Jump to content


Photo

About:blank http://res fix works !!!


  • This topic is locked This topic is locked
253 replies to this topic

#201 smnitro1

smnitro1

    Member

  • New Member
  • Pip
  • 2 posts

Posted 20 July 2004 - 05:09 PM

I did this scan in safe mode.
Buster says I have over 2000 items scanned.
Is that how many files need to be removed?
Will it remove files I need?
Do I need to click yes every time buster promps to close IE.
Until I reach 100%?
Thanks

#202 RubbeR DuckY

RubbeR DuckY

    Marcin

  • Developer
  • PipPipPipPipPip
  • 878 posts

Posted 20 July 2004 - 07:04 PM

smnitro1

Hey..

Buster says I have over 2000 items scanned. Is that how many files need to be removed?


No... that is how many files are in your Windows and System folder.

Will it remove files I need?


No... It will simply remove files associated with this trojan.

Do I need to click yes every time buster promps to close IE.
Until I reach 100%?


No... You can always click No :p ... To not have as many errors reboot into safe mode and run Buster.
Marcin Kleczynski
Chief Executive Officer
Malwarebytes Corporation

Follow me on Twitter or check out my Blog!

#203 MattCharles

MattCharles

    Member

  • New Member
  • Pip
  • 2 posts

Posted 20 July 2004 - 09:55 PM

:grrr: NNNNNNNNNNNNNNOOOOOOOOOOOOOOOOOOO!!!!! :alarm:
:grrr:

OK, This is still in my computer About:blank won't LEAVE ME ALONE! Come on this is so annoying why can't I get it out of my computer? :(
I am with Windows 2000, I did everything Rubber Ducky I booted in safe mood and used about buster 3.1 the latest version, now the crap is back on my computer, what do I do now! :(

#204 skiptracerbob

skiptracerbob

    Member

  • New Member
  • Pip
  • 2 posts

Posted 21 July 2004 - 10:54 AM

Hey there ducky,

erm, i have the about:blank problem, i have run several programs to try and get rid of it which have not succeeded, and have now tried to run the about:buster program. The buster runs until 50% completed and then asks if it can shut down my computer to get rid a file it has found. It then shuts my computer down to a blue screen telling me that it has had to close my computer down because of potential damage to my computer.

Please help. I have a hijackthis log if you would like to see that.

thanks a lot,

bob

#205 trousers

trousers

    Member

  • Full Member
  • Pip
  • 10 posts

Posted 21 July 2004 - 04:05 PM

By root cause of this.. do you mean where it was installed and how to prevent getting it... or stop it from replicating?

Hi Rubber Ducky,

I'm refering to the replication factor and the removal of the 'hidden' files that both JOEB and DJ BARCODE have posted 'how to find it' posts.

Being a simple chap I'm struggling to follow the advice on how to get rid of the hidden files that are creating the visible symptoms that about:buster, CWS shredder, ad-aware and the like CAN get rid of.

Is there no way that about:buster etc could be enhanced to search for the hidden files too and get rid of them as well ? That way, the visible symptoms opf the problem won't reoccur. i.e. prevention rather than cure ?

Cheers again for all your help.

Joeb/DJ barcode - are you able to 'publish' a step by step 'idiots guide' on here to remove the hidden files ?

Cheers all,
MArtin

#206 RubbeR DuckY

RubbeR DuckY

    Marcin

  • Developer
  • PipPipPipPipPip
  • 878 posts

Posted 21 July 2004 - 04:31 PM

Hey there.. im sorry i cant tell you what files to delete. They are all random filenames and posting on how to find them would mean a few 100 pages to recognize which program is bad. About:Buster DOES search hidden files.. apparently its missing something. If you find a file that its missing please send a copy of the file.

skiptracerbob - when it asks to shut down say no... then boot into safe mode and run it again.
Marcin Kleczynski
Chief Executive Officer
Malwarebytes Corporation

Follow me on Twitter or check out my Blog!

#207 trousers

trousers

    Member

  • Full Member
  • Pip
  • 10 posts

Posted 21 July 2004 - 04:31 PM

After reading through this thread, I was able to finally remove the file that was causing the repeated reinfection - mostly from the posts of joeb. I have a copy (don't know how it got there ;)) of NTFSPRO - an application that allows you to read and write NTFS partitions from DOS. I have it burned onto a bootable CD. The file that was causing my problems was C:\Windows\System32\ctlndio.dll. Like joeb, I was unable to see the file at all from Windows, Windows in Safe Mode, or a DOS box. Once I booted the machine from the CD, I was able to see the file. Then I could rename it and delete it.

