• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
RubbeR DuckY

About:blank http://res fix works !!!

254 posts in this topic

SUGGESTION:

 

Make it autoupdate....or at least a check for updates button on the program. This would be the most usefull feature.

Share this post


Link to post
Share on other sites

Smiley any files are useful... send em :)..

 

also joeb the file you are talking about deleting is for the other variant... and its not that hard using FindNfix by FreeAtLast.

Share this post


Link to post
Share on other sites

Hey there About:Buster updated with 2 more MD5's.

 

Note: Version number did not change ... still 1.27. So dont be misleaded where you download it from. These are the sites with the latest 1.27

 

My Site

Subratam's site

 

Atri and Zero are not available at the moment.

 

Atri - Not online yet

Zero - FTP not working correctly and cannot update. (do not download here)

Share this post


Link to post
Share on other sites

Ok these are the variants i so far tested on... they were removed succesfully without running Ad-Aware or any other removal including Hijack this.. except for empty cleanup.

 

 

Variant One

 

Installer name: mfplay.exe and mfplay.dll

Hijack This entries:

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\mfplay.dll/sp.html (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\mfplay.dll/sp.html (obfuscated)

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\mfplay.dll/sp.html (obfuscated)

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\mfplay.dll/sp.html (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\mfplay.dll/sp.html (obfuscated)

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\mfplay.dll/sp.html (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

O2 - BHO: (no name) - {A622D3A1-CD8A-4434-89AA-348F9E02CE60} - C:\WINDOWS\System32\mfplay.dll

O18 - Filter: text/html - {A74261A2-EABB-432F-9307-B6A75D56639C} - C:\WINDOWS\System32\mfplay.dll

O18 - Filter: text/plain - {A74261A2-EABB-432F-9307-B6A75D56639C} - C:\WINDOWS\System32\mfplay.dll

 

Ran About:Buster log:

 

-- Scan 1 --------

About:Buster Version 1.30

Removed! : C:\WINDOWS\System32\mfplay.dll

Attempted Clean Of Temp folder.

Removed LEGACY___NS_Service_3 Key

Pages Reset... Done!

 

Log after Hijack This:

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\mfplay.dll/sp.html (obfuscated)

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\mfplay.dll/sp.html (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\mfplay.dll/sp.html (obfuscated)

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\mfplay.dll/sp.html (obfuscated)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

O2 - BHO: (no name) - {A622D3A1-CD8A-4434-89AA-348F9E02CE60} - C:\WINDOWS\System32\mfplay.dll (file missing)

O18 - Filter: text/html - {A74261A2-EABB-432F-9307-B6A75D56639C} - C:\WINDOWS\System32\mfplay.dll

O18 - Filter: text/plain - {A74261A2-EABB-432F-9307-B6A75D56639C} - C:\WINDOWS\System32\mfplay.dll

 

Now as you see the Hijack is removed by the red object saying file missing. This shows that the hijack is gone and removal can be done manually. Meaning just check the items above.

 

 

Variant Two (comes more advanced)

 

Notes: Apparently even though it looks very alike variant one... its more advanced and quite difficult to remove manually.

 

Installer Name: javaqr.dll

Hijack This entries:

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\szihy.dll/sp.html#37049

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://szihy.dll/index.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://szihy.dll/index.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\szihy.dll/sp.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\szihy.dll/sp.html#37049

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://szihy.dll/index.html#37049

O2 - BHO: (no name) - {BA97183C-849F-18AC-10FF-F7B7B52D6B07} - C:\Windows\javaqr.dll

O4 - HKLM\..\RunOnce: [sdkqu.exe] C:\WINDOWS\sdkqu.exe

 

(weak infection) Usually very much stronger and filled with executables.

