Jump to content


Photo

Stuck with about:blank


  • Please log in to reply
6 replies to this topic

#1 Hythopian Shade

Hythopian Shade

    Member

  • Full Member
  • Pip
  • 26 posts

Posted 01 July 2004 - 12:04 AM

I have tried to get rid of this problem, but I can't seem to find the options to remove it from one sticky where I need to locate a "System Hook" folder in "System Information."

I also tried using the free anti-virus software at Symantec, but couldn't find out how to get rid of the files it found. Here's its log:

C:\WINNT\Temp\setup1.exe is infected with Download.Trojan
C:\WINNT\system32\setup1.exe is infected with Download.Trojan
C:\windows\notepad.exe is infected with Download.Trojan
C:\windows\temp\setup1.exe is infected with Download.Trojan
C:\temp\setup1.exe is infected with Download.Trojan
C:\Program Files\Hijack This\backup-20040629-045504-916.dll is infected with Trojan.StartPage

Also, here is my Hijack This log:

Logfile of HijackThis v1.97.7
Scan saved at 1:01:18 AM, on 7/1/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\WINNT\system32\CTsvcCDA.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Navnt\AdvTools\NPROTECT.EXE
C:\PROGRA~1\SYMPAT~1\ACCESS~1\app\pppoeservice.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\MsPMSPSv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\Adaptec\DirectCD\directcd.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\WINNT\System32\LXSUPMON.EXE
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\WINNT\system32\CTHELPER.EXE
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\PROGRA~1\SYMPAT~1\ACCESS~1\app\EnterNet.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Burrows\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Burrows\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Burrows\LOCALS~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Burrows\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Burrows\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.altavista.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Burrows\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Sympatico
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://www.altavista.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.altavista.com/
F2 - REG:system.ini: UserInit=C:\WINNT\System32\Userinit.exe
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O2 - BHO: (no name) - {5B6411B0-594B-4CBD-A590-5DCAF06B7E2F} - C:\WINNT\system32\eecf.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1721.0\en-ca\msntb.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\Adaptec\DirectCD\directcd.exe
O4 - HKLM\..\Run: [PLXSTART] C:\PROGRA~1\PLEXTO~1\PLXSTART.EXE
O4 - HKLM\..\Run: [PLXTASK] C:\PROGRA~1\PLEXTO~1\PLXTASK.EXE
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [LXSUPMON] C:\WINNT\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [NPS Event Checker] C:\PROGRA~1\Navnt\npscheck.exe
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\Navnt\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - Global Startup: Kodak EasyShare software.lnk.disabled
O4 - Global Startup: Kodak software updater.lnk.disabled
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Real.com (HKLM)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com...ex/qtplugin.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yaho...talls/yinst.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {68BCE50A-DC9B-4519-A118-6FDA19DB450D} (Info Class) - http://www.blizzard..../wowbeta/si.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real...ArcadeRdxIE.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.ma...ash/swflash.cab

I am running Windows 200 Professional Edition, and I have Norton Anti-Virus (updated last week), Spybot S&D (latest version), Ad-Aware version 6, Hijack This, and CWShredder. I have tried a sever steps on this site to figure out how to remove the about:blank hijack problem, but have been unsuccessful.

Any help is appreciated. Thanks in advance.

#2 Hythopian Shade

Hythopian Shade

    Member

  • Full Member
  • Pip
  • 26 posts

Posted 05 July 2004 - 07:36 AM

Still need help with this one.

#3 Hythopian Shade

Hythopian Shade

    Member

  • Full Member
  • Pip
  • 26 posts

Posted 12 July 2004 - 11:31 PM

Anyone? Anyone at all?

#4 terryb

terryb

    Member

  • Full Member
  • Pip
  • 51 posts

Posted 12 July 2004 - 11:35 PM

Did you try the About-Buster tool mentioned on this site. I have not used it personally, but some on here have said it works.

#5 Hythopian Shade

Hythopian Shade

    Member

  • Full Member
  • Pip
  • 26 posts

Posted 19 July 2004 - 08:31 AM

I'll have to try that. I don't get online much as you see, but I'll try and make time to read about it and down load it. Thanks for the suggestion.

#6 Hythopian Shade

Hythopian Shade

    Member

  • Full Member
  • Pip
  • 26 posts

Posted 02 August 2004 - 02:42 PM

Sorry to bother, but can anyone provide a link to that utility?

#7 Hythopian Shade

Hythopian Shade

    Member

  • Full Member
  • Pip
  • 26 posts

Posted 05 August 2004 - 05:18 PM

I downloaded the about:buster utility, and upgraded it, but the about:blank hijack still persists. Can anyone give me advice? I currently have Spybot S&D, Ad Aware, Hijack This, CW Shredder, and About:Buster, but the hijack remains even after running them all, rebooting, running them again, rebooting again in safe mode, and running them a 3rd time. If needed I can repost my Hijack This log again. Thanks for any help.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button