Doesn't find "about:blank" hijacker

[Polymerase]

My PC is currently infested with some varient of
the "about:blank" IE hijacker malware. Fortunately,
Spybot is preventing it from altering the registry to
actually carry out the hijacking, but I'm still getting
pop-ups, plus a series of Spybot warnings each time I
open or close IE.

I had tracked down the names of the two DLL's that carry
this hijacker, and I was preparing to go in using Safe
Mode and the Windows Recovery Console to manually remove
them, when I saw the announcement for the AntiSpyware
beta. I was hoping that this tool would let me avoid the
hassle of attempting a manual removal, but no luck. I
ran a full scan in deep scan mode, but the tool didn't
even notice the malware DLL's.

I guess I get to spent my weekend fiddling with the WRC
after all. Very disappointing.

P

 

[McAkins]

There is a Malware reporting tool built in. By reporting
you will be helping to make SpyNet database up to date.

 

[Robear Dyer MS MVP]

You don't expect much from a (1) free (2) beta product, do you?

About:Blank is one of the most notorious, ever-morphing hijackers we've seen
so far. *No* currently available anti-malware tool can remove it, Poly.

 

[Ron Chamberlin-MVP]

P,

This isn't the best forum for fixing problems, but if you are running SP2,
you might wish to check Tools--->Manage Add-Ons and see if you have some
strange BHO's in there. Disabling them may well give you better luck in your
pursuit.

Ron Chamberlin
MS-MVP

 

[Guest]

hi, i was wondering if you had any luck with deleting the
malware's dll's --- i have norton antivirus 2005 and the
beta version of microsoft's but no luck getting rid of the
virus. my home page is still redirecting to about:blank.

can you help?

Ice

 

[Jim Byrd]

Hi Ice - Start here. Please post back with your results or if you need
additional assistance.

Courtesy of Ron Kinner MVP:


"There is a German program called Spoonweg.exe which might
help.

http://lunatic-skydance.de/mr/soft/SpoonWeg.exe

It will start to download. Save it somewhere you can find
it again then Open it and say YES then Click on Trojaner-
Suchen. If it finds the version of about:blank that it is
meant to kill it will go and do it then reboot the PC.
Otherwise it will say Trojaner Spooner wird nicht gefunden.

Another German program is SpHjFix.exe.

http://www.trojaner-info.de/cgi-bin/download.cgi?
file=sphjfix

This one speaks English so just Press on Start Disinfection
If it doesn't find its target it will say Not Infected
across the top of the little window. Otherwise follow the
instructions.

Both of these probably run better in Safe Mode (F8 -
without Networking)

Finally if both of the above fail then try one of the
methods in:

http://www.pchell.com/support/aboutblank.shtml "



I can also recommend the procedures at www.pchell.com .


--
Please respond in the same thread.
Regards, Jim Byrd, MS-MVP



In