Hi DJ Barcode,

I've downloaded and installed NFTSDOS Professional. I started to run it and follow the boot disk wizard but not knowing enough about PCs and how they work I started to get cold feet when it started asking me for 'system file location' and the like.

Would you be able to post some laymans step by step instructions on how to use NFTSDOS Pro so that I can be confident that I'm not about to move/touch (etc) any system files that could mess my PC up for good (knowing my bad luck !!)

I don't even know what NFTS means so I need spoon feeding !

Cheers if you can help.
Martin

#208 trousers

trousers

    Member

  • Full Member
  • Pip
  • 10 posts

Posted 21 July 2004 - 04:33 PM

Hey there.. im sorry i cant tell you what files to delete. They are all random filenames and posting on how to find them would mean a few 100 pages to recognize which program is bad. About:Buster DOES search hidden files.. apparently its missing something. If you find a file that its missing please send a copy of the file.

skiptracerbob - when it asks to shut down say no... then boot into safe mode and run it again.

Hi Rubber Ducky - thanks for the reply. Hopefully I'll get somewhere with this NFTS 'hidden file tool'....
cheers,
Martin

#209 skiptracerbob

skiptracerbob

    Member

  • New Member
  • Pip
  • 2 posts

Posted 21 July 2004 - 07:45 PM

hi,

at the risk of sounding like a retard, how do i get it into safe mode?

Ive got xp professional, and any attempts to get my computer into safe mode have not worked so far. Ive gone to the configuration menu by pressing F8 as it boots up but have not been able to find anything of help.

Your help is much appreciated,

bob

#210 RubbeR DuckY

RubbeR DuckY

    Marcin

  • Developer
  • PipPipPipPipPip
  • 878 posts

Posted 21 July 2004 - 08:02 PM

Ok when you tap F8 during boot a menu popsup. The thing that is selected is boot windows normally. Press the up and down arrow keys to get up to Boot Into Safe mode. Then hit enter.
Marcin Kleczynski
Chief Executive Officer
Malwarebytes Corporation

Follow me on Twitter or check out my Blog!

#211 smibill

smibill

    Member

  • New Member
  • Pip
  • 1 posts

Posted 22 July 2004 - 03:07 AM

:grrr: here is my log from hijack this, any help is appreciated, I have tried quiet a few programs but it keeps reverting to res//
Logfile of HijackThis v1.97.7
Scan saved at 3:55:28 AM, on 7/22/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\System32\NMSSvc.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\WINNT\System32\svchost.exe
C:\WINNT\netsq32.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\NetZero\exec.exe
C:\WINNT\system32\d3rp32.exe
C:\WINNT\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\wqtue.dll/sp.html#28129
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://wqtue.dll/index.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://wqtue.dll/index.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\wqtue.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://wqtue.dll/index.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT\system32\wqtue.dll/sp.html#28129
O2 - BHO: (no name) - {74C7113B-BBFB-3956-1721-47A7E10DA6FB} - C:\WINNT\system32\winpr.dll
O4 - HKLM\..\Run: [Services Process] C:\WINNT\system32\config\services.exe
O4 - HKLM\..\Run: [d3rp32.exe] C:\WINNT\system32\d3rp32.exe
O4 - HKCU\..\Run: [uoltray] C:\Program Files\NetZero\exec.exe regrun
O17 - HKLM\System\CCS\Services\Tcpip\..\{F5E854EA-5F42-418C-95CE-AA4056F706AF}: NameServer = 64.136.28.120 64.136.28.133

#212 rickstevo

rickstevo

    Member

  • Full Member
  • Pip
  • 3 posts

Posted 22 July 2004 - 05:50 AM

come on Rubberducky I get run time error 53.Do you have a solution or not.Or is it tohardto answer.

#213 NoSkills

NoSkills

    Member

  • New Member
  • Pip
  • 2 posts

Posted 22 July 2004 - 06:53 AM

Had the about blank problem for a month. I had tried everything to permanantly rid my PC of this pest. Two days ago I tried the sphjfix and WOOHOO it worked! Sure was alot easier than the instructions I was reading for removing the hidden DLL file.