 

About:Buster log:

 

-- Scan 1 --------

About:Buster Version 1.30

Removed! : C:\WINDOWS\ewquyc.dat

Removed! : C:\WINDOWS\javaqr.dll

Removed! : C:\WINDOWS\qwxld.dat

Removed! : C:\WINDOWS\sdkqu.exe

Removed! : C:\WINDOWS\System32\szihy.dat

Removed! : C:\WINDOWS\System32\szihy.dll

Attempted Clean Of Temp folder.

Removed LEGACY___NS_Service_3 Key

Removed Uninstall Key (HSA)

Removed Uninstall Key (SE)

Removed Uninstall Key (SW)

Pages Reset... Done!

 

Hijack This log:

 

O2 - BHO: (no name) - {BA97183C-849F-18AC-10FF-F7B7B52D6B07} - C:\Windows\javaqr.dll (file missing)

 

Only item found... It means the hijack is gone and removal is easy by ticking this item.

 

 

 

Note the next post following this one will include the hardest and most common variant of About:Buster to this date.

 

Note About:Buster 1.3 now removes both of these variants.

Share this post


Link to post
Share on other sites

Ok now the most advanced variant.

 

Variant Three

 

Installer Name: cjfhb.dll

Hijack This log:

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Marcin\LOCALS~1\Temp\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Marcin\LOCALS~1\Temp\sp.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Marcin\LOCALS~1\Temp\sp.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Marcin\LOCALS~1\Temp\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Marcin\LOCALS~1\Temp\sp.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Marcin\LOCALS~1\Temp\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

O2 - BHO: (no name) - {3C16B3A1-C793-4A5E-B3D5-F536D843057F} - C:\Windows\cjfhb.dll

O18 - Filter: text/html - {29CFD307-1A12-477E-B46A-362EACDC9EF7} - C:\Windows\cjfhb.dll

O18 - Filter: text/plain - {29CFD307-1A12-477E-B46A-362EACDC9EF7} - C:\Windows\cjfhb.dll

 

(this is a fake installation.. it would look a little different.)

 

About:Buster log:

 

-- Scan 1 --------

About:Buster Version 1.30

Removed! : C:\WINDOWS\cjfhb.dll

Attempted Clean Of Temp folder.

Removed LEGACY___NS_Service_3 Key

Pages Reset... Done!

 

(Similar to the first variant... different MD5 and filesize)

 

Hijack This log:

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Marcin\LOCALS~1\Temp\sp.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Marcin\LOCALS~1\Temp\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Marcin\LOCALS~1\Temp\sp.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Marcin\LOCALS~1\Temp\sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

O2 - BHO: (no name) - {3C16B3A1-C793-4A5E-B3D5-F536D843057F} - C:\Windows\cjfhb.dll (file missing)

O18 - Filter: text/html - {29CFD307-1A12-477E-B46A-362EACDC9EF7} - C:\Windows\cjfhb.dll

O18 - Filter: text/plain - {29CFD307-1A12-477E-B46A-362EACDC9EF7} - C:\Windows\cjfhb.dll

 

As you see the file was successfully removed and the rest can be removed manually.

 

I hope this tutorial/information helped someone... Good luck removing About:Blank..

 

 

Coming very soon removing Secure.html via About:Buster.

Share this post


Link to post
Share on other sites

Hi,

 

I tried to run the last AboutBuster 1.30 and after hiting Start it gave me "Run-time error '339': Component 'MsComCtl.ocx or one of its dependencies not correctly registered: a file is missing or invalid"

 

What must I do?

Share this post


Link to post
Share on other sites

Hello:

I also got the message regarding MsComCtl.ocx. I downloaded the missing file and restarted my computer in safe mode. I ran Ad-aware and then About Buster ver. 1.3.

 

I got the message: "run-time error'53' File not found.

 

Have I done something wrong or do I have a different version of this About:Blank problem?

 

thanks all,

 

plaing

Share this post


Link to post
Share on other sites

Ducky,

 

I thing I have the sp.html 'variant #3' you posted about, I'll try it later tonight. This hijack has been driving me nuts. Anyways... I have a winxp home pc :techsupport: and we have 4 users setup.... do I have to run your about:buster for all users?

