Hi Eric O.
Every time I open my IE6 browser I get an (About:Blank)
in the address box and a bunch of smut links in my
favorites folders. I've ran Norton AntiVirus, PC Bug
Doctor, Ad-aware 6.0, and have went through my system
folders trying to find anything out of the ordinary many
times. The IE6 browser front page is a serch page with
Casino and Girls links. If anyone knows how to get this
crap of my computer please E-Mail me at
(e-mail address removed). Thank You Sooooooo Much!
It is possible you may have one of the more resistant variances of this
scumware, so I am providing you with the latest information on this. Please
follow all instructions below carefully. Some variances can replicate
themselves over and over if not removed properly.
About:blank -
Methods that previously removed the previous variant may not have any effect
on it. Try the
following and follow and instructions carefully to clean your system fully.
This variant replicates itself, thus, you must fully clean it from your
system. This coolwebsearch infection uses a hidden dll to reinfect, thus it
replicates itself over and over if not removed properly.
<<<<BE SURE TO FOLLOW ALL INSTRUCTIONS CAREFULLY>>>>
CAUTION!!!!!
Before you try to remove spyware using any of the programs below, download a
copy of LSPFIX from any of the following sites:
http://www.cexx.org/lspfix.htm
http://www.spychecker.com/program/winsockxpfix.html (if your OS is Win2k or
XP) The process of removing certain malware may kill your internet
connection. If this should occur, this program, LSPFIX, will enable you to
regain your connection.
Also, get a copy of WINSOCKFIX available at:
http://www.spychecker.com/program/winsockxpfix.html
IMPORTANT!!
RUN ALL PROGRAMS OFF LINE IN SAFE MODE AND SHOW HIDDEN
FILES. THEN REBOOT AND RUN THEM AGAIN TO BE SURE ALL FILES
ARE ACCESSED, DELETING ALL ITEMS DISPLAYED IN RED IN SPYBOT
HOW TO Restart in Safe Mode
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406
HOW TO Enable Hidden Files
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2002092715262339
About:Buster
http://www.majorgeeks.com/download4289.html
http://www.atribune.org/downloads/AboutBuster.zip
about:blank
http://www.atribune.org/downloads/AboutBuster.zip
or
http://tools.zerosrealm.com/AboutBuster.zip
SpyBot Search & Destroy: Free
http://download.com.com/3000-8022-10289035.html?tag=lst-0-2
AdAware: Free
http://www.lavasoftusa.com/support/download/
HOW TO: Reconfigure Ad-aware for a Full Scan
http://forum.aumha.org/viewtopic.php?t=5877
HiJackThis:
Unzip the Download file in a NEW FOLDER that you can create before you start
the download.
DO NOT install in your Desktop folder.
DO NOT use any of the TEMP folders that are presently in your computer.
Double-click "HijackThis.exe" and Press "Scan".
Go to:
http://computercops.biz/downloads-cat-14.html ,
or
http://www.aumha.org/a/parasite.php#hjt
(If you get a 404 error or Access denied, try:
http://216.180.252.218/~spywareinfo.com/downloads/tools/hijackthis.zip)
and download HiJackThis to the new folder. Unzip to a folder other than your
Desktop or the Temp folder, doubleclick HiJackThis.exe, and hit "Scan".
When the scan is finished, the "Scan" button will change into a "Save Log"
button. Press that, save the log some place you remember where it is.
Most of what it lists will be harmless or even required, so DO NOT fix
anything yet.
Open the copy of your log in NotePad and make a copy. Then you can go to one
of the following to post your log:
<<PLEASE DO NOT POST YOUR LOG FILE TO THIS NEWSGROUP>>
Spyware and Hijackware Removal Support, here:
http://216.180.233.162/~swicom/forums/
or Net-Integration here:
http://www.net-integration.net/cgi-...86d536d57b5f65b6e40c55365e;act=ST;f=27;t=6949
or Tom Coyote here:
http://forums.tomcoyote.org/index.php?act=idx
You will need to register to open a new thread to post you log. It is free,
and no one will Spam you, it is one of many that provides this service. Once
registered, go to the HiJackThis section on the forum list and click to
open. Then start a new post and post your log. The experts there will
analyze the log and report back the results. Please allow at least a few
hours or a days time for a response, depending on when you post the log
Remember, you must return to the HJT site to get your answer. It is a good
idea to click the "Notify" box so that you will get an electronic
notification by e-mail to let you know when a response has been posted.