#214 RubbeR DuckY

RubbeR DuckY

    Marcin

  • Developer
  • PipPipPipPipPip
  • 878 posts

Posted 22 July 2004 - 12:37 PM

come on Rubberducky I get run time error 53.Do you have a solution or not.Or is it tohardto answer.

Might be :p
Can you please give me a full description of the error.. like write it down somewhere. Then type it up here.. thank you :D
Marcin Kleczynski
Chief Executive Officer
Malwarebytes Corporation

Follow me on Twitter or check out my Blog!

#215 TheDeadPhenom

TheDeadPhenom

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 22 July 2004 - 03:42 PM

This didnt help remove that about:blank. I really want that removed. Can anyone tell me how I can get it removed? I even went in Safe Mode to try and remove it. That didnt work either. :( Can anyone tell me how I can remove it?

Edited by TheDeadPhenom, 22 July 2004 - 03:56 PM.


#216 NoSkills

NoSkills

    Member

  • New Member
  • Pip
  • 2 posts

Posted 22 July 2004 - 06:38 PM

Did you try the SPHJFIX? Worked for me when nothing else would :techsupport:

http://forums.spywar...showtopic=10869

Edited by NoSkills, 22 July 2004 - 06:39 PM.


#217 TheDeadPhenom

TheDeadPhenom

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 22 July 2004 - 06:54 PM

I tried that, and it said "Not Infected." But my start page keeps changing back to about:blank.

#218 smiley

smiley

    Member

  • Full Member
  • Pip
  • 16 posts

Posted 23 July 2004 - 01:15 AM

Hi RubbeR DuckY,

I'll send you the .dll files I have. I recall seeing an email addr somewhere, but I can't find it anymore. Where do you want it?

S.

#219 exte

exte

    Member

  • New Member
  • Pip
  • 2 posts

Posted 23 July 2004 - 01:45 AM

I got it off for only about 1h and then it came back, about:blank I mean.
I booted safe mode, scanned with AboutBuster and HijacThis.

#220 DJ Barcode

DJ Barcode

    Member

  • New Member
  • Pip
  • 2 posts

Posted 23 July 2004 - 09:39 AM

Would you be able to post some laymans step by step instructions on how to use NFTSDOS Pro so that I can be confident that I'm not about to move/touch (etc) any system files that could mess my PC up for good (knowing my bad luck !!)

I don't even know what NFTS means so I need spoon feeding !

I do not lay claim to the discovery of all this information. Much of it is credited to joeb.

First, get yourself a copy of Registrar Lite (reglite). This is what you'll use to find what file you need to delete. In Registrar Lite, browse to HKLM\Software\Windows NT\CurrentVersion\Windows. There you will see a value named "AppInit_DLLs". Note the filename stored in it - that's your bug! :p Delete this value in Registrar Lite. FYI, you can NOT see this in the registry editor (regedit.exe) that comes with the OS.

Just for s&$%s 'n' giggles, you can *try* to open your C:\Windows\System32 (or C:\WINNT\System32, if you're using Win2K) and look for that dll file. You won't find it. I don't know how those scumbags did it but the file is totally hidden from view. You can't see it, delete it, overwrite it, or rename it even if you're a local administrator viewing all files including hidden and system files. :weee:

Now let's get rid of it. Boot your machine from a DOS boot disk. You can download a simple Windows98 boot disk image from bootdisk.com. I don't know much about this "Boot Disk Wizard" you were talking about (I assume it came with NTFSPRO), but it will probably work. Mount the NTFS (New Technology File System, BTW) partition using NTFSPRO (I believe you simply type "NTFSPRO" at the command line - I can't remember because I made a boot CD a long time ago that performs all these commands for me). Now, type "cd C:\Windows\System32" (or "cd C:\WINNT\System32" if you've got Win2K). Now you'll be able to see the file if you type "dir <the filename from Registrar Lite>". To double-check, the filesize of the bug will be 57344 bytes (unless the scumbags have a new version out there). For some reason, you need to rename it before you can delete it ("rename <filename> deleteme.dll" then "delete deleteme.dll").

Reboot Windows normally and you should be clean. Wouldn't hurt to run Ad-Aware/SBS&D/HJT/CWShedder etc. again just to get rid of anything the bug left behind.

