• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
WOliver73

Help! I've been hijacked by about:blank

2 posts in this topic

I've been hijacked by about:blank. I've done the virus scan, Ad Aware and Spybot but it keeps on returning. My only guess is that the problem is embedded in another file somewhere. There's this file called ifETCOMM.dll that I can't seem to delete.

 

Logfile of HijackThis v1.97.7

Scan saved at 2:40:25 PM, on 6/26/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\rundll32.exe

C:\PROGRA~1\VCOM\Fix-It\mxtask.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\VCOM\Fix-It\mxtask.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\TrojanHunter 3.9\THGuard.exe

C:\WINDOWS\System32\ctfmon.exe

C:\WINDOWS\System32\devldr32.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Downloads\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\TEMP\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\WINDOWS\TEMP\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\WINDOWS\TEMP\sp.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\TEMP\sp.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\WINDOWS\TEMP\sp.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\WINDOWS\TEMP\sp.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {67B66DC1-FD58-4736-9952-C58B716AAA25} - C:\WINDOWS\System32\dig.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1629.0\en-us\msntb.dll

O3 - Toolbar: (no name) - {339BB23F-A864-48C0-A59F-29EA915965EC} - (no file)

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [Ad-aware] "C:\PROGRA~1\LAVASOFT\AD-AWA~1\Ad-aware.exe" +c

O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 3.9\THGuard.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)

O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab

O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab

O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://www.napster.com/client/setup.exe

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/13c54a7d494b9b...ip/RdxIE601.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...8151.5051388889

O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

Share this post


Link to post
Share on other sites

You have a new CoolWebSearch infection. These infections are new and sometimes very difficult to get rid of. Please follow all the instructions in order to see if we can successfully remove it. Having all windows closed when running each program is very important and rebooting after each program is also vital to removing this pest.

 

First of all I need you to make sure all hidden files are showing. Please do the following:

 

Go to start>control panel>folder options>view (tab) and choose to "show hidden files and folders," uncheck the "hide protected operating system files" and the "hide extensions for know file types" boxes. Close the window with ok

 

 

 

1. Download and install APM from: http://www.diamondcs.com.au/index.php?page=apm

 

2.Next you need to use HijackThis to fix the entries in your log file.

Close all windows except HijackThis and scan with HJT. Put a check mark beside each of the following entries

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\TEMP\sp.html

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\WINDOWS\TEMP\sp.html

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\WINDOWS\TEMP\sp.html

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\TEMP\sp.html

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\WINDOWS\TEMP\sp.html

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\WINDOWS\TEMP\sp.html

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

 

 

R3 - Default URLSearchHook is missing

 

 

O2 - BHO: (no name) - {67B66DC1-FD58-4736-9952-C58B716AAA25} - C:\WINDOWS\System32\dig.dll

 

 

O3 - Toolbar: (no name) - {339BB23F-A864-48C0-A59F-29EA915965EC} - (no file)

 

 

O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://www.napster.com/client/setup.exe

 

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/13c54a7d494b9b...ip/RdxIE601.cab

 

 

3. Click 'fix checked'

 

4. REBOOT to finish removing the entries

 

5. Close HijackThis and Open APM

 

6. With all other windows closed, in the upper window select explorer.exe

 

7. In the lower window find and rightclick the BHO from the HijackThis log

 

O2 - BHO: (no name) - {67B66DC1-FD58-4736-9952-C58B716AAA25} - C:\WINDOWS\System32\dig.dll

 

8. Select 'Unload DLL' and click OK on the prompts that follow.

 

9. REBOOT to finish removal

 

10. Please download CWShredder from the following site:http://www.spywareinfo.com/~merijn/files/CWShredder.exe

 

11. Check for Updates to CWShredder

 

12. CLOSE ALL WINDOWS except CWShredder

 

13. Run the program by clicking 'fix' and letting it fix all CWS remnants.

 

14. REBOOT to finish the removal and clear memory.

 

15. Download Ad-Aware from the link at the bottom of this post and set it up according to the directions at 'How To Setup Spybot SD and Ad-Aware' from the link at the bottom of this post

 

16. After updating the reference file in Ad-Aware scan and let it fix everything it finds. This step is very important to remove the association between the pest and your internet protocols.

 

17. Please go to Panda Online AV scan and scan your entire computer for viruses/trojans and let it fix what it finds. Panda has recently added definitions which will help get rid of this pest.

 

18. Once the online AV scan is complete, SCAN again with HijackThis and POST a new log file here in this thread to find out what is left to clean.

 

If you have any questions about any part of this fix please post in this thread using Add Reply and I will give you answers.

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0