• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
RubbeR DuckY

About:blank http://res fix works !!!

254 posts in this topic

Your welcome to anyone who said thank you.

 

Note: Don't be afraid to send any files you suspect are linked to any variant of About:Blank. I need files to help people...

 

I haven't had one person send a file unless i personally requested it.

 

Send them here Here or Here.

 

 

For the second e-mail include the link to this post and my name.

Share this post


Link to post
Share on other sites

Version 1.25 released today!

 

Added a button which sends you to a website talking about how you go infected in the first place.

 

One MD5 added.

 

 

Atris site does not have the new version yet.

 

Sites hosting the new version

 

ZerosRealm

Subratam.org

Share this post


Link to post
Share on other sites

ok i have reinstalled windows 2000 and installed windows into a "windows" named folder and not the regular default "winnt" named folder. This was done to isolate the bad file. Turns out the file is 57,344 kb like all have said too. I can go into my old "winnt\system32" folder now and find the file, its not hidden anymore due to the folder not being used for windows since i am running windows out of the new "windows" named folder i created. So since the file is now not hidden, called resnhmj.dii, i was able to rename it to about_blank or any other name but i can not delete it, i can not delete the "winnt\system32" folder either, i also dumped for a test every file into my recycling bin from the old "winnt\system32" folder and it lets me delete every file except 1, guess... right the resnhmj.dii (renamed about_blank). So im stuck, windows runs perfect now, i get no popups or homepage hijacks but i still would like to dump this damm piece of crap file. I try to delete it and i get the message "cannot delete about_blank: Access is denied. The source file may be in use" also then i try to change its attributes from "read only" to uncheck that but when i hit apply i get an error message "An error occurred applying attributes to the file C:system32\about_blank Access is denied. I put the file on my C drive and it sits inside a system32 folder that came from the old winnt windows folder so you follow me. So basically i can change the files name, see its properties, but i cant delete it or change its attributes, so know what or how to delete this thing? Also i tried looking at the file thru the Windows Recovery Console but when i go to the folder its inside i get a "denied access" message so i cant access or vies this file or delete it from the recovery console. So i got it isolated but how to kill it off my system? Should i try to change system security settings now under local security properties in the control panel? please guys im so close to fixing this for good now, well at least to i stumble across it again surfing the web... thanks for any ideas to delete the folder and 1 file inside.

Share this post


Link to post
Share on other sites

Hey joeb.

 

Download KillBox. Run the program and in the box type in the path the the file. Hit delete. If that doesnt work... Tick the box delete on reboot. Then let it run on reboot.

 

 

See if that works?

Share this post


Link to post
Share on other sites

i tried both ways, it will not delete this file, i even set it to delete it at reboot but the system32\about_blank file and folder is still there on my c: drive, now what? change my security local properties settings?

Share this post


Link to post
Share on other sites

ITS DONE !!! well i went with my gut on this one, i figured out how to get access and control over my files then i changed this bad files attributes and then it allowed me to delete it and the folder and then i deleted it from the recycling bin... I first went into start-settings-control panel-administrative tools-local security policy-local policies-security options-and changed both recovery console options to enable from disable(this allows access and floppy copy to all drives and all folders, then i went into the bad file i had named about_blank and went into properties-security-advanced-owner which was my name and then i changed myself to owner of the file, which i am the current administrator anyhow. Then clicked apply, then ok, then went into permissions under my name which now say "allow" and "full control" then went into changing all permissions to allow a checkmark in "full control,modify,read &execute,list folder contents,read, write and allow inheritable permissions from parent to propagate to this object all checkmarked to allow me permission. Then of course rebooted after applying the new settings, then came back into the folder and deleted the file 1st, then the folder 2nd then looked in the recycle bin to see if it went there and it did,then emptied it all out, then rebooted, then looked and it was all gone for good. then ran a search to make sure it was gone and it was, i do believe i am one of only a few now who totally got rid of this about:blank cool web search virus but i had to reinstall windows into another folder other then "winnt" and do alot of copy and pasting and then updating of all my programs but it took less than 3 hours or so and i got all the old windows 2000 files and viruses deleted, i think im free, thanks for the help but in the end i did it myself

Share this post


Link to post
Share on other sites

I removed it by using

 

http://www.computing.net/security/wwwboard/forum/11527.html

 

given by steve1308

 

I did not use About Buster, since it was gone for me.

