hidden dll. It explains how to get rid of the hidden
file but it does not identify or explain how to get rid of the visible file.

When I ran the reglite, it told me the hidden file was
C:\winnt\system32\kbdlh.dll. I followed the instructions, renamed it and
deleted the registry value. I searched the computer for a visible kbdlh.dll
file to delete but I could not find one.

After rebooting and resetting my homepage, the "about blank" search page
still appears and I still get popups saying I am infected with Spyware.

Where is the visible dll file that I have to delete?



-------------------------

My browser is continually taken over by "about:blank". I
have installed Spyware Guard, and made sure the firewall
is on. But, How do I REMOVE this X?#!%<@@#!!! from my
system?

About Blank
http://www.akadia.com/services/about_blank_virus.html

CWShredder: Free
http://tinyurl.com/2l9kl

Aboutblank - for Win2K
http://www.akadia.com/services/about_blank_virus.html

RegLite - Use for About blank Registry removal
http://www.resplendence.com/download/reglite

Hope this helps.

Jan

 

[Jim Byrd]

Hi Dave - You'll need to use HijackThis to find and remove that one. Go
here and follow the directions exactly:
http://computercops.biz/article-5199-nested-0-0.html

--
Please respond in the same thread.
Regards, Jim Byrd, MS-MVP



In

 

[Dave]

Thanks Jim

I went to the site and ran hijack this but my output is different than the
example. It may be that he is using XP and I an Win2000.

I did find 2 suspect files:

O2 - BHO: (no name) - {938EB692-B1A9-46E9-9025-C7503A09EC93} -
C:\WINNT\system32\okcop.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

Can anyone tell me if they are safe to delete?

Hi Dave - You'll need to use HijackThis to find and remove that one. Go
here and follow the directions exactly:
http://computercops.biz/article-5199-nested-0-0.html

--
Please respond in the same thread.
Regards, Jim Byrd, MS-MVP



In

 

[Jim Byrd]

Hi Dave - Well, nwiz is part of your NVIDIA card drivers and I would guess
is probably OK. However, I can't find any reference for you okcop.dll, and
I would find it suspect. Do the following:

In Windows Explorer, click on Tools|Folder Options|View and check "Show
hidden files and folders" and uncheck "Hide protected operating system
files". (You may want to restore these when you're all finished with
HijackThis.)

Download HijackThis, free, here:
http://209.133.47.200/~merijn/files/HijackThis.exe (Always download a new
fresh copy of HijackThis [and CWShredder also] - It's UPDATED frequently.)
You may also get it here if that link is blocked:
http://www.majorgeeks.com/downloadget.php?id=3155&file=3&evp=3304750663b552982a8baee6434cfc13
BTW, it was just updated with some important fixes.

Unzip the downloaded HijackThis to any convenient folder, start it then
press Scan. Click on SaveLog when it's finished which will create
hijackthis.log. Now click the Config button, then Misc Tools and click on
Generate StartupList.log which will create Startuplist.txt

Then go to one of the following forums:

Spyware and Hijackware Removal Support, here:
http://216.180.233.162/~swicom/forums/

or Net-Integration here:
http://www.net-integration.net/cgi-...86d536d57b5f65b6e40c55365e;act=ST;f=27;t=6949

or Tom Coyote here: http://forums.tomcoyote.org/index.php?act=idx

or Jim Eshelman's site here: http://forum.aumha.org/



Sign in, then copy and paste both files into a message asking for
assistance, Someone will answer with detailed instructions for the removal
of your parasite(s). Be sure you include at the beginning of your post
"What problem(s) you're trying to solve" and "What steps you've already
taken."


--
Please respond in the same thread.
Regards, Jim Byrd, MS-MVP



In

Thanks Jim

I went to the site and ran hijack this but my output is different than the
example. It may be that he is using XP and I an Win2000.

I did find 2 suspect files:

O2 - BHO: (no name) - {938EB692-B1A9-46E9-9025-C7503A09EC93} -
C:\WINNT\system32\okcop.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

Can anyone tell me if they are safe to delete?

