Odd Ad-aware report - blank page

[Anthony Giorgianni]

Hello All

I'm just wondering if anyone else sees this. Running Win98se, I have my
Internet Explorer 6 set to no homepage "Blank page," so that my browser
doesn't try to go to a page if I open it while off line. The interesting
thing is that, lately, when I run Ad Aware, it identifies the "blank page"
entries in my registry as two possible home page hijack attempts and wants
to delete them. If I delete them, my browser's home page resets to default
www.msn.com.

Specifically, Ad Aware says:

Vendorossible Browser Hijack attempt
Categoryata Miner
Object Type:RegData
Size:-
Location:Software\Microsoft\Internet Explorer\Main "Start Page"
("about:blank")
Last Activity:05-13-2004
Risk LevelMedium
Commentossible browser hijack attempt
Descriptionossible attempt to control\redirect the browser. This object
refers to a "blacklisted" site.

This never happened before. I'm wondering if I somehow made "aboutblank" a
blacklisted page or did the publisher add this during a recent update? Any
ideas?

Thanks.


--
Regards,
Anthony Giorgianni

The return address for this post is fictitious. Please reply by posting back
to the newsgroup.

 

[Bloned]

"Anthony Giorgianni" <[email protected]>
wrote in

Hello All

I'm just wondering if anyone else sees this. Running Win98se, I have
my Internet Explorer 6 set to no homepage "Blank page," so that my
browser doesn't try to go to a page if I open it while off line. The
interesting thing is that, lately, when I run Ad Aware, it identifies
the "blank page" entries in my registry as two possible home page
hijack attempts and wants to delete them. If I delete them, my
browser's home page resets to default www.msn.com.

Same thing happening here, since my last ad-aware update it wants to change
my about:blank to msn.com, with spywareguard kicking in to prevent this,
it's quite annoying, solutions also welcome here.

grtz Bloned

 

[CalamityKen]

Anthony Giorgianni typed:

Hello All

I'm just wondering if anyone else sees this. Running Win98se, I have
my Internet Explorer 6 set to no homepage "Blank page," so that my
browser doesn't try to go to a page if I open it while off line. The
interesting thing is that, lately, when I run Ad Aware, it identifies
the "blank page" entries in my registry as two possible home page
hijack attempts and wants to delete them. If I delete them, my
browser's home page resets to default www.msn.com.

Specifically, Ad Aware says:

Vendorossible Browser Hijack attempt
Categoryata Miner
Object Type:RegData
Size:-
Location:Software\Microsoft\Internet Explorer\Main "Start Page"
("about:blank")
Last Activity:05-13-2004
Risk LevelMedium
Commentossible browser hijack attempt
Descriptionossible attempt to control\redirect the browser. This
object refers to a "blacklisted" site.

This never happened before. I'm wondering if I somehow made
"aboutblank" a blacklisted page or did the publisher add this during
a recent update? Any ideas?

Thanks.

The CWS hijackers have used this in their hijacks.

If you are absolutely sure that the about:blank has been set by you and not
CWS then put the about:blank in Ad-aware's ignore list.

 

[CalamityKen]

Bloned typed:

Same thing happening here, since my last ad-aware update it wants to
change my about:blank to msn.com, with spywareguard kicking in to
prevent this, it's quite annoying, solutions also welcome here.

grtz Bloned

Please read:
http://www.lavasoftsupport.com/index.php?showtopic=27245&hl=aboutblank

 

[Bloned]

Please read:
http://www.lavasoftsupport.com/index.php?showtopic=27245&hl=aboutblank

Thanks for the link, problem solved

 

[Mike]

Hello All

I'm just wondering if anyone else sees this. Running Win98se, I have my
Internet Explorer 6 set to no homepage "Blank page," so that my browser
doesn't try to go to a page if I open it while off line. The interesting
thing is that, lately, when I run Ad Aware, it identifies the "blank page"
entries in my registry as two possible home page hijack attempts and wants
to delete them. If I delete them, my browser's home page resets to default
www.msn.com.