 

One problem left though. I can not link my .txt file to notepad. I can only open it with Start->Programs->accessories->notepad.exe->open file->locate my .txt file.

 

How can I recover my notepad.exe please?

 

Thanks.

Edited by xpy1999

Share this post


Link to post
Share on other sites

Hey xspy.

 

Find the file called notepad.exe.bak. If it is present, and only if, delete notepad.exe and rename notepad.exe.bak. Do that in the Windows folder and System folder.

Share this post


Link to post
Share on other sites

I have seen about 50 posts of users saying they either love or hate this program. All of this is fine. I am taking all your suggestions and inputing them into the next version.

 

Now as i like that all these users are posting, i would also like input from experts. See where they stand on this.

Share this post


Link to post
Share on other sites
Hey xspy.

 

Find the file called notepad.exe.bak. If it is present, and only if, delete notepad.exe and rename notepad.exe.bak. Do that in the Windows folder and System folder.

Magic! Worked! You are the man! :D

 

Thanks.

 

Peter

Share this post


Link to post
Share on other sites

This seems to have worked for me too, however I do have 1 problem. I followed the advice on the Cool Web shredder and uninstalled Microsoft Java and now I've tried installing the Sun version and in tells me the is a problem and I can't instll it. I've tried doing a system restore back to a date before this hit & I removed Java, and that is not successful either. One other question, I went into the regedit and looked at Internet Explorer Main registry and about:blank is still there in the Home OldSP. SHould that be?

 

I am running Windows XP Pro.

 

Thanks in advance for any help

 

Mark

Edited by Sparkman

Share this post


Link to post
Share on other sites

Hey! About the Sun java problem are you using the manual or automatic download.

 

And about the about:blank as OldSP. I dont think thats a problem... Post a log in a new topic and we'll check it out.

Share this post


Link to post
Share on other sites

using the automatic download

 

Sorry, I'm pretty new at this, how do you post a log?

Edited by Sparkman

Share this post


Link to post
Share on other sites

Please do this. Start a New Topic in this forum.

Download 'Hijack This!'. http://www.spywareinfo.com/~merijn/files/HijackThis.exe

Save it in a convenient permanent folder such as C:\HJT\, double click HijackThis.exe, and hit "Scan".

 

When the scan is finished, the "Scan" button will change into a "Save Log" button.

Press that, save the log, Ctrl-A to Select All, and copy its contents into your topic.. Most of what it lists will be harmless or even essential, don't fix anything yet.

Share this post


Link to post
Share on other sites

Ducky is to slow for cnm. :)

 

Hey SparkMan. Pardon me i should have told you how. Follow the link in my signature that sais Hijack This help page.. etc.. Follow the directions on that site on how to obtain a Hijack This log.

 

Then start a new topic in the Malware Removal forum. Include the log there.

 

About the Automatic Download. Download java manually to your desktop. Install from there.

Edited by RubbeR DuckY

Share this post


Link to post
Share on other sites

This fix works like a charm.

Thanks for working so hard on aboutbuster. Everyone donate to it.

I was hijacked for weeks! :D

Share this post


Link to post
Share on other sites

Version 1.26 is out. Not a big deal. Just added options for multiple scans.

 

The report will look like

 

-- Scan1 -------

...

... files found

Done!

 

-- Scan2 -------

 

etc...

Share this post


Link to post
Share on other sites

RubbeR DuckY, you are an absolute genius. Thank you so much for taking the time to write this program. If it's still gone within a week, I promise I will donate to you for this. No word of lie, you are a legend.

Share this post


Link to post
Share on other sites

Hey Ducky, thanks for your hard work on this!