 

Should it be run in safe mode?

 

REALLY appreciate your work! I have my fingers crossed.

 

Thank.

LEE

Share this post


Link to post
Share on other sites

Hey Folks -

 

I have been wrestling with about:blank for some time now. No matter what I do, it keeps coming back. While using HijackThis reference was made to toolbar. I checked and found in the Program Files both Toolbar and Search Toolbar folders. Inside were suspicious files, due to the date they were created. One of the files inside was called "Cursors", and I cannot get in there. I downloaded NoAdWare and ran it, sure enough, it pointed to a file in these folders called "Huntbar". If I provide NoAdWare $30, I can register the program and delete the file.

 

Is there a way to delete these files (Toolbar and Search Toolbar)?

 

I think these files are generating the file Startpage6AQ which shows up as a virus in the System Volume Information. This program then generates the .dll's that take over the browser.

 

Anway, I may be wrong, but if someone can tell me how I can delete these files, I'd appreciate it!

 

gaknutson

Share this post


Link to post
Share on other sites

gaknutson

Hey there.. No .. dont pay for NoAdware. Post a Hijack This log (in a new post).. this can be removed manually.. defintely.

 

 

ls62

Yes run it for each user and in safe mode

Share this post


Link to post
Share on other sites

The links are broken for findnfix. Does anyone know where to get it? I have the hlp.dll traojan problem and nod3d can't get rid of it.

 

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

O20 - AppInit_DLLs: C:\WINDOWS\System32\hlp.dll

Share this post


Link to post
Share on other sites

Hi Rubberducky/all,

 

First of all, huge thanks for all the help/advice posted here - I am now an expert at getting rid of this about:blank beast....

 

I say 'expert', because it somehow keeps coming back...so I get plenty of practice !

 

Most of the posts/replies here deal with fixing the problem but does anyone know what the root cause is ?

 

I run ad-aware, about:buster, cws shredder, Norton scans/live update almost on a paranoidly regular basis now. I've set up my Norton Firewall to block everything that breathes (!) to the point where I'm seemingly continually blocking Internet attempts from all sorts of 'unknown' sources.

 

Even with all these defences in place, every now and then about:blank will 'sneak in' somewhere if I let my guard down for a brief second (e.g. I might 'give in' and reply 'permit' to a Norton message box).

 

I think I might have narrowed it down to something to do with SVCHOST.EXE which persistently gives rise to Norton warnings (sometimes 10 rapid fire warnings in a row...). If I keep blocking these svchost.exe attempts I (touch wood) seem to keep the about:blank thing at bay. From what I understand, SVCHOST.EXE is a bog standard Microsoft piece of Software but no idea what it is up to in the context of what Norton is telling me...

 

Another 'pattern' I can see when I get reinfected is that I've allowed through something called c:\windows\system32\logd.dll - but I can never find this when doing a search in EXPLORER...what's that all about ?!

 

But, back to my original question, what is it that is creating these rogue .dll files on c:/windows/system32 in the first place ? Is it something that comes in from the Internet or is it something buried somewhere in the depths of a 'normal' .exe somewhere that gets triggered by opening the Internet door ?

 

The other curious thing that bothers me is, if it is something that sneaks in FROM the internet each time it comes back, why is it targetting my laptop each time but not other PCs - for example my desktop doesn't receive any about:blank attacks (although that could have something to do with it being Windows 98 ??). Even so, I don't know any of my friends who get it either on XP. Why is this thing targetting the same people on a repeat basis but not others at all ?

 

As you can tell, I'm really appreciative of all the efforts being made to get rid of it once it gets on one's system but to me we should be looking at prevention rather than cure ? I've no idea how to prevent it reappearing on my laptop in the first place without rejecting internet attempts via Norton for things that look perfectly innocent on the surface....

 

Any info on the root cause of this ? (sorry for the overly long post !)

