Jump to content


Photo

Has ANYONE ever gotten rid of about:blank?


  • Please log in to reply
92 replies to this topic

#51 HelplessApril

HelplessApril

    Member

  • New Member
  • Pip
  • 2 posts

Posted 01 July 2004 - 06:58 PM

:unsure:

This all looks like jibberish too me...

What about some step-by-step instructions for XP users on how to get rid of about:blank in more simpler terms?

Please :weep:

#52 Surferess

Surferess

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 01 July 2004 - 07:47 PM

Here, just run this fix tool:
Trend micros removal tool it just came out today:

https://beta.activeu...gentv1.0007.zip

It seems to have gotten rid of most of my problems.
:bounce:

#53 arocky_23

arocky_23

    Member

  • New Member
  • Pip
  • 4 posts

Posted 01 July 2004 - 07:57 PM

hey gang, well so far today i have tried several other things myself. i redid hijack this to no avail. and i also did a fix tool to a different trojan from trend micro. tm has found four trojans on my computer that i did delete but it seemed that did very little. im willing to try new things but my confidence on getting this fixed is running thin. i did look at sufferess' page but i was too intimidated to even try and mess with what they had on it. i did have those pop ups that you had on that page though. any other suggestions would be greatly appreciated. all i can do is trial and error before i may have to reformat.

rocky.

#54 bch7773

bch7773

    Member

  • Full Member
  • Pip
  • 13 posts

Posted 01 July 2004 - 07:59 PM

BobO.... i love you mannnnnn. (in a purely friendly way) I followed your instructions, plus some of the hints from others on this board, and it appears that my computer is freeeeeeeee of this stupid mofo spybot/virus.

but just to clarify some of the things that confused me before i did this, and to also make the instructions even easier for the non-computer savvy....

(this is for Windows ME btw)

you need to make a recovery disk first of all... this is what lets you get into true DOS... to make one, go to the control panal, then get into "add/remove programs"... then click on the tab marked "startup disk". follow the instructions.

and when you get to the part in bobOs instructions about getting into DOS to rename the dll file, just shut down your computer, put in the startup disk you made, and restart... this will give you a set of options... choose number 3, and it will put you into DOS mode.

once you rename the dll file, pop out the floppy, and restart, but start hitting F8 repeatedly as soon as it starts to restart... this will allow you to get into safe mode for the next steps in bobOs instructions.

#55 kaitan

kaitan

    Member

  • Full Member
  • Pip
  • 4 posts

Posted 01 July 2004 - 08:23 PM

Alright. IT worked.

Fixagent will fix this problem on windows xp.



Thank you very much.

#56 arocky_23

arocky_23

    Member

  • New Member
  • Pip
  • 4 posts

Posted 01 July 2004 - 09:40 PM

Hey guys, well after about four days of defeat my lil bro came on and did somethings with it. what he did was windows critical updates. (not sure if any did have the hijack patches) and updated ad aware. as far as i know this fixed it. so looks like ad aware is making the changes. good luck guys.

#57 mosander

mosander

    Member

  • New Member
  • Pip
  • 1 posts

Posted 01 July 2004 - 11:28 PM

BobO, you rule,

I was tearing my hair out for about 3 days, your fix has saved what I have left, thanks a ton (at least).

#58 rosikins

rosikins

    Member

  • New Member
  • Pip
  • 2 posts

Posted 02 July 2004 - 02:14 AM

It seems Kooderi and me are the only ones struggling with this [expletive] hijacker on a win2000 system.

I had a seriously intensive session last night, trying out all the fixes recommended here by BobO, Goingnuts, Mrfullsrvc etc. Each time I thought I had the thing sussed, and Ad-aware, Hijackthis, CWshredder etc. would give me a clean sweep, the thing seemed to creep back when I wasn't watching. The last straw was when I had been working offline running only Word for a couple of hours and then ran up IE to do some research....bingo there was about:blank! Ran Ad-aware and up came all those suspicious registry entries again so I knew the so and so was hiding somewhere.