A request, if you please: Would you update the version number in the program's version info? It still says version 1.0.0.0.

Share this post


Link to post
Share on other sites

HAHAHA.. Thanks i forgot :p. So preocupied with updating the dang thing.

 

Thank you :p

Edited by RubbeR DuckY

Share this post


Link to post
Share on other sites

About:Blank is driving me nuts. I'm trying to fix using your instructions. Couple of quick questions. When in hijack this, what do you mean by random 04 and bho. I have both, not sure what you mean by random though. Also, should I do both hijack this and about buster in safe mode? Even when I do this, when I boot back up in normal mode, should I go immediately to internet options and reset home page? Thank you.

Share this post


Link to post
Share on other sites

Hey guys. I just updated and ran adaware and the http://res problem my computer has been having is fixed. Did Adaware put out a fix for this?? I see you are all using this new buster program to fix this problem. Just wondering how my comp got fixed if adaware didn't release an update. thanks!

Share this post


Link to post
Share on other sites

Ad-Aware fixes the symptom, but leaves a large number of bad files that could be reactivated. About:Buster removes those.

Share this post


Link to post
Share on other sites

Ran all this last night and About:blank is back now tonight. I'm about ready to throw the damn computer away. I'm not knowledgeable enough to do this all. If I put the system restore disk in to start over from scratch, will this wipe out this?

Share this post


Link to post
Share on other sites

Here'a what I get when I run about buster:

 

About:Buster Version 1.25

Error Removing! : C:\WINDOWS\System32\pnhi.dll

Attempted Clean Of Temp folder.

Pages Reset... Done!

Share this post


Link to post
Share on other sites

I have been working on the sp.html variant of this for days. It is on my mother-in-laws Windows XP hom box in New Mexico, and I am not there so most of this is done over the phone.

Guess the first question is does about:buster now work on this variant?

The last steps we took are as follows:

system restor off

Pandasoftware online scan

staruplist

cwshredder

hihackthis (fix problems)

apm to check for the dlls.

 

This last time I had her run 2 days without system restore and tonight we ran thru this procedure again. Turned on system restore and it came back. So it must be somewhere in there. I have no clue how to get in there, where system restore items are or the fix. But that may give yall a hint as to where to look.

 

Would appreciate help on this one. Also, do ya'll want a new topic on this?

 

thanks

 

tkelley

Share this post


Link to post
Share on other sites
Ran all this last night and About:blank is back now tonight.  I'm about ready to throw the damn computer away.  I'm not knowledgeable enough to do this all.  If I put the system restore disk in to start over from scratch, will this wipe out this?

I am seriously considering wiping my drive by writing zeroes to it ( fdisk ) and reformatting the damned thing, and then reinstalling from ROM CD's to get what little I need to have a functioning browser & email.

 

So far, nothing gets rid of this garbage permanently.

 

Very seriously considering Linux.

Share this post


Link to post
Share on other sites

Hmm if the problem is not going away do this. Reboot into safe mode. Directions. Then in safe mode. Run Hijack This and tick the box next to the 02 that looks randomish. It will have a (no name) in front and look pretty random. If you need any help recognizing this post a new topic. Then once that is done. Run About:Buster 2 times to clean everything up. Restart into normal mode and post a Hijack this log in a new topic.

 

Somebody should help you remove this.

 

Note: I do not have enough resources for this to work on the sp.html variant... But If you run About:Buster and you get 1 .dll that sais Error Removing! thats the file thats causing you the problem. Note there will be no .exes and .dats in the sp.html variant.

Share this post


Link to post
Share on other sites

Hey Rubber Ducky,

 

you're a lifesaver. I got hijacked by about:blank and it was just not going away. I tried adaware, spybot S&D , killbox, a2 guard, spywareguard, CWS Shredder, Hijack This, Win Patrol etc etc, Some of them found the problem but it kept coming back when I restarted, sometimes to a lesser extent, sometimes greater.

