Jump to content


Photo

adaware says about blank looks like suspected brow


  • This topic is locked This topic is locked
4 replies to this topic

#1 invis_tres

invis_tres

    Member

  • Full Member
  • Pip
  • 31 posts

Posted 27 June 2004 - 12:49 PM

well i ran adaware it says i have three registry entries which are probalmatic

Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainStart Pageabout:blank

Possible Browser Hijack attempt Object recognized!
    Type              : RegData
    Data              : "about:blank"
    Category          : Data Miner
    Comment            : Possible browser hijack attempt
    Rootkey            : HKEY_CURRENT_USER
    Object            : Software\Microsoft\Internet Explorer\Main
    Value              : Start Page
    Data              : "about:blank"

Possible browser hijack attempt : .Default\Software\Microsoft\Internet Explorer\MainStart Pageabout:blank

Possible Browser Hijack attempt Object recognized!
    Type              : RegData
    Data              : "about:blank"
    Category          : Data Miner
    Comment            : Possible browser hijack attempt
    Rootkey            : HKEY_USERS
    Object            : .Default\Software\Microsoft\Internet Explorer\Main
    Value              : Start Page
    Data              : "about:blank"



if i tell it next it quarentines those entries

now if i start a new browser sesssion i see i have msn.com as my home page
if i use tools -->internet options -->use blank
and run adaware again
it again says i have three possible entries which look like browser hijack to it


all the while hijack this keeps on saying i have no suspicious entries


does adaware have some special affection towards msn


or is it a problem

or what


regards

#2 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,317 posts

Posted 27 June 2004 - 12:51 PM

Presumably that is the default start page on your PC.

Go into IE Tools->Internet Options, and set your start page to the one you want.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#3 invis_tres

invis_tres

    Member

  • Full Member
  • Pip
  • 31 posts

Posted 28 June 2004 - 06:43 AM

tx cnm for moving the post here and answering it

but i think i am still confused ;) may be i am too much stupid

now if i start a new browser sesssion i see i have msn.com as my home page
if i use tools -->internet options -->use blank
and run adaware again
it  says i have three possible entries which look like browser hijack to it (it refers to the about blank entries )


addition to last posts substance

to be clear

1)before running my adaware i have about blank as my default page
2)i run adaware it says i have three corrupt entries
3)i ask it to quarentine and delete it
4)i close adaware
5)i run ie
6)i see msn (which i did not have in original place)
7)i run adware again no complaints by adaware this time
8)i close adaware and run ie  (which opens msn)
9)do tools-->internet options-->use blank -->apply then close ie
10) run ie again it opens about blank not msn
11) i run adaware  and it complains of three bad entries (and they refer to about blank)

tx any way

regards

ps iam posting a hjt log also just in case
this is an unedited log ive deleted nothing from the log
if i do tools -->internet options-->settings -->view objects
then remove the shockwave file hjt will say i have no suspicious entries

Logfile of HijackThis v1.97.7
Scan saved at 4:44:01 AM, on 6/28/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\HCWS\HIJACKTHIS.EXE

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab


Edited by invis_tres, 28 June 2004 - 06:51 AM.


#4 Boydo

Boydo

    Member

  • New Member
  • Pip
  • 1 posts

Posted 21 July 2004 - 01:31 PM

Try removing Critical Windows update to IE Q831167. This is some ruse by MS to put the awful MSN.com under our noses.

Sorry this doesn't work just by itself, BUT if you stop AdAware's AdWatch program running, then IE will accept and retain the Blank opening page.

So a strange brew of blame and reasons.

Anyone know of a fix?

Edited by Boydo, 21 July 2004 - 05:11 PM.


#5 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,317 posts

Posted 21 July 2004 - 02:37 PM

Ad-Aware has no way of telling whether it was set to about:blank by you or by a possible hijacker. If you know that you set it that way yourself, then of course disregard the Ad-Aware alert.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button