Hi Dave - You'll need to use HijackThis to find and remove that one. Go
here and follow the directions exactly:
http://computercops.biz/article-5199-nested-0-0.html

--
Please respond in the same thread.
Regards, Jim Byrd, MS-MVP



In

 

[Dave]

Thanks Jim

Yes it was the offending virus. I deleted this file and finally it appears
I am rid of the thing.

Hi Dave - Well, nwiz is part of your NVIDIA card drivers and I would guess
is probably OK. However, I can't find any reference for you okcop.dll, and
I would find it suspect. Do the following:

In Windows Explorer, click on Tools|Folder Options|View and check "Show
hidden files and folders" and uncheck "Hide protected operating system
files". (You may want to restore these when you're all finished with
HijackThis.)

Download HijackThis, free, here:
http://209.133.47.200/~merijn/files/HijackThis.exe (Always download a new
fresh copy of HijackThis [and CWShredder also] - It's UPDATED frequently.)
You may also get it here if that link is blocked:
http://www.majorgeeks.com/downloadget.php?id=3155&file=3&evp=3304750663b552982a8baee6434cfc13
BTW, it was just updated with some important fixes.

Unzip the downloaded HijackThis to any convenient folder, start it then
press Scan. Click on SaveLog when it's finished which will create
hijackthis.log. Now click the Config button, then Misc Tools and click on
Generate StartupList.log which will create Startuplist.txt

Then go to one of the following forums:

Spyware and Hijackware Removal Support, here:
http://216.180.233.162/~swicom/forums/

or Net-Integration here:
http://www.net-integration.net/cgi-...86d536d57b5f65b6e40c55365e;act=ST;f=27;t=6949

or Tom Coyote here: http://forums.tomcoyote.org/index.php?act=idx

or Jim Eshelman's site here: http://forum.aumha.org/



Sign in, then copy and paste both files into a message asking for
assistance, Someone will answer with detailed instructions for the removal
of your parasite(s). Be sure you include at the beginning of your post
"What problem(s) you're trying to solve" and "What steps you've already
taken."


--
Please respond in the same thread.
Regards, Jim Byrd, MS-MVP



In

Thanks Jim

I went to the site and ran hijack this but my output is different than the
example. It may be that he is using XP and I an Win2000.

I did find 2 suspect files:

O2 - BHO: (no name) - {938EB692-B1A9-46E9-9025-C7503A09EC93} -
C:\WINNT\system32\okcop.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

Can anyone tell me if they are safe to delete?

Hi Dave - You'll need to use HijackThis to find and remove that one. Go
here and follow the directions exactly:
http://computercops.biz/article-5199-nested-0-0.html

--
Please respond in the same thread.
Regards, Jim Byrd, MS-MVP



In Dave <[email protected]> typed:
I have used spybot/hijack this/cw shredder and none of these tools remove
the "about blank" virus

Spybot reports that I am clean yet the "about blank" search page continues
to display.

The akadia.com site identified the virus and offered removal instructions.
However, the instructions were incomplete, they did not explain how to
remove the visible dll , only the hidden file.

My question is: What is the name of this visible file that I should delete?
(It is not the same name as the hidden file (kbdlh.dll) )




in message to start with i'd download and run these be sure to update them

http://www.lavasoftusa.com/software/adaware/ adaware

http://www.safer-networking.org/index.php?page=download spybot

http://www.safer-networking.org/index.php?page=download cwshredder

http://www.webattack.com/dlnow/rdir.dll?id=105693 spyware blaster

http://www.spywareinfo.com/~merijn/downloads.html some other usefull removal
tools

also do a full virus scan


My browser is continually taken over by "about:blank". I
have installed Spyware Guard, and made sure the firewall
is on. But, How do I REMOVE this X?#!%<@@#!!! from my
system?

About Blank
http://www.akadia.com/services/about_blank_virus.html

CWShredder: Free
http://tinyurl.com/2l9kl

Aboutblank - for Win2K
http://www.akadia.com/services/about_blank_virus.html

RegLite - Use for About blank Registry removal
http://www.resplendence.com/download/reglite

Hope this helps.

Jan

 

[Jim Byrd]

YW, Dave - I would advise you to now run all of the malware removers in Safe
mode, and then install SpywareBlaster and SpywareGuard, and make sure you're
up to date on ALL Critical Windows Updates..