Let me finish by saying that this is the nastiest bug I've ever seen in all my years of computer experience. NAV doesn't detect it (I assume because it's really not a virus in that it does not replicate - though it technically is a Trojan), and Ad-Aware/SBS&D/HJT/CWShedder/et al. relieve the symptoms but fail to remove the problem. I know that About:Buster worked for many people, but it would not remove the infection from my computer as I apparently had a strain of the CWS Trojan that it doesn't handle (yet). I hope that someone (Ducky?) can write something that will eradicate this plague from the face of the Earth once and for all.

Edited by DJ Barcode, 23 July 2004 - 09:42 AM.


#221 Paco Deth

Paco Deth

    Member

  • New Member
  • Pip
  • 1 posts

Posted 23 July 2004 - 12:49 PM

For those having trouble figuring out which .dll is the hidden monster. I think a program I am using, called WinPatrol, think its www.winpatrol.com or Scotty the Watchdog or something, lol. Well its like a monitoring tool, and the .dll that loves to rename itself and change and what not, WinPatrol keeps recognizing it, and confirms with me first, to see whether I want this unwanted .dll to be installed/accepted.

So, in other words, this seem to find the .dll that keeps trying to force its way on your computer every reboot, should help in finding the bad one, only problem is it keeps trying to install itself every 5 mins or so :grrr:

Good luck

#222 BobO

BobO

    Member

  • Full Member
  • Pip
  • 54 posts

Posted 23 July 2004 - 01:58 PM

... Boot your machine from a DOS boot disk.  You can download a simple Windows98 boot disk image from bootdisk.com.  I don't know much about this "Boot Disk Wizard" you were talking about (I assume it came with NTFSPRO), but it will probably work.  Mount the NTFS (New Technology File System, BTW) partition using NTFSPRO (I believe you simply type "NTFSPRO" at the command line - I can't remember because I made a boot CD a long time ago that performs all these commands for me).  Now, type "cd C:\Windows\System32" (or "cd C:\WINNT\System32" if you've got Win2K).  Now you'll be able to see the file if you type "dir <the filename from Registrar Lite>".  To double-check, the filesize of the bug will be 57344 bytes (unless the scumbags have a new version out there).  For some reason, you need to rename it before you can delete it ("rename <filename> deleteme.dll" then "delete deleteme.dll").

Reboot Windows normally and you should be clean.  Wouldn't hurt to run Ad-Aware/SBS&D/HJT/CWShedder etc. again just to get rid of anything the bug left behind.

DJ Barcode,

Nice going! This seems to be the WinXP-version of the fix I described for Win 98, but not having a WinXP machine, I had no way of figuring out how to access an NTFS disk from a DOS prompt.

One question: do you need to use the shareware NTFSPRO software or will the freeware NTFSDOS program work just as well on a stand-alone machine?

thanks!

#223 lifeindeadtime

lifeindeadtime

    Member

  • Full Member
  • Pip
  • 26 posts

Posted 23 July 2004 - 02:19 PM

I just used AboutBuster.... too early to tell if it was a permanent fix, but I have a question.

After using AboutBuster, Spybot informed me that my home and search pages were changed to google. Of course I denied these changes. I just wanted to know if those changes were part of the program?

#224 RubbeR DuckY

RubbeR DuckY

    Marcin

  • Developer
  • PipPipPipPipPip
  • 878 posts

Posted 23 July 2004 - 02:49 PM

First off Dj BarCode.. this is not the place to post that information. This thread mainly centers around the res://, secure.html, and the very much older version of sp.html. If anybody is having problems please start a new post. Another thing.. yes About:Buster does change the page to google.com.. i didnt know what other site i should set it to. And if i left it alone it would be very hard to see if you are still infected or not because the entries would be there. Best thing to do after running About:Buster..

1) Open Internet explorer
2) Goto Tools
3) Press Reset web Settings

If you cant find step 3 that is because your Internet Explorer homepage is set to factory default.

Hope this has helped a few :wave:
Marcin Kleczynski
Chief Executive Officer
Malwarebytes Corporation

Follow me on Twitter or check out my Blog!

#225 TheDeadPhenom

TheDeadPhenom

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 23 July 2004 - 06:27 PM

That helped me fix my problem. about:blank is finally gone! Thanks for the great program!

