• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
RubbeR DuckY

About:blank http://res fix works !!!

254 posts in this topic

This thread is obsolete and has been replaced by http://www.spywareinfoforum.com/index.php?showtopic=18557 cnm

 

-------------------------------------------------------------------------

 

If you were sent here by another member of this forum or another forum. See bottom of this post.

 

Hello fellow members of Spywareinfo and all other viewers.

 

As you may have heard the About:Blank res:// variant of Cws has been a real pain. You may also have heard of a program called About:Buster made by me. You've probably avoided using it as you had not known what it was. It was not a real successfull fixer on the beginning. But after 24 updates and a hell of a lot of hours put into it, the program has become extremely successfull. 1.24 was finished today. It had cleared me several times (i reinfected many times).

 

I would like to thank many people for help with this removal.

 

How to use. Simply download it from my signature. Unzip it to your desktop. Fix all random 04's and the random bho in Hijack This. Note: Fixing the R0's and R1's is not necessary. Then run About:Buster. Hit Ok on the first prompt, Start on the second. Then Ok to start the removal. A log will start to form. After the program runs. Save the log somewhere. If a helper at this forum asks you for a report, that is what he/she means.

 

If the fix above does not work - It is because the files that have been removed are noticed by other files and new files are created to replace them. That is why you must boot into safe mode by tapping F8 several times when the computer is first booting. Then run the program. This will cause no processes to start and communicate.

 

For anyone who cares. The program was created in Visual Basic 6. So if there are any errors saying missing a file. Please download the Visual Basic 6 Runtime Files and install them.

 

Well good luck. Please send any bug reports and suggestions to the e-mail address located in the program.

 

The update after it will fix the shell.dll problems people are having.

 

Even though some experts still do not support this fix. It is so far the most effective way to fix this Cws. It has been mentioned on many forums. (atri's, sub's, pchell, swi, tomcoyote .. ).

 

Reinstalling Internet Explorer will Not fix this problem.

 

I thank you again for listening. Good luck on fixing your Cws variant.

 

 

Id like to thank BoBo for mentioning this point. - About:Buster works on all Windows versions. Depending on the OS the hijack is harder to remove. On 98 it seems to hit harder. On Xp it isnt very hard to remove.

 

--------------- Bottom of Post -----------------------------------------------------

 

I have seen many people posting on this and other forums to view this page on how to remove. Now most of you never get to the end of this topic. There is a new fix out. Follow the fix below...

 

Download About:Buster and unzip it to your desktop. Start it, hit Ok, Start, And Ok again to start the scan. It will generate a log. Post that log along with a new Hijack this log in post you came from.

Edited by cnm

Share this post


Link to post
Share on other sites

Ok if you get Error 75. The error should now be fixed. Please redownload.

 

As it shows the new version was not yet uploaded.

It is now :)

Share this post


Link to post
Share on other sites

For those who prefer not to have to find and fix the random O2's and O4's with Hijackthis before running About:Buster - you can do this:

 

1. Download About:Buster from http://www.ducky.atribune.org/

 

2. Boot in Safe Mode - Hit the F8 key several times while booting, until you get a menu.

 

3. Run About:Buster while you are in Safe Mode.

Hit Ok on the first prompt, Start on the second. Then Ok to start the removal. A log will start to form. After the program runs. Save the log somewhere.

Share this post


Link to post
Share on other sites

I have to thank you on your solution to the hijack problem. I have waited a week on a fix to this problem and I know the mods are busy but this seemed to fix my problem again thank you.

Share this post


Link to post
Share on other sites

I ran it and it seems to have fixed the remnants of this virus that were in my computer. Man, this was a pain in the rear to fix!

Share this post


Link to post
Share on other sites

yes it was a total pain. Now that the problem seems to be fixed, is my IE supposed to be really slow? Oh and the Only the Best pop ups are still there.

Share this post


Link to post
Share on other sites

fix did not work, about blank comes back in safe mode. comes back every time it is rebooted. no luck yet. safe mode is f5, not f8 on my computer.

Edited by kjuice

Share this post


Link to post
Share on other sites

about bust fixed me!!!! I have restarted my system several times and it seems to have work well!! Thank you very much rubber ducky :D.

Share this post


Link to post
Share on other sites

Bear in mind that you quite possibly have additional spyware. If About:Buster doesn't fix everything then please run Ad-Aware. Follow the Ad-Aware configuration directions here: http://www.spywareinfoforum.com/index.php?sh...indpost&p=47087

 

If you still have problems after Ad-Aware, then start a New Topic (saying what you have already run) and post a HijackThis log there.

Share this post


Link to post
Share on other sites

New version uploaded. Version number stays the same. The scan takes a lot less time... about 10 seconds.

 

Tested: Yes

Success: Yes

 

Please wait 10-20 minutes before downloading from www.ducky.atribune.org after this is posted.

Edited by RubbeR DuckY

Share this post


Link to post
Share on other sites

Are you the administrator of your computer? When are you getting the error.

