Jump to content


Photo

About:blank http://res fix works !!!


  • This topic is locked This topic is locked
253 replies to this topic

#1 RubbeR DuckY

RubbeR DuckY

    Marcin

  • Developer
  • PipPipPipPipPip
  • 878 posts

Posted 02 July 2004 - 08:36 PM

This thread is obsolete and has been replaced by http://www.spywarein...showtopic=18557 cnm

-------------------------------------------------------------------------

If you were sent here by another member of this forum or another forum. See bottom of this post.

Hello fellow members of Spywareinfo and all other viewers.

As you may have heard the About:Blank res:// variant of Cws has been a real pain. You may also have heard of a program called About:Buster made by me. You've probably avoided using it as you had not known what it was. It was not a real successfull fixer on the beginning. But after 24 updates and a hell of a lot of hours put into it, the program has become extremely successfull. 1.24 was finished today. It had cleared me several times (i reinfected many times).

I would like to thank many people for help with this removal.

How to use. Simply download it from my signature. Unzip it to your desktop. Fix all random 04's and the random bho in Hijack This. Note: Fixing the R0's and R1's is not necessary. Then run About:Buster. Hit Ok on the first prompt, Start on the second. Then Ok to start the removal. A log will start to form. After the program runs. Save the log somewhere. If a helper at this forum asks you for a report, that is what he/she means.

If the fix above does not work - It is because the files that have been removed are noticed by other files and new files are created to replace them. That is why you must boot into safe mode by tapping F8 several times when the computer is first booting. Then run the program. This will cause no processes to start and communicate.

For anyone who cares. The program was created in Visual Basic 6. So if there are any errors saying missing a file. Please download the Visual Basic 6 Runtime Files and install them.

Well good luck. Please send any bug reports and suggestions to the e-mail address located in the program.

The update after it will fix the shell.dll problems people are having.

Even though some experts still do not support this fix. It is so far the most effective way to fix this Cws. It has been mentioned on many forums. (atri's, sub's, pchell, swi, tomcoyote .. ).

Reinstalling Internet Explorer will Not fix this problem.

I thank you again for listening. Good luck on fixing your Cws variant.


Id like to thank BoBo for mentioning this point. - About:Buster works on all Windows versions. Depending on the OS the hijack is harder to remove. On 98 it seems to hit harder. On Xp it isnt very hard to remove.

--------------- Bottom of Post -----------------------------------------------------

I have seen many people posting on this and other forums to view this page on how to remove. Now most of you never get to the end of this topic. There is a new fix out. Follow the fix below...

Download About:Buster and unzip it to your desktop. Start it, hit Ok, Start, And Ok again to start the scan. It will generate a log. Post that log along with a new Hijack this log in post you came from.

Edited by cnm, 13 August 2005 - 10:53 AM.

Marcin Kleczynski
Chief Executive Officer
Malwarebytes Corporation

Follow me on Twitter or check out my Blog!

#2 RubbeR DuckY

RubbeR DuckY

    Marcin

  • Developer
  • PipPipPipPipPip
  • 878 posts

Posted 02 July 2004 - 09:15 PM

Ok if you get Error 75. The error should now be fixed. Please redownload.

As it shows the new version was not yet uploaded.
It is now :)
Marcin Kleczynski
Chief Executive Officer
Malwarebytes Corporation

Follow me on Twitter or check out my Blog!

#3 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,317 posts

Posted 02 July 2004 - 09:59 PM

For those who prefer not to have to find and fix the random O2's and O4's with Hijackthis before running About:Buster - you can do this:

1. Download About:Buster from http://www.ducky.atribune.org/

2. Boot in Safe Mode - Hit the F8 key several times while booting, until you get a menu.

3. Run About:Buster while you are in Safe Mode.

Hit Ok on the first prompt, Start on the second. Then Ok to start the removal. A log will start to form. After the program runs. Save the log somewhere.


Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#4 DaAzianDragon

DaAzianDragon

    Member

  • Full Member
  • Pip
  • 8 posts

Posted 02 July 2004 - 10:56 PM

I have to thank you on your solution to the hijack problem. I have waited a week on a fix to this problem and I know the mods are busy but this seemed to fix my problem again thank you.

#5 Armywife

Armywife

    Member

  • Full Member
  • Pip
  • 2 posts

Posted 03 July 2004 - 12:53 AM

I ran it and it seems to have fixed the remnants of this virus that were in my computer. Man, this was a pain in the rear to fix!

