about:blank hijack

[JK949]

Just got hit with about:blank. It got through everything including spyblaster.
I ran CWshredder and did not find it. Hijackthis found it but after it was fixed
about:blank came right back. What do i need to do to get rid of it ?

 

[OZEE]

JK940 -- if you have the same one that Mosh has, it's the newest, perhaps worst of the hijackers out there. If you want to either post or pm your hijackthis log, I can check it for you.

The one Mosh has (she pm'd her log to me) is one for which there is no permanent cure today. The "experts" are working on a solution, but right now it keeps coming back. The "old" about:blank was bad enough, but this new one is really nasty... It's hiding something we haven't found yet...

 

[JK949]

I don't know know how to send you my hijack report or how to post it.
Do i need to take a screen shot. how do i do that ?

 

[OZEE]

After you have scanned, the button the was SCAN becomes SAVE LOG. It will ask you where to save the file. Then open that file with Notepad and copy/paste the text from it...

 

[LiLithTecH]

Originally posted by: JK949
Just got hit with about:blank. It got through everything including spyblaster.
I ran CWshredder and did not find it. Hijackthis found it but after it was fixed
about:blank came right back. What do i need to do to get rid of it ?

If you are running Windows XP and have SYSTEM RESTORE Enabled you
need to disable it, clear the trojan with CWShredder, then re-enable Restore.

If that does not clear it, you need to edit the Registry settings for IE.
[HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel]

and or

[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Control Panel]

DWORD: Homepage
1 = restrict changing homepage
0 = enable changing homepage

 

[JK949]

Well it took 3 more tries but CWshredder finaly got rid of it.
What a nasty hijack this thing is. I hope spyblaster and adaware gets an update for it.
Thanks for the help.

 

[moshquerade]

Originally posted by: JK949
Well it took 3 more tries but CWshredder finaly got rid of it.
What a nasty hijack this thing is. I hope spyblaster and adaware gets an update for it.
Thanks for the help.

don't be so sure you are rid of it. altho, i do hope so.

 

[preAARP]

I'd suggest going here:

http://www.wilderssecurity.com/showthread.php?t=15913

and following the directions in the thread, then posting there. They helped me out with this same hijack although it took several days of back and forth postings of what to do. The files to be addressed utilizing HijackThis will be very specific from user to user and you don't want to mess with the wrong ones.

 

[OCNewbie]

The same problem just came up for me about an hour ago. I tried running spybot S&D, and it keeps finding this same DTO? (I forget) exploit, and says it fixes it, but it keeps reappearing, the problem it points to is in the registry. I'm running Win2k Pro with all the latest updates installed.

I'm gonna give that shredder a try, hopefully it'll fix the problem.

BTW, seemed to have gotten the thing while browsing a porn site link I found via www.thehun.net (which I visit often) Kept giving me a pop-up "You must click ok to enter this site!", so I was trying to click ok, and close the window faster than it could pop-up, I finally was fast enough heh.

Edit - The Shredder program fixed the problem, thanks so much for the tip =)

 

[OCNewbie]

Actually, I got rid of it, then I visited www.suprnova.org (torrent site) and I got it again, so perhaps that site is infected. I think I got it when I tried to do a search for a torrent.

 

[OZEE]

COuld be... but this hijack "appears" to be gone, then reinfects you if you don't get everything...

 

[Brule]

Might have had it, not sure. Typical signs, changed start page and kept opening random ad pages. Mine triggered zonealarm, and with the help of a registry cleaner (and a dos boot to delete the actual file) it was gone. Maybe it was an older one, but the file(can't remember name) was causing problems on every security website and board I could fine.

It got through ZoneAlarm, Spybot, Avast AV, and AdAware, although AdAware did pick it up as a running program. Very nasty, caused me to go back to mozilla most of the time. (got lazy and started using IE)

EDIT: Thanks for the links, a nice couple of programs.

 

[aknuj]

Try installing "Hijackthis software"

 

[Schadenfroh]

see sig, its a new hijack, look under new threats on my website and grab about:buster should fix your problem

 

[moshquerade]

Originally posted by: OZEE
COuld be... but this hijack "appears" to be gone, then reinfects you if you don't get everything...

very true. i am still infected with it, but it seems less agressive.
i have also read that the creator of CW Shredder has decided to call it quits because he cannot kept up with all these agressive variants.