But, you must still return to the site of your answer
Finally, go to Windows Update and ensure that ALL Critical updates are
installed.
also..........
Courtesy of MikeM.
There are two or more home page hijackers (parasites) that alter the file
used by those who like to launch Internet Explorer with a blank "homepage"
rather than always opening a site such as their ISP's portal or Google.
One of these parasites is a variant of the CoolWebSearch parasite. For
details of the CWS.Aboutblank variant see
(
http://www.spywareinfo.com/~merijn/cwschronicles.html#aboutblank).
Unfortunately there is a more cent variation of this hijacker which cannot
be
removed by CWShredder (see below) and if this is the case your only resort
will be to follow the advice in the last paragraph.
Download and run CWShredder
http://www.spywareinfo.com/~merijn/files/cwshredder.zip which is the best
way of getting rid of the many forms of the CoolWebSearch hijacker details
of
which can be found at
http://www.spywareinfo.com/~merijn/cwschronicles.html
and also
http://www.pestpatrol.com/pestinfo/c/cws.asp..
There is also another newer variant aboutblank parasite which is
particularly resistant to removal.
For details of this second variant and possible help see recent posts by
Mow Green in various threads at
http://forum.aumha.org/viewforum.php?f=30
such as that initiated by JENNY entitled "Blank page is BACK!
(
http://forum.aumha.org/viewtopic.php?t=6437). You will need to download
for later use the tool About:Buster from either
http://www.atribune.org/downloads/AboutBuster.zip
or
http://tools.zerosrealm.com/AboutBuster.zip
This would be a good time to download yourself a copy of the free Ad-Aware
6.0 from Lavasoft (
http://www.lavasoftusa.com/software/adaware/) and also
SpyBot Search & Destroy (
http://www.safer-networking.org/) and use them to
check your system for other commercial parasites remembering that they are
only as good as when you last updated their reference files. I also use a
program
called BHODemon (
http://www.definitivesolutions.com/bhodemon.htm that checks
for unwanted Browser Help Objects and SpywareBlaster
(
http://www.wilderssecurity.net/spywareblaster.html) which can help
prevent many parasites getting a grip on your PC.
Finally if you still continue to experience problems download a copy of
HijackThis from (
http://www.spywareinfo.com/~merijn/downloads.html).
Create a folder called HJT on C: (not on your desktop nor in your temp
folder) and copy the file you downloaded to that folder. Close as many
applications as you can including all instances of Internet Explorer. Enable
Explorer to see all
files and folders (Tools | Folder Options | View and check "Show hidden
files and folders" and uncheck "Hide protected operating system files") and
then
run hijackthis.exe and post back the log to either the HijackThis Forum at
http://forums.spywareinfo.com/ or alternatively
http://forum.aumha.org/viewforum.php?f=30 and hopefully this will enable
someone to identify the cause of your problem.
See also: Dealing with Unwanted Malware, Parasites, Toolbars and
Search Engines
http://mvps.org/winhelp2002/unwanted.htm and also Browser
Hijacking
http://www.spywareinfo.com/articles/hijacked/
and...............
HJT Tutorial
http://www.bleepingcomputer.com/forums/index.php?showtutorial=42
Security tips and other useful information at
http://mvps.org/winhelp2002/unwanted.htm
Hope this helps.
Jan
Smiles are meant to be shared,
that's why they're so contagious.
Please reply to the newsgroup so others may benefit.
Replies are posted only to the newsgroup for the benefit or other readers.
How to make a good newsgroup post:
http://www.dts-l.org/goodpost.htm