In sheer anger and frustration I burnt the midnight oil searching ALL my WINNT folders for suspicious looking files and disabling them (changing the file extensions as suggested by BobO).

A couple of things of note came up in this process: some odd looking files in my downloaded files folder - they had no creation date and the system couldn't identify any properties; and some VERY large .tmp files in my temp folder masquerading as excel files called Old1.tmp and Old2.tmp. However when I opened one of them (a stupid thing to do I know) it appeared to be some kind of macro.

Anyway these have now been deleted from the hard-drives and once again all the virus scanners, including the one at CA, have given me a clean bill of health.

I am sceptical that I have cured the problem but I continue to keep an eye on this thread.

#59 gradders

gradders

    gradders

  • New Member
  • Pip
  • 3 posts

Posted 02 July 2004 - 04:00 AM

I had about:blank with the SP.html file.

This program got rid of it, so far (2 weeks), for good.

http://www.rokop-sec...cle.php?sid=746

file is sphjfix.exe
You can put the file name in Google it will find it.

Gradders

#60 ILIKETOBITE

ILIKETOBITE

    Member

  • New Member
  • Pip
  • 3 posts

Posted 02 July 2004 - 05:24 AM

I'm still waiting to see if anyone got rid of this crap that has windows XP. I've just about givin up on this thing :thumbsdown: :wtf:

#61 fugesi

fugesi

    Member

  • Full Member
  • Pip
  • 41 posts

Posted 02 July 2004 - 07:49 AM

I had about:blank and after instructions from Phantom seemed to have got rid of it. At least it didn't change my homepage anymore or cause popups. However I have noticed that whenever IE can't find a page, I'm redirected to a site (a Chinese portal) instead of getting "page not found" . My computer also seems to be very slow and what's called physical memory is always between 96% and 100% according to my performance manager- unfortunately I don't even know enough to know if this is normal.

I tried Bobo's solution (and the version by bch7773 - I have windows Me) but have got stuck.
When I get to Windows System in DOS and type dir*.dll|more I get a bad command message. I tried dir*.dll and DOS displayed all the .dll files (there were about 800) but so quickly I couldn't see them let alone re-name them. As you can see I don't know much about navigating in DOS! When I tried dir*.dll again I just got "bad command" again. This was from MS-DOS prompt AND from start up-disk, same result

bch7773, your simple explanations are a great help but could you, expand them re operating in DOS for the really simpleminded - like me? Any idea why I can't get to see the .dll files?

Thanks for any help!

#62 The Fist

The Fist

    Member

  • Full Member
  • Pip
  • 50 posts

Posted 02 July 2004 - 08:16 AM

fugesi:

The correct syntax for the MSDos Command is "dir *.dll |more" (omit the quotes) with the | being the [shift]\ key located abouve enter. Also note the space between dir and * and between dll and |. You should be able to hit the spacebar to scroll through the list. I posted a step-by-step of the fix I used based on BobO's and ideaphroian's suggestions for ME URL=http://www.spywareinfoforum.com/index.php?showtopic=11843&view=findpost&p=44660]Here[/URL].

Good Luck

#63 invis_tres

invis_tres

    Member

  • Full Member
  • Pip
  • 31 posts

Posted 02 July 2004 - 10:21 AM

fugesi

well if you want to save that directory entries to a txt file and peruse it when ever you want

you can type like this

dir *.dll >c:\*********\****\***\***.txt

or instead of more
you can do this
dir/p *.dll
windows will show it page by page

#64 dozaimon

dozaimon

    Member

  • New Member
  • Pip
  • 1 posts

Posted 02 July 2004 - 10:28 AM

Lennme posted a solution different from BobO on the page 1 of this thread.
here it is:

This worked for me:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs

I tried the goingnuts solution on windows 2000 I deleted the AppInnit_dlls registry key and it didnt re-appear, but when I re-booted, it was the same problem: my home page in the browser has been hijacked to 'your-searcher'. Any suggestions welcomed!