--
Please respond in the same thread.
Regards, Jim Byrd, MS-MVP



In

Thanks Jim

Yes it was the offending virus. I deleted this file and finally it appears
I am rid of the thing.

Hi Dave - Well, nwiz is part of your NVIDIA card drivers and I would guess
is probably OK. However, I can't find any reference for you okcop.dll, and
I would find it suspect. Do the following:

In Windows Explorer, click on Tools|Folder Options|View and check "Show
hidden files and folders" and uncheck "Hide protected operating system
files". (You may want to restore these when you're all finished with
HijackThis.)

Download HijackThis, free, here:
http://209.133.47.200/~merijn/files/HijackThis.exe (Always download a new
fresh copy of HijackThis [and CWShredder also] - It's UPDATED frequently.)
You may also get it here if that link is blocked:

http://www.majorgeeks.com/downloadget.php?id=3155&file=3&evp=3304750663b552982a8baee6434cfc13

BTW, it was just updated with some important fixes.

Unzip the downloaded HijackThis to any convenient folder, start it then
press Scan. Click on SaveLog when it's finished which will create
hijackthis.log. Now click the Config button, then Misc Tools and click on
Generate StartupList.log which will create Startuplist.txt

Then go to one of the following forums:

Spyware and Hijackware Removal Support, here:
http://216.180.233.162/~swicom/forums/

or Net-Integration here:

http://www.net-integration.net/cgi-...86d536d57b5f65b6e40c55365e;act=ST;f=27;t=6949

or Tom Coyote here: http://forums.tomcoyote.org/index.php?act=idx

or Jim Eshelman's site here: http://forum.aumha.org/



Sign in, then copy and paste both files into a message asking for
assistance, Someone will answer with detailed instructions for the removal
of your parasite(s). Be sure you include at the beginning of your post
"What problem(s) you're trying to solve" and "What steps you've already
taken."


--
Please respond in the same thread.
Regards, Jim Byrd, MS-MVP



In

Thanks Jim

I went to the site and ran hijack this but my output is different than the
example. It may be that he is using XP and I an Win2000.

I did find 2 suspect files:

O2 - BHO: (no name) - {938EB692-B1A9-46E9-9025-C7503A09EC93} -
C:\WINNT\system32\okcop.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

Can anyone tell me if they are safe to delete?




Hi Dave - You'll need to use HijackThis to find and remove that one. Go
here and follow the directions exactly:
http://computercops.biz/article-5199-nested-0-0.html

--
Please respond in the same thread.
Regards, Jim Byrd, MS-MVP



In Dave <[email protected]> typed:
I have used spybot/hijack this/cw shredder and none of these tools remove
the "about blank" virus

Spybot reports that I am clean yet the "about blank" search page continues
to display.

The akadia.com site identified the virus and offered removal instructions.
However, the instructions were incomplete, they did not explain how to
remove the visible dll , only the hidden file.

My question is: What is the name of this visible file that I should delete?
(It is not the same name as the hidden file (kbdlh.dll) )




in message to start with i'd download and run these be sure to update them

http://www.lavasoftusa.com/software/adaware/ adaware

http://www.safer-networking.org/index.php?page=download spybot

http://www.safer-networking.org/index.php?page=download cwshredder

http://www.webattack.com/dlnow/rdir.dll?id=105693 spyware blaster

http://www.spywareinfo.com/~merijn/downloads.html some other usefull removal
tools

also do a full virus scan


My browser is continually taken over by "about:blank". I
have installed Spyware Guard, and made sure the firewall
is on. But, How do I REMOVE this X?#!%<@@#!!! from my
system?

About Blank
http://www.akadia.com/services/about_blank_virus.html

CWShredder: Free
http://tinyurl.com/2l9kl

Aboutblank - for Win2K
http://www.akadia.com/services/about_blank_virus.html

RegLite - Use for About blank Registry removal
http://www.resplendence.com/download/reglite

Hope this helps.

Jan

 

[H Leboeuf]

I understand that AdAware is not managing this variant well.

One more this about this nasty CWS. If you find bad .dll with HijackThis or
some other tools, do not reboot. If you do the names of the files will have
changed. A new random file name is created each time you boot.


