Jump to content


Photo

More about blank help needed


  • Please log in to reply
4 replies to this topic

#1 goalie

goalie

    Member

  • New Member
  • Pip
  • 4 posts

Posted 12 June 2004 - 09:41 AM

This is strange. I have removed the infamous :about blank bho by going into the the windows system 32 temp file in safe mode(this file is where the "false".dll is stored)I then use Hijackthis and remove all other traces. My Hijack This log is then fully clean. I then use CW shredder to get rid of any remaing pieces(i.e. CWS search)Spybot S&D and AD ware are useless on this BHO and come up clean. I reset my I.E. home page and everything is good.
A day later the About Blank automatically comes up-even with no internet activity. It's like there is a self timer which puts this BHO back. I cann't find anything in my registry where this program might reside. Again-when I fix it -all is well for one full day-then back again. Any suggestions are much appreciated.

#2 baskar1234

baskar1234

    Member

  • Trusted Advisor
  • Pip
  • 99 posts

Posted 12 June 2004 - 10:11 AM

Hello,...

For us to have a look, Please post a fresh Hijackthis log.

#3 goalie

goalie

    Member

  • New Member
  • Pip
  • 4 posts

Posted 12 June 2004 - 11:58 AM

I'll post a before and after clean log after it makes its daily return.

#4 goalie

goalie

    Member

  • New Member
  • Pip
  • 4 posts

Posted 16 June 2004 - 06:52 PM

Logfile of HijackThis v1.97.7
Scan saved at 7:42:44 PM, on 6/16/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Steven\Local Settings\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Steven\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Steven\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Steven\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Steven\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Steven\LOCALS~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Steven\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {20388CA9-23DA-4069-9CAF-4F2E06F078E7} - C:\WINDOWS\System32\dlkbh.dll (file missing)
O4 - HKLM\..\Run: [WebTrapNT.exe] "C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe"
O4 - HKLM\..\Run: [RegTweak] C:\Program Files\Rage3DTweak\RegTwk.exe
O4 - HKCU\..\Run: [Popup Ad Filter] "C:\Program Files\Meaya\Popup Ad Filter\PopFilter.exe"
O4 - Startup: ietsr.exe
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...ol_v1-0-3-9.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object
The above is the before log. I cleaned out the system and removed the "false ".DLL in safe mode.

Here is the clean log.
Logfile of HijackThis v1.97.7
Scan saved at 7:50:32 PM, on 6/16/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe
C:\Program Files\Rage3DTweak\RegTwk.exe
C:\Program Files\Meaya\Popup Ad Filter\PopFilter.exe
C:\Documents and Settings\Steven\Start Menu\Programs\Startup\ietsr.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\Program Files\Trend Micro\PC-cillin 2000\Tmntsrv.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\America Online 9.0\aolwbspd.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Steven\Local Settings\Temp\HijackThis.exe

O4 - HKLM\..\Run: [WebTrapNT.exe] "C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe"
O4 - HKLM\..\Run: [RegTweak] C:\Program Files\Rage3DTweak\RegTwk.exe
O4 - HKCU\..\Run: [Popup Ad Filter] "C:\Program Files\Meaya\Popup Ad Filter\PopFilter.exe"
O4 - Startup: ietsr.exe
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...ol_v1-0-3-9.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash

About Blank BHO totally removed-24 hours later it reappears-even if I haven't used the internet. There is like a hidden timer file that I can not find. Any help is much appreciated.

#5 goalie

goalie

    Member

  • New Member
  • Pip
  • 4 posts

Posted 21 June 2004 - 05:27 PM

Hopefully I'm not speaking too soon-but I think I've finally found a fix to my "returning" about blank problem. Each time the BHO returned I would clean out the spyware elements which basically consisted of a rouge .dll What I just recently discovered is that a trojan virus was attached to the about blank bho. That I never cleaned out. Once I removed the virus from my system-the about blank disappeared from my system-hopefully for good.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button