#65 xpy1999

xpy1999

    Member

  • Full Member
  • Pip
  • 12 posts

Posted 02 July 2004 - 10:40 AM

I had about:blank with the SP.html file.

This program got rid of it, so far (2 weeks), for good.

http://www.rokop-sec...cle.php?sid=746

file is sphjfix.exe
You can put the file name in Google it will find it.

Gradders

did anyone try this out? I have XP with IE6.0

#66 BobO

BobO

    Member

  • Full Member
  • Pip
  • 54 posts

Posted 02 July 2004 - 11:20 AM

I had about:blank with the SP.html file.

This program got rid of it, so far (2 weeks), for good.

http://www.rokop-sec...cle.php?sid=746

file is sphjfix.exe
You can put the file name in Google it will find it.

Gradders

did anyone try this out? I have XP with IE6.0

This looks interesting -- I went to the link above and found the page in German. That not being a language I am familiar with, I copied and pasted it into the Google translator. The results are below (yipes! pardon, German friends).

The sense of it is that they recognize that a hidden CWS dll file gets embedded into the system, and claim that their tool removes it. They also recommend running Adaware etc after the fix.

Those who have XP/2000 might want to give it a spin?

BobO

[translation]

For some weeks a Browser Hijacker, which is to be removed only very with difficulty, employs us (and not only us) and by it again and again the starting side of the InterNet replaces Explorers with a search side. All past programs could remove this Hijacker apparently, it came back however however after some hours. On the search for a solution of the problem however some things were unclear: Where and how does one infect oneself? Which safety gap uses this Hijacker?

Facts were only DLL, which was once on the computer active, completely invisible, as well as the reports of infected Usern from various forums. This Hijacker is a CoolWWWSearch variant the sp.html Hijacker or also Trojan.Win32.Startpage.gv and/or L.G. is called.

In the available case spaetens at 22:40 o'clock by day the infection (which we to have placed behind) the starting side of the IE with the search side was exchanged searchx.cc. If one removed the starting entries manually or with the help of the CWShredders, first everything seemed clear, few hours later was however again everything with the old person. One recognizes the Hijacker to the easiest with the Tool HiJackThis by the following red marked entries: In all well-known cases the lines end to us with... \sp.html (obfuscated) and a pertinent BHO entry.

The finished Entfernungstool is to be owed to some untiring people, which became active for lack of professional assistance. Came out a Cleaner, which resets both the causal file, and the obvious file and sets the starting side on about:blank.

The Cleaner is so far only functional under Windows2000/XP and must be implemented with administrator rights. After that unpack the Zipdatei the SpHjfix.exe is started and the Button "disinfection to start" pressed. Afterwards the system starts again and the Cleaner again automatically called around the cleaning to lock. Subsequently, the computer is released from the Hijacker. We recommend to use however nevertheless again the CWShredder, still another abandoned Registryeintrag far away.

I would like to express again special thanks here to the following persons, who were involved with the solution of the problem: - Seeker (programmer) - Raman - DerBilk - Paff and here geht`s now to the Download of the Cleaners. Rokop, 14.05.2004

#67 elgiacomo

elgiacomo

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 02 July 2004 - 11:36 AM

Well I'm somewhat relieved to find that I'm not the only one with this problem. Been dealing with it for about a week, and mine is definitely tied to CoolWebSearch. Originally used a combo of Ad-Aware and Hijack-This to remove the sp.html and the random titled .dll file, but alas the about:blank homepage would resurface anywhere from an hour to a day later. Then tried using the CWS Shredder and it would also temporarily work but it's still coming back. I knew there had to be a hidden file of some sort that is resetting this thing!!!