#226 Radish

Radish

    Member

  • New Member
  • Pip
  • 1 posts

Posted 24 July 2004 - 01:17 AM

Don't know if this helps find the offending .DLL, but my system was infected, the name of the offending .DLL was taken from the first folder in the root directory.


My first folder was called AAP, the offending .DLL called itself AAPxxxx.DLL, and was appropriately dated the same date as when the trouble started.

I just used hi-jack this to delete this and the other suspect files. So far, so good :D

Also a big thanks to all those who contributed to the fix of this scumbag ware, your efforts are appreciated by many thousands of people. :thumbsup:

cheers
Dave

#227 Hugo

Hugo

    Member

  • New Member
  • Pip
  • 1 posts

Posted 24 July 2004 - 10:51 PM

I am attempting to remove about:blank from my sisters computer using the about:buster program.

But, I am having a problem actually opening the program.

When I try and open the application, it automatically triggers the Microsoft Office XP Professional Install and requests the CD for the software...

I click 'cancel', and then I receive an error for Office, and then a runtime 7 error from about:buster.


Any ideas on why this is happening???

Thanks

#228 emoriarty

emoriarty

    Member

  • New Member
  • Pip
  • 1 posts

Posted 25 July 2004 - 09:28 AM

Thanks. It worked! A well -earned donation is on its way

#229 joeb

joeb

    Member

  • Full Member
  • Pip
  • 31 posts

Posted 26 July 2004 - 05:29 AM

Hey Rubber Ducky, why dont me you and Bob O, get together on the phone... I think we can put a simple step by step solution to this problem for the rest. I was away for a bit sorry I didnt answer anyone also. If you want me to I can call you or you can call me, I remember everything I did to get rid of the hidden dll file that is basically the route cause of my about:blank res. variant. I have my origional hijack this report too so we can see which version i fixed but i will guess doing what i did will find all varients that hide as 57344 bytes. I am still free of about:blank also after 3 plus weeks now too. I am no pro, i am not good at describing all computer processes/terms so maybe if we talk you can take my info and relate it to the rest here or even put it into your program, cause i am good at remembering and going thru the operating systems of computers. I do beleve i have the fix for the hidden dll strain of this virus. Email me at [Email address removed. Not a good idea to show it in a public forum. People can send you email by clicking your E-Mail button, below. - cnm] and let me know its you and set up a time to talk, id like to help the rest here because the more i read the more i realize 50percent can have sucesss with your program and the rest have something like i had and knowing what i went thru it will be like 1-2 months till they understand what they got and go thru all i did to solve it. I think if i talk to you you can put my exact ideas to words in a few paragraphs since im overly detailed when i think and i do not want to confuse anyone. Ill check my mail today, later Joe

Edited by cnm, 26 July 2004 - 09:17 AM.


#230 joeb

joeb

    Member

  • Full Member
  • Pip
  • 31 posts

Posted 26 July 2004 - 04:52 PM

sent you a private email rubber ducky

#231 RubbeR DuckY

RubbeR DuckY

    Marcin

  • Developer
  • PipPipPipPipPip
  • 878 posts

Posted 26 July 2004 - 08:32 PM

Ok new version is out (1.32).

I got rid of those annoying popups asking to end explorer.exe. Instead it will ask in the beginning and automatically do it for each file.

Also About:Buster scans a second time automatically.

Id just like to thank everyone for the support. I really appreciate it, its not been easy updating this program. And im sure its hard for ya to keep up with the updates.

Please wait a while before downloading.
Sites that are hosting the new version currently. (that i am aware of)

Zerosrealm
Atribune
Subratam
Malwarebytes

I am contacting Majorgeeks.com as we speak.
Marcin Kleczynski
Chief Executive Officer
Malwarebytes Corporation

Follow me on Twitter or check out my Blog!

#232 Geebo

Geebo

    Member

  • Full Member
  • Pip
  • 7 posts

Posted 27 July 2004 - 09:31 AM

Didnt work (but then again nothing else in the last 2 months)

I get: Runtime problem '53'

any ideas why?

#233 joegz

joegz

    Member

  • New Member
  • Pip
  • 3 posts

Posted 27 July 2004 - 03:15 PM

It worked! It worked! I was on the verge of reimaging a system when I figured we had nothing to lose in trying one more tool.