I had a very similar problem recently. IE was being opened in the
background, trying to visit a specific porn site everytime I connected to
the Internet. The only reason I knew about it was that WeBlocker (another
freebie) was shouting "Blocked!" every few minutes. SpyBot S&D, HijackThis
and AVG 6 all failed to spot anything; meantime AdAware was giving me a
similar message to yours. Major frustration!

Then, in one of the HijackThis reports (I think) I noticed that it was
pointing to C:\Windows\rundll32.exe. Initially I ignored it, as I thought
I'd had in my Startup folder for quite a while. Later I checked it out, and
the file was dated 2/5/2004 -- the day on which my problems started. I
removed it from Startup, and the secret connection attempts stopped.

Then just yesterday the latest reflist from AVG picked up a Trojan called
Startpage.4.AR in rundll32.exe. It's now been quarantined, and my computer
(OS: XP Home) is no worse off for it.

So you might like to check out that rundll32.exe file...

Mike

 

[Anthony Giorgianni]

Thanks Calamity.

I didn't see that ignore list stuff. realize that ignore stuff was there.
Looks like it's not a hijack attempt, just my settings.


--
Regards,
Anthony Giorgianni

The return address for this post is fictitious. Please reply by posting back
to the newsgroup.

 

[Anthony Giorgianni]

Thanks Mike

I scanned everything with the latest AVG, including rundll.exe specifically.
Everything looks clean. I just added the two entries to the ad-aware ignore
list


--
Regards,
Anthony Giorgianni

The return address for this post is fictitious. Please reply by posting back
to the newsgroup.

 

[Trick]

"Anthony Giorgianni" <[email protected]>
wrote in message

Hello All

I'm just wondering if anyone else sees this. Running Win98se, I have my
Internet Explorer 6 set to no homepage "Blank page," so that my browser
doesn't try to go to a page if I open it while off line. The interesting
thing is that, lately, when I run Ad Aware, it identifies the "blank page"
entries in my registry as two possible home page hijack attempts and wants
to delete them. If I delete them, my browser's home page resets to default
www.msn.com.

Specifically, Ad Aware says:

Vendorossible Browser Hijack attempt
Categoryata Miner
Object Type:RegData
Size:-
Location:Software\Microsoft\Internet Explorer\Main "Start Page"
("about:blank")
Last Activity:05-13-2004
Risk LevelMedium
Commentossible browser hijack attempt
Descriptionossible attempt to control\redirect the browser. This object
refers to a "blacklisted" site.

This never happened before. I'm wondering if I somehow made "aboutblank" a
blacklisted page or did the publisher add this during a recent update? Any
ideas?

Thanks.


--
Regards,
Anthony Giorgianni

The return address for this post is fictitious. Please reply by posting back
to the newsgroup.

Hi, use this instead: C:\Program Files\Internet
Explorer\iexplore.exe" -nohome

Cheers,
Rick Tuinstra

 

[jona]

Anthony Giorgianni typed:

The CWS hijackers have used this in their hijacks.
If you are absolutely sure that the about:blank has been set by you and not
CWS then put the about:blank in Ad-aware's ignore list.

I don't think this is very good advice. That way, it will never be known if and when
the about:blank "decoy" has been installed as spyware in future scans. I would rather
point the browser to any picture on the system and set it as the home page. That way
any changes will be noticeably reported.

 

[Anthony Giorgianni]

Good Suggestion, Jona, thx. I forgot about doing that. Also, I had planned
some time back to create my own local web page with all the links internet
and otherwise, with photo, calendar and other stuff. Might use Blink to
create that now and point to it.

 

[Bloned]

Great solution for the problem, removed the items from the ignorelist in
ad-aware, and "looking" at a little white gif as my homepage,
thanks for the info.

grtz Bloned

 

[Maureen Goldman]

Great solution for the problem, removed the items from the ignorelist in
ad-aware, and "looking" at a little white gif as my homepage,
thanks for the info.