 

Cheers,

Martin

Edited by trousers

Share this post


Link to post
Share on other sites
Its been 2 weeks now of no cool web search, about:blank, the 8 green bugs having sex, all the pop ups are gone, the homepage hijacking, the adware buying and system spyware popups to get you to buy some removal proggie..., i have the solution posted below but some are missing it, it is harder to do but fixes the c: drive. The secret is finding the system32 folder file that is 57,344 bytes, thats not easy since this program hides itself as not shown even if you turned show all folders "on", you need to do that and go into the control panel to local security settings and change what i did below then you cna see the file. Also now that you see it you wont be able to just delete it either, you need to again make sure your the system administrator and have all control over tall files and change the properties on the file like i did below, then it can be deleted. See this file spawns random other dll files that we think are the culprit, they engage when you sign onto the web after you delete the dll file that gets spawned rendomly by the 57,344 dll culprit file, this is wht needs to be removed or all other problems will return. So a simple scan of you computer for files that are 57,344 will not show this file, you need to do the steps below that i did and then it will show up, i have windows 2000 so its not the operating system, its this dll vivus thats at fault. So you can find the root cause dll and erase it(not its spawned random dll file) or you can just reinstall your winnt/ windows folder into a windows/windows named folder like i did, the problem is that the culprit file also if on your system turns off you ability to change your local security settings under security options,recovery console-allow floppy copy and access to all files and folders must be set to ENABLE not DISABLE, if you cant change this youll never be able to see or delete the 57,344 dll cause file. This program actually does disable your ability to change this setting if your infected, so i had to do what i did below, after that i could and did have the option to finally change any and all settings to enable.

 

 

 

ITS DONE !!! well i went with my gut on this one, i figured out how to get access and control over my files then i changed this bad files attributes and then it allowed me to delete it and the folder and then i deleted it from the recycling bin... I first went into start-settings-control panel-administrative tools-local security policy-local policies-security options-and changed both recovery console options to enable from disable(this allows access and floppy copy to all drives and all folders, then i went into the bad file i had named about_blank and went into properties-security-advanced-owner which was my name and then i changed myself to owner of the file, which i am the current administrator anyhow. Then clicked apply, then ok, then went into permissions under my name which now say "allow" and "full control" then went into changing all permissions to allow a checkmark in "full control,modify,read &execute,list folder contents,read, write and allow inheritable permissions from parent to propagate to this object all checkmarked to allow me permission. Then of course rebooted after applying the new settings, then came back into the folder and deleted the file 1st, then the folder 2nd then looked in the recycle bin to see if it went there and it did,then emptied it all out, then rebooted, then looked and it was all gone for good. then ran a search to make sure it was gone and it was, i do believe i am one of only a few now who totally got rid of this about:blank cool web search virus but i had to reinstall windows into another folder other then "winnt" and do alot of copy and pasting and then updating of all my programs but it took less than 3 hours or so and i got all the old windows 2000 files and viruses deleted, i think im free, thanks for the help but in the end i did it myself

Hi JoeB - this sounds like the answer to my last post (i.e. the search for the root cause) - any chance you could summarise what you did in a step by step fashion as it is diffiicult to follow what you did precisely as you've described it in one long paragraph. Sorry for asking for this but my brain has just about packed up !

cheers,

martin

Share this post


Link to post
Share on other sites

I used About:Blaster yesterday to remove About:Blank. It worked, but now I have no sound, my WinAmp is going crazy and flipping from song to song 5 times per second, there is no sound out of Media Player, and when I try to open task bar volume, it says "no active mixer devides...". In fact, in Sound properties in Control Panel, most options and pull down lists are greyed out. HELP !?

Share this post


Link to post
Share on other sites

Hi Rubber DuckY - Your doing a terrific job here!!! Great guidance and advice.

 

I need your help on 2 areas:

 

I ran the about buster you offer and in the end of the run my Browser Hijack blaster told me that my home page and search page were changed to Google!!???