I'm going to try goingnuts instructions to fix this and see how that does....if it comes back again I'll try that new German program. BTW I'm using WinXP Pro and have done all the critical updates as of yesterday.

Good luck to everyone dealing with this and hopefully someone can come up with a sure-fire solution sooner than later.

#68 elgiacomo

elgiacomo

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 02 July 2004 - 11:57 AM

Alright, I've removed the AppInit_DLLs key .... everything is fine ATM. Will update later today or tomorrow as to whether it was successful or not.

#69 ahspao

ahspao

    Member

  • New Member
  • Pip
  • 4 posts

Posted 02 July 2004 - 11:58 AM

Here is the fix for Win2k/XP users...you must download "FindNFix" from http://freeatlast100....com/index.html then proceed to step 2

Step 2:
IMPORTANT! Before you run this tool please close ALL running programs and ALL open windows except for the FindnFix folder.

Please wait while the program collects the necessary information.

*NOTE:If your AntiVirus is running a scriptblocker, when you run this tool, you will probably receive an alert warning you that the script is running. "Allow" the script to run.

When the program is finished:

Open the FindnFix folder.
1. Look in the file Log.txt and search at the upper portion of the log where it reads "Locked or Suspect File(s) found"
2. Remember the name of that file

Step 3:
Open the FindnFix folder.
Open the keys1 folder.

If you receive an error while trying to edit, see below for instructions.
RightClick on the MOVEit.bat file, select--> edit.
Copy and paste this line into the batch file, replacing the line there.

move %WinDir%\System32\*.dll %SystemDrive%\junkxxx\*.dll
(*= name of the dll you were supposed to remember)

{ignore this paragraph...I need it here to avoid the formatting problem this Board software causes when writing these directions}
That line above is: move(space)%WinDir%\System32\*.dll(space)%SystemDrive%\junkxxx\*.dll

Save the file and close.
Get ready to restart!
Still in the keys1 folder, double click on FIX.bat.
You will get an alert of ~20 secs before reboot.
Allow it to reboot!

On restart, Open the FindnFix folder.
DoubleClick on RESTORE.bat.
When it is finished, open the FindnFix folder.
Post the contents of Log1.txt in this thread.

=== In the Event and Error Occurs Trying to Edit ===
Occasionally when trying to edit the MOVEit.bat file the following error occurs: "Windows cannot find "C:FINDnFIX\keys1\MOVEit.bat. Make sure you typed the name correctly then try again."

If that happens, follow these steps instead:
Open Notepad or Wordpad and open the MOVEit.bat from there (Click on *file* at the top and then *open* and navigate to the MOVEit.bat file) Once open you can then edit the line as instructed above.

#70 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,317 posts

Posted 02 July 2004 - 11:59 AM

Our helpers advise fixing any random named items in the HijackThis O2s and O4s, then running About:Buster. http://www.ducky.atribune.org/

This generally works.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#71 wizzahd

wizzahd

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 02 July 2004 - 12:24 PM

Post the contents of Log1.txt in this thread.

here's my FINDnFIX log. it's a bit large so I thought I'd not clutter the topic. thanks in advance! ^_^

http://www.spywarein...ST&f=18&t=12524

#72 ahspao

ahspao

    Member

  • New Member
  • Pip
  • 4 posts

Posted 02 July 2004 - 12:33 PM

Very Welcome, looks like you got your culprit, the satisfaction of relief ;)

#73 wizzahd

wizzahd

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 02 July 2004 - 01:54 PM

yeah, was it just meant to locate the dll? or was it supposed to break it in half and kill it? because that's the part I'm having trouble with lol ^_^

by the way, Microsoft just posted a windows update for the ADODB.stream security hole. the one that everyone (well me, at least) got this damnable spyware from. everyone might want to check out windows update for that. :techsupport:

Edited by wizzahd, 02 July 2004 - 01:57 PM.


