About:Blank!!!!

[JB66]

SOmething else I just remembered...Most trojan horse laurnchers load in the following directory.

Enable hidden files and show system files.

My computer...C drive...Documents and Settings...Now go into each user one at a time and open local settings(it is a hidden file)
then temp.  Now select all and delete.
 And do this for each user, you'll be surprized what garbage is here.
If there are alot of users, a batch file would be easy to write for this task.

[sb1086]

Originally posted by JB66
SOmething else I just remembered...Most trojan horse laurnchers load in the following directory.

Enable hidden files and show system files.

My computer...C drive...Documents and Settings...Now go into each user one at a time and open local settings(it is a hidden file)
then temp.  Now select all and delete.
 And do this for each user, you'll be surprized what garbage is here.
If there are alot of users, a batch file would be easy to write for this task.

Easier way,   C: Documents and Settings : (each user) :jpg cache
Open both FILE and JAR folders, in thease folders you will find a file named 1.0. Empty thease folders. also in documents and settings, emptythe cookie folder. then run disk cleanup.
Not only does this clear the hijackers, it also delets any viruses that the AV denies access to.
After doing this run adware6.0
Problem solved.
Oh....one more thing.....stay off porn sites, unless you want more of the same stuff all over the Hdd

[sb1086]

Disk cleanup clears the hidden temp folder without enableing the hidden files

[Overlag]

Originally posted by kevykev56
This darn browser hijacker is killin me. I have tried CWshredder, AdAware, Hijack THis, About Buster, Spybot, and others. None of these will kill this Hijack. CWshreder will kill it for about 4-8 hours but it comes back.

Any suggestions on how to kill this annoying virus. Seems there should be some legal action to stop this kind of thing. Why arent these places we are hijacked to being prosecuted?


RHIN0

reinstall.........

i got this a month or so ago, it installs ALOT OF S**T that opens your pc up to the world so they can all shaft you up the backside...........

[sb1086]

Originally posted by llama
Getting rid of About:Blank is a real pain in the ass. It is fair to say that I have earned more than a thousand dollars in June alone removing it from clients' systems.

You need to the LATEST version of the About:Blank removal tool from:

http://forums.spywareinfo.com/index.php?showtopic=18557

You need to follow its directions, including running it in SAFE MODE and eliminating things with HiJackTHIS.

THEN you can run Ad-Aware, CHShreddeder (the final version), and Spybot Search and Destroy.

Forums.spywareinfo.com is your best bet here.

Good luck.

-Llama

Isn't that the one that norton denies access and will find on the virus scan, but wont delete?

[llama]

That's the one.

Adaware DOES NOT remove this either. Anyone who says so hasn't actually tried it.

-Llama

[Overlag]

Originally posted by llama
That's the one.

Adaware DOES NOT remove this either. Anyone who says so hasn't actually tried it.

-Llama

yup, nothing i could find could remove what i had..... it wasnt "about:blank" but it was a virus that used the same methods of this one....

it was called something "backdoor.deft.13.c"

[JB66]

Had a client bring in a win 98 machine today...It had the about:blank coolweb varient on it.  I must say that the tips given combined with what I already knew really helped out.  It took about an hour and a half to get it cleared(I hope I found all of the "invisible" files).  One of the issues was it was also slammed with viruses and trojan horse's and trojan laurnchers.
One thing that I have to fix Monday is the administrator rights are screwed up.  I think that is from a viruse that I removed, so I created another user with admin rights, but after restarting, admin rights were hosed on the new user also.  I re-ran Panda active scanner, and the client has Macaffee(which I hate because it dosen't work and is a resource hog), and no new viruses were detected.  I then booted in safemode and did the same thing, and ran adaware, spybot s&d and cwshredder with nothing new being detected.
Well...the long and short of it, any ideas how to restore admin rights?
Thanks.