Any ideas on that??

 

Also, I read your instructions on how to deal with the notepad.exe.bak in the System 32 and System folders. Every time I would delete or move Notepad.exe, the file would be recreated with the same date stamp. How do I safely remove the file??

 

Thanks,

 

Unklebob

Share this post


Link to post
Share on other sites

Angelus

The link is back up now :)

 

Unklebob

a) About:Buster changes your homepage to Google.com so that you can notice the change About:Buster made. If it reset it it would make it About:Blank and that would make it confusing because About:Buster should be removing About:Blank (the cws) and About:Blank (the homepage) is safe to have... if you set it.

 

b) Boot into safe mode

 

Booting into safe mode.

Share this post


Link to post
Share on other sites

Rubber DuckY:

 

Thanks for the tips!!

 

About booting in safe mode to delete the notepad.exe: Is the recreation of the notepad file a Windows function or another piece of spyware logic, just like the appinit_dlls registry entry that recreated the random dll file in Windows, system32?? If its the latter, I'd rather make the effort of deleting the registry entry.

 

BTW- This is on a Win 2000 Server SP4 system, using Cable modem with a Snap Gear Hardware firewall.

 

Thanks again,

 

Unklebob

Share this post


Link to post
Share on other sites

Hi RubberDucky,

 

Are you able to offer any thoughts on JoeB's post re: the root cause of this ?

 

I'd much rather get rid of the root cause than having to keep running the cure tools (superb though they are)

 

cheers,

martin

Share this post


Link to post
Share on other sites

By root cause of this.. do you mean where it was installed and how to prevent getting it... or stop it from replicating?

Share this post


Link to post
Share on other sites
Angelus

The link is back up now :)

 

Thanks. I'm now able to run the AboutBuster but it's still not resolving the 'about:blank problem, it keeps coming back. What's the next step?

Share this post


Link to post
Share on other sites

Please note, the 3d variant is only sometimes removed. If it didnt work for you please start a new topic and someone will help you.

 

I am currently working on the fix for it... for all the computer experts here is the gist. The cws injects itself into every .exe making it impossible to remove. I believe it even does it in safe mode. The solution is to renaming the AppInit_Dll's key, rebooting, deleting the .dll, and restoring the key. Now the problem is id test this out... but i dont want to hose down an OS.

 

I will try to get this fix done in a few days. I would use a virtual Pc but it does not infect itself properly on that.

 

 

DuckY

Share this post


Link to post
Share on other sites

Hey ducky, great program!! Thumbs up. This isn't really anything bad, but say someone runs a scan and it doesnt remove any files because it didn't delete any, then it shouldn't reset the homepage to google, because there was nothing wrong. Just a suggestion. I'm sure it's not a complicated code fix. Thanks again for a useful program!!

Edited by pomp86

Share this post


Link to post
Share on other sites

Is there a page or could someone give me instructions how to remove the sp.html ---about:blank using aboutbuster.....thanks

Share this post


Link to post
Share on other sites

RubbeR DuckY WHAT CAN I SAY? YOU ARE TRULY THE BEST!!!!!!!!!!!!!!!!!!!!!!!!!!!

:wave:

 

You really saved my computer from that stupid About:Blank crap! :)

 

The best way to know if this worked, once you restart your IE will go to it's default page which is www.microsoft.com

That is how I know this is out of my computer for good! My computer also runs very fast as well. Also Ad-aware also has an update for this virus as well, so that won't hurt to scan your computer with that as well! Also with Spybot to after you do all the steps RubbeR DuckY has told you to do!

 

RubbeR DuckY, I would marry you but you are not Lindsay Lohan! J/K :rofl::D

 

I hope everyone else gets this crap out of there computer and up and running really soon! Thanx once again! :):wave:

Share this post


Link to post
Share on other sites

I'd like to take a moment to thank SWI, RubberDucky, joeb, and everyone else who has contributed to this thread.