--

Henri Leboeuf
Web page: http://www.colba.net/~hlebo49/index.htm
===

YW, Dave - I would advise you to now run all of the malware removers in Safe
mode, and then install SpywareBlaster and SpywareGuard, and make sure you're
up to date on ALL Critical Windows Updates..

--
Please respond in the same thread.
Regards, Jim Byrd, MS-MVP



In

Thanks Jim

Yes it was the offending virus. I deleted this file and finally it appears
I am rid of the thing.

Hi Dave - Well, nwiz is part of your NVIDIA card drivers and I would guess
is probably OK. However, I can't find any reference for you okcop.dll, and
I would find it suspect. Do the following:

In Windows Explorer, click on Tools|Folder Options|View and check "Show
hidden files and folders" and uncheck "Hide protected operating system
files". (You may want to restore these when you're all finished with
HijackThis.)

Download HijackThis, free, here:
http://209.133.47.200/~merijn/files/HijackThis.exe (Always download a new
fresh copy of HijackThis [and CWShredder also] - It's UPDATED frequently.)
You may also get it here if that link is blocked:

http://www.majorgeeks.com/downloadg...86d536d57b5f65b6e40c55365e;act=ST;f=27;t=6949

or Tom Coyote here: http://forums.tomcoyote.org/index.php?act=idx

or Jim Eshelman's site here: http://forum.aumha.org/



Sign in, then copy and paste both files into a message asking for
assistance, Someone will answer with detailed instructions for the removal
of your parasite(s). Be sure you include at the beginning of your post
"What problem(s) you're trying to solve" and "What steps you've already
taken."


--
Please respond in the same thread.
Regards, Jim Byrd, MS-MVP



In Dave <[email protected]> typed:
Thanks Jim

I went to the site and ran hijack this but my output is different than the
example. It may be that he is using XP and I an Win2000.

I did find 2 suspect files:

O2 - BHO: (no name) - {938EB692-B1A9-46E9-9025-C7503A09EC93} -
C:\WINNT\system32\okcop.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

Can anyone tell me if they are safe to delete?




Hi Dave - You'll need to use HijackThis to find and remove that one. Go
here and follow the directions exactly:
http://computercops.biz/article-5199-nested-0-0.html

--
Please respond in the same thread.
Regards, Jim Byrd, MS-MVP



In Dave <[email protected]> typed:
I have used spybot/hijack this/cw shredder and none of these tools
remove
the "about blank" virus

Spybot reports that I am clean yet the "about blank" search page
continues
to display.

The akadia.com site identified the virus and offered removal
instructions.
However, the instructions were incomplete, they did not explain how to
remove the visible dll , only the hidden file.

My question is: What is the name of this visible file that I should
delete?
(It is not the same name as the hidden file (kbdlh.dll) )




"Kelly Cotter"

wrote
in message to start with i'd download and run these be sure to update them

http://www.lavasoftusa.com/software/adaware/ adaware

http://www.safer-networking.org/index.php?page=download spybot

http://www.safer-networking.org/index.php?page=download cwshredder

http://www.webattack.com/dlnow/rdir.dll?id=105693 spyware blaster

http://www.spywareinfo.com/~merijn/downloads.html some other usefull
removal
tools

also do a full virus scan


My browser is continually taken over by "about:blank". I
have installed Spyware Guard, and made sure the firewall
is on. But, How do I REMOVE this X?#!%<@@#!!! from my
system?

About Blank
http://www.akadia.com/services/about_blank_virus.html

CWShredder: Free
http://tinyurl.com/2l9kl

Aboutblank - for Win2K
http://www.akadia.com/services/about_blank_virus.html

RegLite - Use for About blank Registry removal
http://www.resplendence.com/download/reglite

Hope this helps.

Jan

Da

 

[John Stephens]

Wow, I'm working on my dad's machine right now to get rid of this evil
bugger and am still running into problems.

I went to http://computercops.biz/article-5199-nested-0-0.html and
followed the removal instructions to a T. Then after my first reboot,
I opened IE and everything seemed ok, as if it were gone. But then
when I opened IE a second time, ABOUT:BLANK was back!

Can anyone help me with my specific problem? My dad is running WIN XP
and I've run HijackThis 10 times now, but the about:blank items keep
coming back.