It didn't set the default page back to google but after manually setting the home page and restarting the system to be sure it stayed on the home page we set. Thank you so much for your efforts. :bounce:

#234 RubbeR DuckY

RubbeR DuckY

    Marcin

  • Developer
  • PipPipPipPipPip
  • 878 posts

Posted 27 July 2004 - 10:26 PM

Many of you may think that the new variant is causing a 'random' service to be started. Well its not as random as you think.. it only looks like it. Take a look at these service exports from various logs.

NETWORK SECURITY SERVICE: O.#?´
C:\WINDOWS\system32\netya.exe /s

REMOTE PROCEDURE CALL (RPC) HELPER: O.#?´
C:\WINDOWS\mfcrp.exe /s

Take a look that the ending " O.#?´ " is the same in both. I will get on this update right away.


Also note: This discussion will continue to be pinned at http://www.malwareby...php?showforum=5. Please see the top pinned post there, called
About:Buster, fixes http://res Hijack, Proper use

Version and database information will be posted here at SpywareInfo in Pinned: About:Buster, fixes http://res Hijack

Edited by cnm, 29 July 2004 - 09:02 PM.

Marcin Kleczynski
Chief Executive Officer
Malwarebytes Corporation

Follow me on Twitter or check out my Blog!

#235 screebles

screebles

    Member

  • Full Member
  • Pip
  • 7 posts

Posted 28 July 2004 - 01:40 PM

It worked for me....thanks Rubber Ducky!! :D

However, it did not fix the "Shell.dll" problem....what is meant by the "the update after it..."? :wtf:

#236 jjmasterson

jjmasterson

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 28 July 2004 - 02:43 PM

THANK YOU, THANK YOU, THANK YOU! Just ran AboutBuster in Safe Mode. Rebooted. GONE! If it remains gone 30 days from now, a nice $$$$ is coming your way.

J

#237 RubbeR DuckY

RubbeR DuckY

    Marcin

  • Developer
  • PipPipPipPipPip
  • 878 posts

Posted 28 July 2004 - 10:46 PM

About:Buster was updated to version 1.5. It removes more files and removes the so called 'random' service name. Please download it from all the links except Atribune.org.

Have fun with it :evilgrin:
Marcin Kleczynski
Chief Executive Officer
Malwarebytes Corporation

Follow me on Twitter or check out my Blog!

#238 jjmasterson

jjmasterson

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 28 July 2004 - 11:02 PM

Aaaaahhhhhhhhhhh. So close. About:blank returned 6 hrs. later when trying to access a blog. Worked fine until then. Was REALLY nice for that 6 hrs. though. Reminded me of a time when I could actually use my IE freely.

See my other post:
http://forums.spywar...topic=18270&hl=

J :huh:

Edited by jjmasterson, 28 July 2004 - 11:05 PM.


#239 RubbeR DuckY

RubbeR DuckY

    Marcin

  • Developer
  • PipPipPipPipPip
  • 878 posts

Posted 29 July 2004 - 08:30 PM

Ok.. I released the final program version.. About:Buster 2.0.
I will probably not update the program anymore.. therefore i added a database to it.

First unzip all files from the zip folder to a folder or your desktop. Start it and hit ok. Then hit update. A new screen should popup. On that screen hit Check for Updates. If it sais it found an update hit Download Updates. If it doesnt it will automatically tell you and exit. Now for the scanning part. Hit start and then Ok. The program should start scanning. Then hit exit and reboot.

Once rebooted run About:Buster once more to make sure everything is ok.
The database will be updated very frequently so check your versions once a day.
Marcin Kleczynski
Chief Executive Officer
Malwarebytes Corporation

Follow me on Twitter or check out my Blog!

#240 Guest_Joey1_*

Guest_Joey1_*
  • Guests

Posted 01 August 2004 - 05:29 PM

When I tried to run it, it said that the database was corrupted. Even after multiple downloads. Why?

link

#241 RubbeR DuckY

RubbeR DuckY

    Marcin

  • Developer
  • PipPipPipPipPip
  • 878 posts

Posted 01 August 2004 - 08:29 PM

Could be your running the program from your a zipped folder. Make sure your running it from something like C:\Buster\ and you have the following files in that location.
  • AboutBuster.exe
  • Readme.txt
  • reflist.dll

Marcin Kleczynski
Chief Executive Officer
Malwarebytes Corporation

Follow me on Twitter or check out my Blog!