 

Back on May 18th (yes, two months ago), my computer became infected with some sort of CWS variant. All the tools I had at my disposal (CWShedder, Ad-Aware, NoAdware, Spybot Search and Destroy, and HijackThis) removed the symptom (the BHO) but failed to remove or even detect the cause (the super-hidden dll in the system32 folder).

 

Sorry, RubberDucky, but your tool didn't solve my problem. I didn't have the res:// variant of the bug. But I do thank you and applaud your continued efforts to rid the world of this garbage. Keep fighting the good fight.

 

After reading through this thread, I was able to finally remove the file that was causing the repeated reinfection - mostly from the posts of joeb. I have a copy (don't know how it got there ;)) of NTFSPRO - an application that allows you to read and write NTFS partitions from DOS. I have it burned onto a bootable CD. The file that was causing my problems was C:\Windows\System32\ctlndio.dll. Like joeb, I was unable to see the file at all from Windows, Windows in Safe Mode, or a DOS box. Once I booted the machine from the CD, I was able to see the file. Then I could rename it and delete it.

 

I would suspect that there would be another way to delete the file if you don't have NTFSPRO laying around. I think that if I took the hard drive out of the machine, inserted it into my portable USB hard drive enclosure, then plugged it into my other machine, I should be able to see and delete the file. The same should be true if the drive is simply connected to another machine via the IDE interface (or SCSI, if that's the case). I did not try this but I think it would work. Hopefully this helps someone else that is in the position I was in for two months.

 

If anyone, and I mean anyone, finds out who wrote this garbage, PLEASE provide me with a name and street address. I'd like to "call in a favor."

Share this post


Link to post
Share on other sites

I cant exactly tell you the address as if i had it.. id be on vacation. I can however tell you a few things.

 

PGPhantom - Edited to remove peoples names. Please do not post the names of people assumed to be responsible. We are int he spyware removal game, not in the game of giving out names to start a war... Thank you for your consideration.

Share this post


Link to post
Share on other sites

what a pain about blank is Spybot "found"nothing

Ad-ware found "12 problems says it got rid of them ( not )

Browser hijack blaster " says your bio's home page changed and will change it back to google well until i switch my computer back on.

 

A friend told me about Trend micro free online virus scan found 1 troj horse computer back to normal no more (about blank) the only problem it knock my printer off. Got printer back on now but no icon on the bottom right screen ?

Also nero express is not working? deleted it reinstored it no luck there?

I'm not that good on these computers please help !

Share this post


Link to post
Share on other sites

14\2133 Items Scanned ?

About:Buster will now shut explorer.exe box keeps popping up.

Do I need to keep clicking on YES until all Items are scanned?

Or is this thing replicating?

Share this post


Link to post
Share on other sites

Reboot into safe mode and you will not receive as many errors removing files... Buster tries to shut down explorer.exe to remove .dlls :) that way more files could be removed.

Share this post


Link to post
Share on other sites

I scanned with hijack and now tried to do the same with AboutBuster, but when I try to start this, it says: Run-time error '339'

Component 'MsComCtl.Ocx' or one of it's dependencies not correctly registered: a file is missing or invalid

Share this post


Link to post
Share on other sites

Hi Rubber Ducky !

 

Before i came to this board and saw your threads removeing about blank. As you no i got rid of it, now it seems that all my vid clips have changed or converted them selfs to media player format its not a problem.

 

But how or way as it do this? Also sometimes a little icon top left of my screen comes on when trying to play some clips in media player asking me if i want to download microsoft Active x gallery ????

 

It all started since " about blank "

 

help please ! :scratchhead::grrr: :weep:

 

i'm useing "windows me"

Share this post


Link to post
Share on other sites

I think my media player was messed with by the CWS trojan too. It got renamed to .bak sane time my notepad.exe got renamed. I uninstalled it and reinstalled it.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0