I tried putting in a .jpg picture as my homepage, and it, too, brought
up the malware warning. So I'm back to using about:blank and keeping
it on the ignore list.

 

[Bloned]

I tried putting in a .jpg picture as my homepage, and it, too, brought
up the malware warning. So I'm back to using about:blank and keeping
it on the ignore list.

Strange, just doublechecked on my system (win98SE), a .gif as my homepage,
nothing in the ignore list and ad-aware doesn't find anything. Could it have
to do anything with the file-extension (me using a.gif, you using a .jpg) ?
Or are you actually affected with something ?

grtzBloned

 

[Anthony Giorgianni]

I've used jpeg homepage with no warnings from Ad-Aware.


--
Regards,
Anthony Giorgianni

The return address for this post is fictitious. Please reply by posting back
to the newsgroup.

 

[Russ]

I tried putting in a .jpg picture as my homepage, and it, too, brought
up the malware warning. So I'm back to using about:blank and keeping
it on the ignore list.

It's Ad-aware's last reflist update causing this. I know that for two
reasons:

1. I'd run Ad-aware and got a clean report, then about ten minutes
later had received their email notice about an update. Whathell, I
downloaded it and ran Ad-aware again and up pops this warning of an
about:blank problem regarding my MSIE.

2. It's been over a year since the last time I used MSIE...

I put this problem on the Ignore List.

 

[Mister Charlie]

It's Ad-aware's last reflist update causing this. I know that for two
reasons:

1. I'd run Ad-aware and got a clean report, then about ten minutes
later had received their email notice about an update. Whathell, I
downloaded it and ran Ad-aware again and up pops this warning of an
about:blank problem regarding my MSIE.

2. It's been over a year since the last time I used MSIE...

I put this problem on the Ignore List.

I too developed the problem, and I too believe it's from a recent
update. I had changed nothing in my system yet suddenly this error came
up. I noticed that in Internet Settings when Adaware reported a
possible home page hijack the listing was correct, BUT when I told
Adaware to delete the 'error' it immediately CHANGED in my home page box
to the 'possilbe infected file' address! Bizarre behaviour indeed,
entirely opposite of what one would expect.

After not finding any other recourse, I ignore-listed it. This just
cropped up out of nowhere so it's clearly a flaw in Adaware.

 

[Bloned]

I too developed the problem, and I too believe it's from a recent
update.

Strange again, because my ad-aware is up-to-date (ref file 01R304 16.05.2004
loaded) and like I said, it works for me, a .gif as my homepage and nothing
in the ignorelist results in a clean scan, so maybe it's OS depended ?
(win98SE here)

 

[Mister Charlie]

Strange again, because my ad-aware is up-to-date (ref file 01R304 16.05.2004
loaded) and like I said, it works for me, a .gif as my homepage and nothing
in the ignorelist results in a clean scan, so maybe it's OS depended ?
(win98SE here)

I had a blank page for my home, for well over a year with no adverse
affects. I've also used Adaware at least that long (on XP). I really
don't think it's OS related as it seemed to just suddenly start
happening. It's no biggie, really, and I'm sure if I routed the home
page to a .gif it would work just fine. I think it's simply in a recent
Adaware update.

 

[Bloned]

I had a blank page for my home, for well over a year with no adverse
affects. I've also used Adaware at least that long (on XP). I really
don't think it's OS related as it seemed to just suddenly start
happening. It's no biggie, really, and I'm sure if I routed the home
page to a .gif it would work just fine. I think it's simply in a
recent Adaware update.

Quoting Jona in an earlier post:
"I don't think this is very good advice. That way, it will never be known if
and when
the about:blank "decoy" has been installed as spyware in future scans. I
would rather
point the browser to any picture on the system and set it as the home page.
That way
any changes will be noticeably reported."

But you could set your homepage to "about: " , this also is a blank page and
ad-aware has no problems with it.