 

 

Error Guidelines -

 

*Describe the error

*Describe when the error is happening.

 

Anyone who wants to post an error here please follow those guidelines...

 

Error Removing! : - this is not an error its just that the file couldnt not be removed

Share this post


Link to post
Share on other sites

Yes I am the administrator.

 

It was a run-time error 70 - permission denied.

 

The error occured at 11% complete - 161/1456 Items scanned

 

The file location showing at the bottom of the program window when the error occured was:

 

C:\WINDOWS\system32\d3dpmVsh.dat

Share this post


Link to post
Share on other sites

I ran latest version of About:Buster from Safe-Mode. I get the following message:

 

Run-time error '75':

Path/file access error

 

The About:Buster screen displayed:

 

40% done 624\1551 Items Scanned

C:\WINDOWS\System32\logb.dll

 

I looked at logb.dll's properties: do I need to set anything up in the Security tab to enable Buster to access this file?

Edited by beebsta

Share this post


Link to post
Share on other sites

New Canned Fix

 

Download About:Buster from Here

Unzip it to your desktop. Double click it and hit Ok, then Start, then Ok to start the scan. The scan should take a few seconds. Once it is done save the report. Paste the report and a new Hijack this log in a New Topic. Do not post it here.

 

 

Post a new topic

 

 

 

Note: No more need to tick the boxes next to random 04's and 02's

Share this post


Link to post
Share on other sites

u need to close all runnig programs to....if u didnt already say that but i love u man thanks sooo much second time ive had it and didnt want to go through that whole mess agai...took 4 hours + the first time

 

you should post this on other forums to ive seen alot of ppl struggling with it at computercops.com

Edited by potato2435

Share this post


Link to post
Share on other sites

I went through the registration process this evening in order to say "Thank You". I was hit by about:blank three days ago. As one of the thousands of "somewhat knowledgable" users my abilities fall short of a problem like this. That's where people like you come in...I watched and waited. Tonight, thanks to this forum and Buster 1.24, I think my problem is solved. There are no words...

Share this post


Link to post
Share on other sites

Sorry for posting my hijack this log in your forum ducky. Im new to this web site. Ive now made a new post.

 

Sorry again

 

Dave

Share this post


Link to post
Share on other sites

Should about:buster also fix 'allaboutsearching'? I'm not sure if it's the same issue. It fixed it yesterday, but this a.m. it was back. I reran and it's ok for now. 'allabout' was hijacking my homepage. Thanks!

 

M-

Share this post


Link to post
Share on other sites

did everything in the previous posts but have noticed that about:blank is still in the Hijack log. Pop-ups have calmed though. When I ran about:buster it didn't show a log, just scanned and then said it was done.

Edited by disco51

Share this post


Link to post
Share on other sites
When I ran about:buster it didn't show a log

 

There wasn't anything in the white box...?

 

 

* Buster does Not fix allaboutsearching

 

 

- Anyone with information on where to obtain an installer for the sp.html variant... please send the information to Here with a title of 'cws information'.

 

That way i can get Buster updated to help many many many and many more people...

 

 

 

Any help is greatly appreciated :)

Edited by RubbeR DuckY

Share this post


Link to post
Share on other sites

Rubber Ducky,

 

This is what I get:

 

About:Buster Version 1.24

Attempted Clean Of Temp folder.

Pages Reset... Done!

 

As I said earlier, about:blank is still in one of the lines in my HT log and IE is quite slow.

Share this post


Link to post
Share on other sites

Id like to repeat this again...

 

 

About:Buster Only works on the res:// variant.

 

More specifically - res://<random>.dll/<random>.html#<random>

 

Also note only if your lucky will it work on this variant

 

res://<random>.dll/sp.html

Share this post


Link to post
Share on other sites
New Canned Fix

 

Download About:Buster from Here

Unzip it to your desktop. Double click it and hit Ok, then Start, then Ok to start the scan. The scan should take a few seconds. Once it is done save the report. Paste the report and a new Hijack this log in a New Topic. Do not post it here.

 

 

Post a new topic

 

 

 

Note: No more need to tick the boxes next to random 04's and 02's

Thank you. Thank you. Thank you.

 

Took your directions and problem is all gone.

Share this post


Link to post
Share on other sites
Id like to repeat this again...

 

 

About:Buster Only works on the res:// variant.

 

More specifically - res://<random>.dll/<random>.html#<random>

 

Also note only if your lucky will it work on this variant

 

res://<random>.dll/sp.html

Thank you. fixed all the problems.

Share this post


Link to post
Share on other sites

wow thanks for the fix.... this thing has been on my computer for like 2 weeks and it just kept on adding more viruses, thank god I can across this site! I like having an actual homepage instead of that res:// thing

Share this post


Link to post
Share on other sites

Rubberducky, I think you just saved my sanity. I've had about:blank for three weeks and tried everything I could find to shift it. I ran your about:buster yesterday and its been 24 hrs since I last saw that damnable "coolwebsearch" screen. You are brilliant!