#242 Guest_Joey1_*

Guest_Joey1_*
  • Guests

Posted 01 August 2004 - 09:45 PM

I ran it from desktop. Why the problem, no one else seems to have it???????????????????????????

#243 GEEKMAN

GEEKMAN

    Member

  • New Member
  • Pip
  • 1 posts

Posted 04 August 2004 - 08:13 PM

I want to thank RubberDucky for the excellent work done on about:buster. I had to download the Visual Basic runtime files. Then I had to download the mscomctl.ocx file which I found at Majorgeeks.com. Finally I was able to download and run about:buster.
It seems to have gotten rid of this stinking bug. I would have never do it with out your help. Thank you!

#244 Geebo

Geebo

    Member

  • Full Member
  • Pip
  • 7 posts

Posted 05 August 2004 - 03:51 AM

I did get error 53. Then I downloaded again but not onto my desktop, instead under C: . About:blaster worked!!!! Unfortunately it didnt cure my problem. It still exists.

#245 HanSoo417

HanSoo417

    Member

  • New Member
  • Pip
  • 2 posts

Posted 07 August 2004 - 01:21 PM

When i open about buster, I hit ok and it tries to configure microsoft office 200 pro and asks for the cd. I don't have the cd so when i cancel it comes up with a runtime error 7 out of memory. y is it trying to configure offie 2000 pro?

#246 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,317 posts

Posted 07 August 2004 - 01:49 PM

Something very strange indeed happening there, Hansoo417.
Download About:Buster again, from http://www.ducky.atribune.org/

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#247 CalamityJane

CalamityJane

    SWI Junkie

  • Emeritus
  • PipPipPipPip
  • 313 posts

Posted 09 August 2004 - 11:45 AM

Question, if I may. I hope it's ok to post this question here as it's been the thread I follow for updates on AboutBuster.

We're trying to remove this variant here:
http://www.dslreport...97143~mode=flat

I've been using AboutBuster with good results so far, but I'm seeing something new it can't remove after 3 scans in that thread. What service keys do you think it is going after and can't remove? What are Service Key 4 and Service Key 6??

Has anyone else had this result?

-- Scan 1 --------
About:Buster Version 2.11
Reference List : 11

Removed 1 Random Key Entries
Failed to Delete Service Key 4
Failed to Delete Service Key 6
Attempted Clean Of Temp folder.
Pages Reset... Done!

-- Scan 2 --------
About:Buster Version 2.11
Reference List : 11

Removed 1 Random Key Entries
Failed to Delete Service Key 4
Failed to Delete Service Key 6
Attempted Clean Of Temp folder.
Pages Reset... Done!


Microsoft MVP Windows-Security 2003-2009

#248 nparrot

nparrot

    Member

  • Full Member
  • Pip
  • 9 posts

Posted 09 August 2004 - 08:59 PM

i get that same failure to delete service keys. mine are 4 and 5.

something tells me that that is the root of my problem. i've done everything possible to rid myself of this homepage hijacking, but each time i get rid of everything, it somehow comes back.

#249 DonnaB

DonnaB

    Advanced Member

  • Retired Staff - Helper
  • PipPipPip
  • 183 posts

Posted 10 August 2004 - 10:56 AM

I just found out that v3.0 was released today.

Released AboutBuster 3.0 as of today. Even if you WERE infected and arent anymore im sure this will find something. Note: CWS started using Alternate Data Streams which i took 12 hours of my life to remove through code. So you better like it.  .

If you were using version 2.xx or 1.xx and it didnt work, try this. If it still doesnt work please start a new topic.


http://www.malwareby...owtopic=188&hl=
Calendar of Updates
Keep Your Security Software Current
Upgrades, Updates & Definitions
Get involved - Microsoft MVP Program
Read it from SecurityFlash

Do what you feel in your heart to be right - for you'll be criticized anyway.
You'll be damned if you do, and damned if you don't.

-- Eleanor Roosevelt

#250 jbeltmanb

jbeltmanb

    Member

  • New Member
  • Pip
  • 1 posts

Posted 10 August 2004 - 09:39 PM

hey i had the old version of about:buster and so i deleted that and tried the new about:buster 3.0v, when i scan i get an error:

click for screen shot




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button