#6 ILIKETOBITE

ILIKETOBITE

    Member

  • New Member
  • Pip
  • 3 posts

Posted 03 July 2004 - 01:23 AM

yes it was a total pain. Now that the problem seems to be fixed, is my IE supposed to be really slow? Oh and the Only the Best pop ups are still there.

#7 kjuice

kjuice

    Member

  • New Member
  • Pip
  • 2 posts

Posted 03 July 2004 - 01:43 AM

fix did not work, about blank comes back in safe mode. comes back every time it is rebooted. no luck yet. safe mode is f5, not f8 on my computer.

Edited by kjuice, 03 July 2004 - 02:02 AM.


#8 SwedishFish

SwedishFish

    Member

  • Full Member
  • Pip
  • 13 posts

Posted 03 July 2004 - 02:12 AM

about bust fixed me!!!! I have restarted my system several times and it seems to have work well!! Thank you very much rubber ducky :D.

#9 ardalla

ardalla

    Member

  • New Member
  • Pip
  • 1 posts

Posted 03 July 2004 - 03:32 AM

No luck. About:blank comes back when I reboot. I'm starting to get a popup now advertising a spyware remover.

#10 noobie

noobie

    Member

  • Full Member
  • Pip
  • 20 posts

Posted 03 July 2004 - 08:52 AM

I get a run time error 53 file not found :wtf:

#11 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,317 posts

Posted 03 July 2004 - 09:10 AM

Bear in mind that you quite possibly have additional spyware. If About:Buster doesn't fix everything then please run Ad-Aware. Follow the Ad-Aware configuration directions here: http://www.spywarein...indpost&p=47087

If you still have problems after Ad-Aware, then start a New Topic (saying what you have already run) and post a HijackThis log there.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#12 billtex47

billtex47

    Member

  • New Member
  • Pip
  • 3 posts

Posted 03 July 2004 - 11:05 AM

it worked for me , also tweaked ad-aware to maximize it's effectiveness..
good riddance about blank/cwws

#13 RubbeR DuckY

RubbeR DuckY

    Marcin

  • Developer
  • PipPipPipPipPip
  • 878 posts

Posted 03 July 2004 - 12:11 PM

New version uploaded. Version number stays the same. The scan takes a lot less time... about 10 seconds.

Tested: Yes
Success: Yes

Please wait 10-20 minutes before downloading from www.ducky.atribune.org after this is posted.

Edited by RubbeR DuckY, 03 July 2004 - 12:14 PM.

Marcin Kleczynski
Chief Executive Officer
Malwarebytes Corporation

Follow me on Twitter or check out my Blog!

#14 ptbc

ptbc

    Member

  • New Member
  • Pip
  • 2 posts

Posted 03 July 2004 - 12:14 PM

I'm getting run time error 70.

#15 RubbeR DuckY

RubbeR DuckY

    Marcin

  • Developer
  • PipPipPipPipPip
  • 878 posts

Posted 03 July 2004 - 12:31 PM

Are you the administrator of your computer? When are you getting the error.


Error Guidelines -

*Describe the error
*Describe when the error is happening.

Anyone who wants to post an error here please follow those guidelines...

Error Removing! : - this is not an error its just that the file couldnt not be removed
Marcin Kleczynski
Chief Executive Officer
Malwarebytes Corporation

Follow me on Twitter or check out my Blog!

#16 ptbc

ptbc

    Member

  • New Member
  • Pip
  • 2 posts

Posted 03 July 2004 - 12:49 PM

Yes I am the administrator.

It was a run-time error 70 - permission denied.

The error occured at 11% complete - 161/1456 Items scanned

The file location showing at the bottom of the program window when the error occured was:

C:\WINDOWS\system32\d3dpmVsh.dat

#17 RubbeR DuckY

RubbeR DuckY

    Marcin

  • Developer
  • PipPipPipPipPip
  • 878 posts

Posted 03 July 2004 - 01:36 PM

Hmmm, ok try the new version (1.24, revision 2) www.ducky.atribune.org
Marcin Kleczynski
Chief Executive Officer
Malwarebytes Corporation

Follow me on Twitter or check out my Blog!

#18 beebsta

beebsta

    Member

  • Full Member
  • Pip
  • 7 posts

Posted 03 July 2004 - 01:42 PM

I ran latest version of About:Buster from Safe-Mode. I get the following message:

Run-time error '75':
Path/file access error

The About:Buster screen displayed:

40% done 624\1551 Items Scanned
C:\WINDOWS\System32\logb.dll

I looked at logb.dll's properties: do I need to set anything up in the Security tab to enable Buster to access this file?

Edited by beebsta, 03 July 2004 - 01:43 PM.


