Author Topic: About:Blank!!!! (Read 638 times)

kevykev56 · « **on:** July 31, 2004, 12:38:07 AM »

This darn browser hijacker is killin me. I have tried CWshredder, AdAware, Hijack THis, About Buster, Spybot, and others. None of these will kill this Hijack. CWshreder will kill it for about 4-8 hours but it comes back.

Any suggestions on how to kill this annoying virus. Seems there should be some legal action to stop this kind of thing. Why arent these places we are hijacked to being prosecuted?

RHIN0

zmeg · « **Reply #1 on:** July 31, 2004, 01:22:22 AM »

Stay off the porn sights.

kevykev56 · « **Reply #2 on:** July 31, 2004, 01:25:32 AM »

Quote

Stay off the porn sights.

Impossible

But thats not the prob, Maybe where it came from to start with but not why it wont go away. I need some PC pennicilin

RHIN0

JB73 · « **Reply #3 on:** July 31, 2004, 01:53:29 AM »

or some ad-aware / spybot

and a firewall AND full virus software running checking everything you visit on t3h intardnet.

yeah it slows down pr0n movie DL's but it is worth it.... imaging PC hetting completely hosed form some lamer virus, and youcant DL pr0n for a week while it's getting fixed??!??!?!?!?!?

nightmare i tell you nightmare

Seraphim · « **Reply #4 on:** July 31, 2004, 02:06:12 AM »

And stop using MS Internet Explorer, the biggest target in the universe for viruses

I use Mozilla, not a single virus

Rasker · « **Reply #5 on:** July 31, 2004, 10:28:37 AM »

btw Microsoft released bunch of security fixes again this week, so visit windowsupdate y'all

Ghosth · « **Reply #6 on:** July 31, 2004, 08:47:18 PM »

Seraphim has a good point.

Useing Mozilla Firefox myself, and love the new email cliet "Thunderbird". Lets you "Train" your system to eliminate spam & junk mail, & let the good stuff come though.

United · « **Reply #7 on:** July 31, 2004, 10:47:22 PM »

Kev, if youre saying that every time you switch your home page to about:blank, and run a virus program and it comes up with a browser attack, tehres nothing to worry about.

I noticed that every tiem i do that, it comes up with a browser attack. Try setting your home page to default, then running another scan. More than not it will come up with no browser attack. nothing to worry about.

kevykev56 · « **Reply #8 on:** August 01, 2004, 02:16:16 AM »

Quote

if youre saying that every time you switch your home page to about:blank, and run a virus program and it comes up with a browser attack

Negative this isnt whats happening.

I set my browser "IE" to "my.yahoo" used it forever, as my homepage. I surf for an hour or two then blammo ABOUT:BLANK becomes my default homepage. I can temporaly get rid of it by running CWshredder or ADaware or many other programs. I have increased my security settings as was recomended by another site to keep from getting re-directed. This hasnt seemed to help. To me its almost like getting slammed by a phone company " only it doesnt cost me any money". I am just tired of having to change my hompage every couple of hours. It also changes without looking at porn sites. I can be checking out just about anything from guitars to guns to aces high and it will about:blank me! any one that has had and fixed this problem help would be appreciated.

Thanks,

RHIN0

JB66 · « **Reply #9 on:** August 01, 2004, 10:11:23 PM »

IF YOU DON"T KNOW WHAT YOU ARE DOING, PLEASE DO NOT ATTEMPT, YOU COULD HOSE YOUR SYSTEM. (disclaimer)

It sounds like you have coolweb,cwshredder isn't working becaue the company that make cwshredder gave up.
There are over 50 variations of coolweb. It installs in three parts, one on the startup, one in the registery, and a file you can't see unless you have your system set to show hidden files and system files.
One variation of coolweb is tied to the computerclock, and reinstalls when your computer hits a certain predefined time.
Run msconfig, and look at your startup tab, you will have to google every file under the command heading to see if it is Legitimate.
Also Cntl alt Del and open up task manager, you will also have to look under processes that are running to see if they are legit. An example is svchost.exe, which is a legitmate file, but scvhost.exe is not.
Write down the entire location of all rogue files.
This thing is a real pain in the a** to remove, because if you miss one file, the entire system will become reinfected.
After doing that and deleting and unchecking rogue files, a good program to use to assist is spybot s&d, you have to go to advance mode and under tools check the box that says browser pages, and change all redirects from
res:// etc... to a start page of your choise(sp), if not, when you restart IE, it will go to that res location and it will execute a java script and your toast again.
OK, after all of this, run adaware, and write down the location of where the files identified as coolweb are. Now don't let adaware delete them, go there yourself and manually delete them, if they don't delete, don't worry...yet.
Now, reboot, and go to safe mode. Run spybot, then adaware, go to the place to make sure the files really are gone, adaware usually will take care of the files in the registery, google the files adaware finds, there is a web site that will tell you which registery changes were made, but I can't remember the name right now.
One miss and you will have to do it all over again.
If you attempt this yourself, google coolweb removal, and read up ont it, I might be forgetting something.
The easy way is to get your important file, reformat, and reload. Then install your antivirus, update, adaware, spybot, and immunize your system with spybot s&d, then install spywareblaster by javacoolsoftware.(http://www.javacoolsoftware.com)
and get all operating system updates as soon as you can.
ALSO, check this first, there is something called vx2 that is pretty bad, install a plugin for adaware to remove this type of infection.
Like I said, this thing is a real pain, one miss and you have to do it all over again, read the hijackthis forums, they will help you spot rogue files.

Good luck!!

Oh yeah, don't use the msjava console, uninstall it and use the latest java console by SUN.

JB73 · « **Reply #10 on:** August 01, 2004, 10:34:50 PM »

thanks 66 .. i got a friend with this and tried for the life of me to get rid of it....

missed 1 file looks like. did all you said, but by logically thinkinh through it LOL.

JB66 · « **Reply #11 on:** August 01, 2004, 10:43:53 PM »

Hey 73!!
I had to do this for a radio station that was on the air, it took forever, because all of their commercials were done by their computer, so I had to time it so I could do the rebooting etc... during the satellite(sp) feed times.
Like I said, I might be forgetting something, so read up on it.

Reschke · « **Reply #12 on:** August 02, 2004, 12:36:09 AM »

Another rogue file is fsg_4104.exe I just found it lurking on my system in the taskmanager and couldn't find out what it was. My wife had been doing some work and had downloaded some stuff apparently because it is part of the GAIN Network spyware crap.

llama · « **Reply #13 on:** August 02, 2004, 02:56:59 PM »

Getting rid of About:Blank is a real pain in the ass. It is fair to say that I have earned more than a thousand dollars in June alone removing it from clients' systems.

You need to the LATEST version of the About:Blank removal tool from:

http://forums.spywareinfo.com/index.php?showtopic=18557

You need to follow its directions, including running it in SAFE MODE and eliminating things with HiJackTHIS.

THEN you can run Ad-Aware, CHShreddeder (the final version), and Spybot Search and Destroy.

Forums.spywareinfo.com is your best bet here.

Good luck.

-Llama

sb1086 · « **Reply #14 on:** August 02, 2004, 06:39:42 PM »

ADware 6.0 personal from lavasoft gets rid of the nasty browser hijackers, and other adware, and spyware. Just keep it updated. Its free
http://www.lavasoft.nu