System32/Blank.htm ????

[AndyManchesta]

I installed MS Antispy last week and since installing it
again it keeps showing i have a possible browser hijack
(Browser Modifier) in Internet Exploer Local Page :

C:\Windows\system32\blank.htm

this is set as the local page in the registry in 2 area's
but the file is not in the system32 folder even with
hidden files & system files enabled.

Heres a pic of the first entry in the registry :

http://andymanchesta.com/ScreenCapture/Blank1.jpg


Here's the second:

http://andymanchesta.com/ScreenCapture/Blank.htm2.jpg


Ive been testing fixes on Aurora/Smitfraud/CNSmin & Ibis
recently so its possible the pc's still infected in some
way i wanted to get other peoples view on this though,

Ive had the MS Antispy disabled since as it always finds
the same fault and will not remove it even though it says
it has.I cannot find any reference to Blank.htm on my pc
and all my other scanners show clear
(Aboutbuster/SpySweeper/HijackThis/Ad-aware/Spybot/Norton
show no traces of any malware)


Just thought id post it and see if im missing something
really simple .If i go to Internet Options i can set the
homepage to About:Blank by pressing the "Use Blank"
Button ,Is this the Blank.htm the MS Scanner is detecting
and if it is the path its giving to the file doesn't
exist

ive tried deleting & modifying the blank.htm lines in the
registry but they always come back ,is this just a MS
default line that cannot be modified or should i be
taking it seriously ??


Thanks


Andy

 

[Steve Wechsler [MVP]]

'Tis a mystery, eh ? Just checked the reg keys on my XP Pro system and
blank.htm exists there, but can not see the file in system32, either.
Try using Advanced Tools, Browsers Hijack Settings Restore, and then
clicking the Change restore settings to a new URL link to set the home
page to about:blank.
I believe that after doing the above I had to Allow the setting change.
Checking Real Time Protection, Application Agent Checkpoints, Internet
Explorer URL's shows that about:blank is an Allowed IE URL now.

Steve Wechsler (akaMowGreen)
MS-MVP 2004-2005
==============
*-343-* FDNY
Never Forgotten
===============

 

[AndyManchesta]

Thanks Steve

I appreciate you checking your registry and its nice to
know the line should exist.The problem is with the Local
Page and ive followed through the steps you mentions but
although it says it restored it to a new URL and it
allowed the setting change when it scans again it picks
up the same problem.Its showing the problem as a registry
entry and not a file but if i try to change or delete the
local page setting using regedit it reappears.

Now you said its on your pc as well ive chosen to 'Always
Ignore' the detection so its not showing up in the scans
anymore .Looking at the browser restore page its changed
back to system32/blank.htm even though earlier it has
showed it had allowed the change i made to it.

Thanks for the advise Steve its not a problem for me now
i know its genuine.

Regards

Andy