#74 ahspao

ahspao

    Member

  • New Member
  • Pip
  • 4 posts

Posted 02 July 2004 - 04:21 PM

The first part locates the dll, the second part gets it the hell out of where it is, and drops it in the junk folder.

#75 Pablos

Pablos

    Member

  • New Member
  • Pip
  • 3 posts

Posted 02 July 2004 - 04:36 PM

Here is my log from FINDnFIX.dll that new tool, from www.freeatlast....

I don't know which is the line, that I must copy in Moveit.bat.

Someone please help me.


This is my log. http://www.spywarein...showtopic=12573

Thank you very much.

#76 ahspao

ahspao

    Member

  • New Member
  • Pip
  • 4 posts

Posted 02 July 2004 - 05:21 PM

Sniffed -> D:\WINDOWS\SYSTEM32\ALIBY.DLL
Sniffed -> D:\WINDOWS\SYSTEM32\FYRLX.DLL
Sniffed -> D:\WINDOWS\SYSTEM32\JDCKC.DLL
Sniffed -> D:\WINDOWS\SYSTEM32\TUEGU.DLL

Are your BAD files you need one line for each file name ...something along the lines of :

move %WinDir%\System32\TUEGU.dll %SystemDrive%\junkxxx\TUEGU.dll

...and so on, for each dll

#77 wizzahd

wizzahd

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 02 July 2004 - 07:19 PM

holy crap I just fixed it, I beleive. I'm running windows 2000, so hopefully this will be helpful to everyone else on w2k.

here's a step by step-
1. UPDATE IE NOW. the ADODB security hole fix is up, go get it as soon as possible to prevent further infection!
2. figure out the name of your infected DLL (and whatever other files there are). you can do this using a number of utilites, I used FileMon, but HijackThis and FINDnFIX can locate it just as well.
3. download/update AdAware as per this link.
4. reboot into safe mode.
5. locate and isolate the infected file(s)
6. empty (don't delete the folder, just the contents) out your temp folders (C:\WINNT\Temp\ and C:\Documents and Settings\(user)\Local Settings\Temporary Internet Files\), just in case. empty your recycle bin afterwards.
7. run AdAware with the settings that the above page recommends. let it scan through and delete any quarantined items.
8. set your home page back to something else, also open your search bar.
9. open and close IE a few times (not sure if that step has any significance, but this is exactly what I did)
10. reboot normally
11. open IE and repeatedly press ESC as it loads whatever page it loads.
12. double check your home page setting.
13. open your search bar and click the Cusomize button, setting it to whatever you like best. close IE.
14. open and close IE a few times just to double check that it's still gone.

hopefully you're clean. I've been fine since I finished that.

I started thinking about it, how did the adware reinstall itself over and over again? I noticed that AdAware replaced the search page in IE-- could that have possibly been the problem? maybe since the DLL replaces the default search page, the new adware 'search' reinstalls itself using the ADODB security hole? any thoughts?

good luck to everyone with this damnable software!

edit:
by the way, in case anyone is interested, I've saved the little humping bug ad (or the humping bugs, at least) for humor's sake. check them out.

Edited by wizzahd, 02 July 2004 - 07:21 PM.


#78 JustPassingBy

JustPassingBy

    Member

  • New Member
  • Pip
  • 2 posts

Posted 02 July 2004 - 07:37 PM

I have just posted a solution to the *recurring* problem. These viruses keep reinstalling themselves because there is also another *hidden* dll which is running all the time!

You must find and delete this hidden dll, and it is not that easy - until you know how! :-)

http://www.spywarein...showtopic=12600

#79 RubbeR DuckY

RubbeR DuckY

    Marcin

  • Developer
  • PipPipPipPipPip
  • 878 posts

Posted 02 July 2004 - 08:38 PM

If anyone is still having a problem. Fix has been developed for the res:// variant.

http://www.spywarein...showtopic=12609
Marcin Kleczynski
Chief Executive Officer
Malwarebytes Corporation

Follow me on Twitter or check out my Blog!