#19 RubbeR DuckY

RubbeR DuckY

    Marcin

  • Developer
  • PipPipPipPipPip
  • 878 posts

Posted 03 July 2004 - 02:43 PM

Try this...

http://www.downloads...AboutBuster.zip

New version 1.24 (revision 3)
Marcin Kleczynski
Chief Executive Officer
Malwarebytes Corporation

Follow me on Twitter or check out my Blog!

#20 RubbeR DuckY

RubbeR DuckY

    Marcin

  • Developer
  • PipPipPipPipPip
  • 878 posts

Posted 03 July 2004 - 03:12 PM

New Canned Fix

Download About:Buster from Here
Unzip it to your desktop. Double click it and hit Ok, then Start, then Ok to start the scan. The scan should take a few seconds. Once it is done save the report. Paste the report and a new Hijack this log in a New Topic. Do not post it here.


Post a new topic



Note: No more need to tick the boxes next to random 04's and 02's
Marcin Kleczynski
Chief Executive Officer
Malwarebytes Corporation

Follow me on Twitter or check out my Blog!

#21 potato2435

potato2435

    Member

  • New Member
  • Pip
  • 1 posts

Posted 03 July 2004 - 06:04 PM

u need to close all runnig programs to....if u didnt already say that but i love u man thanks sooo much second time ive had it and didnt want to go through that whole mess agai...took 4 hours + the first time

you should post this on other forums to ive seen alot of ppl struggling with it at computercops.com

Edited by potato2435, 03 July 2004 - 06:05 PM.


#22 gruppo6

gruppo6

    Member

  • New Member
  • Pip
  • 1 posts

Posted 03 July 2004 - 09:41 PM

I went through the registration process this evening in order to say "Thank You". I was hit by about:blank three days ago. As one of the thousands of "somewhat knowledgable" users my abilities fall short of a problem like this. That's where people like you come in...I watched and waited. Tonight, thanks to this forum and Buster 1.24, I think my problem is solved. There are no words...

#23 geves

geves

    Member

  • Full Member
  • Pip
  • 38 posts

Posted 04 July 2004 - 05:16 AM

wow thanks rubber ducky, you saved from my virus. Thank you so much

#24 david_35

david_35

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 04 July 2004 - 05:46 AM

Sorry for posting my hijack this log in your forum ducky. Im new to this web site. Ive now made a new post.

Sorry again

Dave

#25 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,317 posts

Posted 04 July 2004 - 09:44 AM

No problem, david_35. :)
I deleted your post with the log - thanks for starting http://www.spywarein...topic=12858&hl=

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#26 huckle

huckle

    Member

  • New Member
  • Pip
  • 2 posts

Posted 04 July 2004 - 11:09 AM

:thumbsup: :bounce: :rofl: thanks so much!! :D
this helped me out loads
huckle

#27 mw64

mw64

    Member

  • Full Member
  • Pip
  • 2 posts

Posted 04 July 2004 - 11:14 AM

Should about:buster also fix 'allaboutsearching'? I'm not sure if it's the same issue. It fixed it yesterday, but this a.m. it was back. I reran and it's ok for now. 'allabout' was hijacking my homepage. Thanks!

M-

#28 disco51

disco51

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 04 July 2004 - 12:00 PM

did everything in the previous posts but have noticed that about:blank is still in the Hijack log. Pop-ups have calmed though. When I ran about:buster it didn't show a log, just scanned and then said it was done.

Edited by disco51, 04 July 2004 - 12:01 PM.


#29 RubbeR DuckY

RubbeR DuckY

    Marcin

  • Developer
  • PipPipPipPipPip
  • 878 posts

Posted 04 July 2004 - 12:16 PM

When I ran about:buster it didn't show a log


There wasn't anything in the white box...?


* Buster does Not fix allaboutsearching


- Anyone with information on where to obtain an installer for the sp.html variant... please send the information to Here with a title of 'cws information'.

That way i can get Buster updated to help many many many and many more people...



Any help is greatly appreciated :)

Edited by RubbeR DuckY, 04 July 2004 - 12:18 PM.

Marcin Kleczynski
Chief Executive Officer
Malwarebytes Corporation

Follow me on Twitter or check out my Blog!

#30 biccio

biccio

    Member

  • Full Member
  • Pip
  • 7 posts

Posted 04 July 2004 - 12:51 PM

run-time error '5'

It appears at the last step after i press ok to start to scan



:weep:

#31 disco51

disco51

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 04 July 2004 - 01:38 PM

Rubber Ducky,

This is what I get:

About:Buster Version 1.24
Attempted Clean Of Temp folder.
Pages Reset... Done!

As I said earlier, about:blank is still in one of the lines in my HT log and IE is quite slow.

