about:blank hijack

[Dennis McCarthy]

IE has been hijacked on my computer. It always shows
"about:blank" in the address bar when I open it, even after
changing the home page back. Microsoft Anti-Spyware pops
up a message saying that it is blocking this change, but it
really isn't.

Has anyone figured out how to remove this?

Thanks,
Dennis

 

[Andre Da Costa]

From Engel:
Hello Michelle

http://support.microsoft.com/default.aspx?scid=kb;en-
us;894269
http://securityresponse.symantec.com/avcenter/venc/data/pws
teal.bankash.d.html
http://noeld.com/programs.asp?cat=misc
http://www.downloads.subratam.org/KillBox.zip
http://www.pchell.com/support/aboutblank.shtml

 

[Engel]

http://support.microsoft.com/default.aspx?scid=kb;en-
us;894269
http://securityresponse.symantec.com/avcenter/venc/data/pws
teal.bankash.d.html
http://www.pchell.com/support/aboutblank.shtml

Subject: Re: New Spyware DLL found?
From: "Steve Wechsler [MVP]" <[email protected]>

about:blank is difficult to remove because different means
are used to hide the infecting file.

1 - Check the Services to see if a phantom Service has
been implemented Stop, then disable the Service from
running on Startup. Then attempt to rename the .dll file
in Normal mode, reboot to Safe Mode and delete it.

2 - Check the registry with Registrar Lite to see if
AppInit_DLLs has a hidden file. Here's a webpage that
describes how to use this method :
http://www.silentrunners.org/sr_cwsremoval.html

3 - See if you can view the hidden .dll files. A hidden
file may have been injected into one of these 2 processes -
Explorer.exe or IExplore.exe :

Download ProcessViewer : http://tools.zerosrealm.com/pv.zip
Extract it to the Desktop. Open the pv folder and double-
click "runme.bat".
A DOS box will open. Select Type 2 for Internet Explorer
Dll's and press Enter.

OR, Type 1 for Explorer Dll's.

Notepad will open with text in it. You'll need to know
exactly which file(s) needs to be deleted. Removing
required ones can render the system unstable.

Removing the file(s) requires using Hijack This or KillBox
to do so on a reboot. Best to let an expert at a spyware
forum assist you with this.

Get HijackThis.exe from
http://tomcoyote.org/hjt/hjt199//HijackThis.exe

Save it to C:\hjt (new folder) then Open it and select
Scan and Save Log. Note where you saved the log then send
it to Ron Kinner as an attachment. He can probably
identify the problem and tell you how to get rid of it for
good.

Ron email address. (e-mail address removed)
He will tell you what to do next. Put Hijack in the
subject so he will know it's not spam.

For information
HijackThis tutorial:
http://www.bleepingcomputer.com/forums/index.php?
showtutorial=42

http://www.bleepingcomputer.com/files/killbox.php

Here's a few of the reputable spyware forums where you'll
be able to find assistance. Please read the guidelines of
the one you choose prior to posting there :

http://www.bleepingcomputer.com/forums/forum22.html
http://forums.net-integration.net/index.php?showforum=32
http://forum.aumha.org/viewforum.php?f=30
http://spywarewarrior.com/viewforum.php?
f=2&sid=3ce3e4c9a40b25268d1bac3189d22184
http://computercops.biz/forum67.html