#80 BobO

BobO

    Member

  • Full Member
  • Pip
  • 54 posts

Posted 02 July 2004 - 08:47 PM

Rubber Ducky,

What Windows versions does About:Buster run on? Thanks

#81 RubbeR DuckY

RubbeR DuckY

    Marcin

  • Developer
  • PipPipPipPipPip
  • 878 posts

Posted 02 July 2004 - 08:50 PM

Post edited. Thank you BoBo :)
Marcin Kleczynski
Chief Executive Officer
Malwarebytes Corporation

Follow me on Twitter or check out my Blog!

#82 ILIKETOBITE

ILIKETOBITE

    Member

  • New Member
  • Pip
  • 3 posts

Posted 02 July 2004 - 09:01 PM

that about buster gives me a runtime error 75. Now what?

#83 RubbeR DuckY

RubbeR DuckY

    Marcin

  • Developer
  • PipPipPipPipPip
  • 878 posts

Posted 02 July 2004 - 09:11 PM

Post all errors/successes Here

But please do not pollute it with hundreds of logs.. Hijack This logs... About:Buster logs.

Edited by RubbeR DuckY, 02 July 2004 - 10:25 PM.

Marcin Kleczynski
Chief Executive Officer
Malwarebytes Corporation

Follow me on Twitter or check out my Blog!

#84 billtex47

billtex47

    Member

  • New Member
  • Pip
  • 3 posts

Posted 03 July 2004 - 11:02 AM

cnm's solution on page 2 worked for me on windows xp pro. i think the best part was tweaking ad-aware to find all of the junk. the aboutbuster also took a lot of it away. just follow the directions. i didn't even have to do the "safemode' stuff
good luck

here's the site;

http://forums.net-in...t=0

#85 beebsta

beebsta

    Member

  • Full Member
  • Pip
  • 7 posts

Posted 03 July 2004 - 11:15 AM

I used http://www.rokop-sec...cle.php?sid=746 yesterday morning as per Gradders' post. Seems to be working so far. Previously had the about:blank browser and search page hijacker for over 2 weeks on and off. Animation below demonstrates pretty well how frustrated I was feeling Smash.gif.

#86 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,317 posts

Posted 03 July 2004 - 11:23 AM

Most fixes, such as Ad-Aware alone, may inactivate the infection and fix the problem in that sense. However many files are left on the PC which could be reactivated at a later time. About:Buster will clear them out.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#87 JhonnyBench

JhonnyBench

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 04 July 2004 - 10:54 AM

Thanks a million guys. Ran about:buster and it would not detect the hidden .dll but Reglite allowed it to be found and system recovery console allowed me to rename and deactivate it. I think it is good to run about:buster though as it found about 200 files generated by the jacker that I missed. Bless you all.

#88 awang13

awang13

    Member

  • New Member
  • Pip
  • 1 posts

Posted 04 July 2004 - 01:36 PM

YES - about:blank was not removed by Spybot SD or Lavasoft Adaware,
I finally tried CWShredder and also removed MSft Java VM in lieu of Sun's Java code which seems to have fixed the problem.

CWShredder.exe is downloadable via google. Some sites seem to be broken but keep looking for the exact exe. Most components don't show but a few items between about:blank are common and are removed.

The MSjava vm is clean if you follow the following article:

http://www.winnetmag...8206/38206.html

Good luck. Until I found this I had about:blank for 3 weeks.

#89 disco51

disco51

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 04 July 2004 - 11:22 PM

I am having no luck and have yet to have anyone respond to my posts. Can anybody please help me with this about:blank?????

#90 HelplessApril

HelplessApril

    Member

  • New Member
  • Pip
  • 2 posts

Posted 06 July 2004 - 06:27 PM

GAAAAAAAAAAAAH :grrr: :grrr: :grrr:

:techsupport:


NONE OF YOU MAKE SENSE

YOUR POSTS GIVE ME A HEADACHE

RAAAAAAAAAAAAAAAH!