#32 RubbeR DuckY

RubbeR DuckY

    Marcin

  • Developer
  • PipPipPipPipPip
  • 878 posts

Posted 04 July 2004 - 01:45 PM

Id like to repeat this again...


About:Buster Only works on the res:// variant.

More specifically - res://<random>.dll/<random>.html#<random>

Also note only if your lucky will it work on this variant

res://<random>.dll/sp.html
Marcin Kleczynski
Chief Executive Officer
Malwarebytes Corporation

Follow me on Twitter or check out my Blog!

#33 raybo&033;&033;&033;

raybo&033;&033;&033;

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 04 July 2004 - 04:56 PM

New Canned Fix

Download About:Buster from Here
Unzip it to your desktop. Double click it and hit Ok, then Start, then Ok to start the scan. The scan should take a few seconds. Once it is done save the report. Paste the report and a new Hijack this log in a New Topic. Do not post it here.


Post a new topic



Note: No more need to tick the boxes next to random 04's and 02's

Thank you. Thank you. Thank you.

Took your directions and problem is all gone.

#34 raybo&033;&033;&033;

raybo&033;&033;&033;

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 04 July 2004 - 04:57 PM

Id like to repeat this again...


About:Buster Only works on the res:// variant.

More specifically - res://<random>.dll/<random>.html#<random>

Also note only if your lucky will it work on this variant

res://<random>.dll/sp.html

Thank you. fixed all the problems.

#35 raybo&033;&033;&033;

raybo&033;&033;&033;

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 04 July 2004 - 06:53 PM

Thank you. Thank you. Thank you.

Followed your directions and problem with res:// .... etc all gone.

#36 thats hot

thats hot

    Member

  • New Member
  • Pip
  • 2 posts

Posted 04 July 2004 - 10:22 PM

wow thanks for the fix.... this thing has been on my computer for like 2 weeks and it just kept on adding more viruses, thank god I can across this site! I like having an actual homepage instead of that res:// thing

#37 rosikins

rosikins

    Member

  • New Member
  • Pip
  • 2 posts

Posted 05 July 2004 - 01:42 AM

Rubberducky, I think you just saved my sanity. I've had about:blank for three weeks and tried everything I could find to shift it. I ran your about:buster yesterday and its been 24 hrs since I last saw that damnable "coolwebsearch" screen. You are brilliant!

Many thanks. :wave:

#38 biccio

biccio

    Member

  • Full Member
  • Pip
  • 7 posts

Posted 05 July 2004 - 04:57 AM

:bounce: :wave: :D :wave: :lol: ;) :love:

thanks Rubber Ducky, your about buster worked. u r a genius

biccio

#39 biccio

biccio

    Member

  • Full Member
  • Pip
  • 7 posts

Posted 05 July 2004 - 05:17 AM

:blush: :weep: :mellow:

Hi rubber ducky, after going on the net hte res://random.dll was still there, I runned about buster again, it seems to have worked again, but not sure, the res bug may come up again. The first time i run about buster the log said there was a program it could not remove (error removing). The second time there were lots of 'error removing'. is this important?

thanks a lot for whay you are trying to do for everyone, I would be glad to read your opinion about my case.

cheers

#40 RubbeR DuckY

RubbeR DuckY

    Marcin

  • Developer
  • PipPipPipPipPip
  • 878 posts

Posted 05 July 2004 - 09:33 AM

Post a new topic with a log. Then e-mail me at Here and i will personally handle it.


Please include a subject like Hjt log and a link to the post :)
Marcin Kleczynski
Chief Executive Officer
Malwarebytes Corporation

Follow me on Twitter or check out my Blog!

#41 biccio

biccio

    Member

  • Full Member
  • Pip
  • 7 posts

Posted 05 July 2004 - 11:31 AM

Hi RubberDucky I tried again about:bluster in safe mode, and it seems to have worked. I have rebooted and went on the net a couple of times now and everything is fine ;) :thumbsup: cheers

#42 Thankful

Thankful

    Member

  • New Member
  • Pip
  • 1 posts

Posted 05 July 2004 - 12:17 PM

Well, i registered here also, just to express my gratitude! Homepage fixed!

I've visited this site and it's various programs, but they could not stop the res://
, but this about : buster worked fine for me! Just to the other forum browers who have the same problem, i'm going to say it worked for me in safe mode, but i use windows 2000 pro.

Anyways, great work, i can't believe we have "simple" volunteers to work against these scrubby ...malware.

Just as a side note if anyone is wondering, my Kazaa lite couldn't load, and after the buster, it now works fine.