 

Well to cut a long story short, I tried your About Buster and it's finally gone ( I hope).

You're a star. It was so annoying. I couldn't use google, yahoo or other search engines and it stopped me going to forums like this one for help. I had to go to another computer to access your page. I know it's gone now that theses pages are back on.

 

Lastly anything I can do to prevent it coming back? Are those programs listed above enough?

 

cheers man

 

Kingosh

Share this post


Link to post
Share on other sites

Rubber Ducky. I'm new to the forum. New to having a hijacked browser too. In safe mode, I scanned with Spybot S&D, used hijackthis and removed all random bho and and anything with about:blank. There are some r0 and r1 without about:blank. Should I just leave them alone? anyhow, used your program and checked internet options in safe mode and my home page comes up google. I think great, then shut down, power up and about blank comes up. I see all the cures and I wonder what I'm doing wrong to correct problem. Thanks.

Share this post


Link to post
Share on other sites

Post a new topic in Malware Removal. I will be around to help you.

(*Include a Hijack this log*)

 

Also to everyone else. I updated About:Buster to include a progressbar. Will be up in 5 minutes. Note: Version still sames 1.26

Share this post


Link to post
Share on other sites

Hello. Ive updated About:Buster to 1.27.

 

*Removes 36 MD5's and checks with about 10 Filesizes to complete its detection.

--------------------------------------------------------------------------------------------

 

Download

Share this post


Link to post
Share on other sites

I had real problems with About:blank . I tried everything posted here and it still came back after using Google etc. I have now been free of it for 4 days and the pc is running faster than it has for ages.

 

Try this: Boot up in safe mode. Run Adaware 6 with the latest updates and configure it as described here http://forums.spywareinfo.com/index.php?showtopic=11150. Delete everything it finds and then run About Buster twice. (This "stuns" the problem and will let the next step run) Reboot in normal and run Trend Micro' Housecall http://housecall.trendmicro.com. Do not use a search engine as this will start up the virus and you'll be back to square 1. Delete everything it finds. You may need to resart in safe mode and manually delete some of the files. I had 13 Trojans and worms not detected by Norton!

 

Resart in safe mode and run Adaware again followed by About Buster.

 

If you have problems with the Housecall crashing make a note of any files found, delete them and try again.

 

Good Luck

Share this post


Link to post
Share on other sites

Still have problem. Downloaded latest version of AboutBuster 1.27 and I am getting a Run-time Error '339' missing Mscom.ctl.ocx when I run AboutBuster.

Anyone know what I can do to fix this and get AboutBuster running again. Thanks.

Share this post


Link to post
Share on other sites

Tip of the hat to RubbeRDuckY!!! I followed DuckY's instructions regarding the current CWS variant; that is, use AboutBuster as instructed, and I'm clean. Be glad to post my logs if it would be useful to anyone. By the way, what does the following sentence mean? "Fix all random O4's and the random bho in HiJackThis." I looked through my HJT log and identified the O4's and the BHOs, but since "random" did not appear in any line, I didn't check any, and AboutBuster worked like a charm. DuckY, thanks again. :D:D

Share this post


Link to post
Share on other sites

Fixing the random 04's and 02's is complicated. Luckily About:Buster 1.24 - 1.27 already do it for you. If you are still having problems removing the variant in safe mode and normal mode post a log and someone will help you remove the leftovers.

 

Note: Can people who have been infected and are now entirely clean do this.

 

Right click 'My Computer'. Hit 'Manage'. Expand 'Services and Applications'. Highlight 'Services. The right pane should fill up. Double click 'Network Security Service'. Post the error here. If you get an error like 'System path cannot be specified', then i know About:Buster is doing its job.

 

If you cannot follow the above directions dont bother :)

Thanks!

Share this post


Link to post
Share on other sites

[*Do not use a search engine as this will start up the virus and you'll be back to square 1.*] 

 

You're putting the cart before the horse. Always run a scan of your HD with your antivirus in safe mode FIRST before using any other utility including Ad-aware or About:Buster.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0