:ugh:

I think this thing is taking up my memory and my AIM doesn't work no matter how many times i redownload it and i get these lame advertisements of bugs screwing eachother

WHY HASN'T ANYBODY GOTTEN RID OF ABOUT:BLANK ON XP????

WHY IS THIS SO COMPLICAAAAATTTTTEDDDDDD!

*cries*

#91 BobO

BobO

    Member

  • Full Member
  • Pip
  • 54 posts

Posted 06 July 2004 - 08:31 PM

Helpless April,

I understand your frustration, and I'm sorry that you're having such a rotten time. But the people who are contaminating your computer are heartless -- they DON'T CARE how bad you feel -- they want to control your computer and they don't want to give it back to you. And they want that control so badly that they have devised a poison that is very difficult to remove.

A lot of very talented and very dedicated people at this forum are working hour after hour to help fight back. But the enemy is wily and crafty; what works for one user often does not for another. There seems to be no magic bullet -- yet.

So hang in there and try to follow our suggestions. Try Rubber Ducky's new program About:Buster. If you don't understand something, ask questions about the part you don't get. And don't forget that there are a lot of people who are just as angry as you are, and they won't *ever* stop fighting this menace.

Cheers,
BobO

#92 kidmetal

kidmetal

    Member

  • New Member
  • Pip
  • 1 posts

Posted 15 July 2004 - 07:01 PM

Ideaphorian:

I was looking at BobO's instructions about the dll files so i looked in my system32 folder through command prompt. I did not find and files that were 57,344 bytes but I did find the following files:

kbdfgd.dll 7/13/04 11:24p 0 bytes (similar to the one u had)
hlpcfk.dll 7/13/04 11:24p 0 bytes
chpdica.dll 7/13/04 11:23p 0 bytes
wdm.dll 7/13/04 08:06a 0 bytes
nmgiic.dll 7/13/04 11:24p 0 bytes


I have sp.html showing up in my temp folder, about:blank keeps taking over my browser. I have ran spybot, adaware and hijack this in safe mode and it still is coming back. I am going to try and delete these files and also try what goingnuts mentioned lennme posted about the registry. Ill keep u updated.. :techsupport:

#93 killflower

killflower

    Member

  • New Member
  • Pip
  • 1 posts

Posted 22 July 2004 - 12:28 AM

ideaphorian:

I also am running ME, but have been unable to find the offending file using BobO's instructions.  I can't find a System Hooks file under Software Environments.  Where did you find the offending file?

The Fist

Fist,

I found the offending file by using BobO's instructions about finding the files in MS-DOS: go to the MS-DOS prompt (from Programs -> Accessories), then at the C:\WINDOWS prompt, type cd system, then type dir *.dll|more -- look for files that have 57,344 bytes (lots of them) but that were entered recently (in my case, just one on 6/11/04). Mine's called kbdfnj.dll, but I suspect that the file name might be random.

I hope this helps!

What's more, I think I've figured out how to get rid of the about:blank problem on Windows ME. I can't try to rename it as BobO suggests using the 'normal' boot options in ME because they do not allow for direct boot into MS-DOS. So I had to create a Windows ME startup disk, then boot up ME using the startup disk. Eventually it allows you to get to a DOS prompt, from which I could follow BobO's instructions. I just re-booted the system after deleting the offending file, but the telltale signs of trouble (error message with msgsrv32 on startup; error message with mmtask at shutdown) have disappeared.... free at last, free at last?!?!?!

Can you provide any more detail on how you got a true DOS prompt using windows ME?
or how you created a boot disk? (i believe I already have an ME boot disk if this option would work. Im dealing with the same thing on a Windows ME system. Ive found the file in question but cant rename using the DOS utility. I also havent tried to delete the file (BobOs instructions say not to)--Any other suggestions/advice?
-KF




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button