:rofl: YEEHAW i am happy as a yellow ball rolling on the ground

one last thing... i can't believe i forgot this... um how do you tell what was responsibile ? i had a huge list of .dat files and some other junk, and my adaware got rid of a lotta drivers too.
Does anyone have a clue what is responsible??

Edited by Thankful, 05 July 2004 - 12:39 PM.


#43 wdsmith

wdsmith

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 05 July 2004 - 12:22 PM

I have done all you instructed and it kept coming back until I installed a Pop-Up blocker with a "no re-direct homepage" feature. It is from History Kill on a trial basis. It seemed your fix did work until I got the next "Only the Best" pop-up. Does that suggest the parent code is loaded by the pop-up each time even after your fix?

Also, any suggestions on how to configure Network Security Service in regards to this hijacker?

#44 joeb

joeb

    Member

  • Full Member
  • Pip
  • 31 posts

Posted 05 July 2004 - 12:24 PM

please help me, i followed this procedure and found this: C:\WINNT\system32\resnhmj.dll as a hiddem dll, but when i use the Windows Recovery Console in my windows 2000 it will only let me go into the c:\winnt folder not into c:\winnt\system32 folder to find and rename this then to delete its value in the registrar lite program, so how do i get to this file? I tried changeing security settings but i cant get the local security settings to open for me to change this to allow viewing and changing of all file folders becasue i get this message when i try to allow me to access the security option tabs: "Windows cannot open the local policy database. The database you are attempting to open does not exist.", get me, im not sure why this is not working either, but i need to know how to look in the system32 folder and rename the evil/corrupted file and then delete it, how do i get into looking for it in Windows Recovery Console when i cant search the dir/ of anything other than winnt/ folder? Any help is appreciated. If i can get into c:\winnt\system32 thru the Windows Recovery Console then i can rename the file and then delete it, it will not go away by just deleting resnhmj.dll the AppInit_DLLs and delete the value. I need access to system32 folder where this file is hidden even though i checked under my computer/view/files and folders/ show hidden files and folders, any ideas fellas, i know im close to fixing the last remnant of this about:blank plague

#45 RubbeR DuckY

RubbeR DuckY

    Marcin

  • Developer
  • PipPipPipPipPip
  • 878 posts

Posted 05 July 2004 - 02:36 PM

Im not sure what you meant but here goes.


1) To Delete the file click on properties and uncheck all the boxes ... Hidden, Read only. Then try deleting...

You mean you cant access System32 at all.

2) To show super hidden folders. Goto where you check the box Show hidden files and folders. Then scroll a bit down and check show system files. Hit apply. Then try finding the file..

Remember to undo these changes later.
Marcin Kleczynski
Chief Executive Officer
Malwarebytes Corporation

Follow me on Twitter or check out my Blog!

#46 bboch

bboch

    Member

  • New Member
  • Pip
  • 1 posts

Posted 05 July 2004 - 03:57 PM

THANK YOU THANK YOU THANK YOU!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

I can't say it enough. About:Buster worked. I am by far not a tecky person but with your help I fixed and eliminated the hijack of my browser. You are the best! :rofl: :rofl:

#47 jdmroltid

jdmroltid

    Member

  • New Member
  • Pip
  • 1 posts

Posted 05 July 2004 - 06:43 PM

Sorry, it did not work for me. Initially it seemed to work but the about:blank hijacker is back with many popups. Any suggestions - I have ran other prog such as Adaware, Spybot, hijack, etc. It always comes back.

#48 kateh

kateh

    Member

  • New Member
  • Pip
  • 1 posts

Posted 06 July 2004 - 08:41 AM

I have tried running About:Buster 1.24 in safe mode.
Clicked Ok then Start then Ok and then received an error - "Run-time error '53'. File not found"

I am running Windows 98 and have also tried Ad-aware and SpyBot S&D.

Hoping you can help...

#49 Michael Wayne

Michael Wayne

    Member

  • New Member
  • Pip
  • 1 posts

Posted 06 July 2004 - 08:58 AM

The only words that I can say are THANK YOU! You don't know how happy I am. I've spent the last at least 3 days trying EVERYTHING to remove the IE hijack that was sending me to a search engine every time I clean it out. I tried everything from Ad-Aware, BHO Demon, Spyware Blaster, CWShredder, Spyware Doctor, SpyBot. Nothing. Even with Hijack This it was still there. But your program has worked wonders and I thank you.

#50 live4divn

live4divn

    Member

  • New Member
  • Pip
  • 1 posts

Posted 06 July 2004 - 10:52 AM

Thanks man, you totally fixed my computer with that.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button