 

Many thanks. :wave:

Share this post


Link to post
Share on other sites

:blush: :weep: :mellow:

 

Hi rubber ducky, after going on the net hte res://random.dll was still there, I runned about buster again, it seems to have worked again, but not sure, the res bug may come up again. The first time i run about buster the log said there was a program it could not remove (error removing). The second time there were lots of 'error removing'. is this important?

 

thanks a lot for whay you are trying to do for everyone, I would be glad to read your opinion about my case.

 

cheers

Share this post


Link to post
Share on other sites

Post a new topic with a log. Then e-mail me at Here and i will personally handle it.

 

 

Please include a subject like Hjt log and a link to the post :)

Share this post


Link to post
Share on other sites

Hi RubberDucky I tried again about:bluster in safe mode, and it seems to have worked. I have rebooted and went on the net a couple of times now and everything is fine ;):thumbsup: cheers

Share this post


Link to post
Share on other sites

Well, i registered here also, just to express my gratitude! Homepage fixed!

 

I've visited this site and it's various programs, but they could not stop the res://

, but this about : buster worked fine for me! Just to the other forum browers who have the same problem, i'm going to say it worked for me in safe mode, but i use windows 2000 pro.

 

Anyways, great work, i can't believe we have "simple" volunteers to work against these scrubby ...malware.

 

Just as a side note if anyone is wondering, my Kazaa lite couldn't load, and after the buster, it now works fine.

 

:rofl: YEEHAW i am happy as a yellow ball rolling on the ground

 

one last thing... i can't believe i forgot this... um how do you tell what was responsibile ? i had a huge list of .dat files and some other junk, and my adaware got rid of a lotta drivers too.

Does anyone have a clue what is responsible??

Edited by Thankful

Share this post


Link to post
Share on other sites

I have done all you instructed and it kept coming back until I installed a Pop-Up blocker with a "no re-direct homepage" feature. It is from History Kill on a trial basis. It seemed your fix did work until I got the next "Only the Best" pop-up. Does that suggest the parent code is loaded by the pop-up each time even after your fix?

 

Also, any suggestions on how to configure Network Security Service in regards to this hijacker?

Share this post


Link to post
Share on other sites

please help me, i followed this procedure and found this: C:\WINNT\system32\resnhmj.dll as a hiddem dll, but when i use the Windows Recovery Console in my windows 2000 it will only let me go into the c:\winnt folder not into c:\winnt\system32 folder to find and rename this then to delete its value in the registrar lite program, so how do i get to this file? I tried changeing security settings but i cant get the local security settings to open for me to change this to allow viewing and changing of all file folders becasue i get this message when i try to allow me to access the security option tabs: "Windows cannot open the local policy database. The database you are attempting to open does not exist.", get me, im not sure why this is not working either, but i need to know how to look in the system32 folder and rename the evil/corrupted file and then delete it, how do i get into looking for it in Windows Recovery Console when i cant search the dir/ of anything other than winnt/ folder? Any help is appreciated. If i can get into c:\winnt\system32 thru the Windows Recovery Console then i can rename the file and then delete it, it will not go away by just deleting resnhmj.dll the AppInit_DLLs and delete the value. I need access to system32 folder where this file is hidden even though i checked under my computer/view/files and folders/ show hidden files and folders, any ideas fellas, i know im close to fixing the last remnant of this about:blank plague

Share this post


Link to post
Share on other sites

Im not sure what you meant but here goes.

 

 

1) To Delete the file click on properties and uncheck all the boxes ... Hidden, Read only. Then try deleting...

 

You mean you cant access System32 at all.

 

2) To show super hidden folders. Goto where you check the box Show hidden files and folders. Then scroll a bit down and check show system files. Hit apply. Then try finding the file..

 

Remember to undo these changes later.

Share this post


Link to post
Share on other sites

THANK YOU THANK YOU THANK YOU!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

 

I can't say it enough. About:Buster worked. I am by far not a tecky person but with your help I fixed and eliminated the hijack of my browser. You are the best! :rofl::rofl:

Share this post


Link to post
Share on other sites

Sorry, it did not work for me. Initially it seemed to work but the about:blank hijacker is back with many popups. Any suggestions - I have ran other prog such as Adaware, Spybot, hijack, etc. It always comes back.

Share this post


Link to post
Share on other sites

I have tried running About:Buster 1.24 in safe mode.

Clicked Ok then Start then Ok and then received an error - "Run-time error '53'. File not found"

 

I am running Windows 98 and have also tried Ad-aware and SpyBot S&D.

 

Hoping you can help...

Share this post


Link to post
Share on other sites

The only words that I can say are THANK YOU! You don't know how happy I am. I've spent the last at least 3 days trying EVERYTHING to remove the IE hijack that was sending me to a search engine every time I clean it out. I tried everything from Ad-Aware, BHO Demon, Spyware Blaster, CWShredder, Spyware Doctor, SpyBot. Nothing. Even with Hijack This it was still there. But your program has worked wonders and I thank you.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0