about blank homepage
Hey i know this problem is plagueing a lot of people but i've used everything from norton to avg antivirus to shredder to hijack to spyblaster...and i cant kick this about blank homepage......even deleted the .dll file in system 32 folder under windows.....here is my hijack this log if any one can help.
le of HijackThis v1.97.7
Scan saved at 5:16:14 PM, on 4/11/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\DELLMMKB.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\AIM+\AIM+.exe
C:\Program Files\Roxio\GoBack\GBTray.exe
C:\Program Files\AIM95\aim.exe
F:\Digital Imaging\bin\hpohmr08.exe
F:\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\Nhksrv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Roxio\GoBack\GBPoll.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
F:\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Netropa\OSD.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
F:\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Derrick Harrelson\Desktop\hijackthis1977\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\elmfha.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\elmfha.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\elmfha.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\elmfha.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\elmfha.dll/sp.html (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\elmfha.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {79200830-C83F-4B7C-AE32-19DA28943A2C} - C:\WINDOWS\System32\elmfha.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKCU\..\Run: [AIM] "C:\Program Files\AIM+\AIM+.exe" -cnetwait.odl
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - Global Startup: GoBack.lnk = C:\Program Files\Roxio\GoBack\GBTray.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: AOL Instant Messenger (SM) (HKLM)
O9 - Extra button: Real.com (HKLM)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://dev-www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_41.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20020323/qtinstall.info.apple.com/qt505/us/win/QuickTimeInstaller.exe
O16 - DPF: {50A28604-52F2-11D6-8F0F-5254AB11D5C2} - http://directplugin.com/dialers/109178.exe
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.hotwaxsurfshop.com/AxisCamControl.cab
O16 - DPF: {B8E71371-F7F7-11D2-A2CE-0060B0FB9D0D} (CDToolCtrl Class) - http://free.aol.com/tryaolfree/cdt175/aolcdt175.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - https://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
the R1 and R0 seem to be the problem and when i dump them they return. someone please help me.....
ps i'm in NC and i gotta work at 6 so i wont get home til 10ish or so..so it might be a while before i can respond or scream for more help
damn this thing makes me feel stupid and i thought i was good with computers
le of HijackThis v1.97.7
Scan saved at 5:16:14 PM, on 4/11/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\DELLMMKB.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\AIM+\AIM+.exe
C:\Program Files\Roxio\GoBack\GBTray.exe
C:\Program Files\AIM95\aim.exe
F:\Digital Imaging\bin\hpohmr08.exe
F:\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\Nhksrv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Roxio\GoBack\GBPoll.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
F:\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Netropa\OSD.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
F:\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Derrick Harrelson\Desktop\hijackthis1977\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\elmfha.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\elmfha.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\elmfha.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\elmfha.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\elmfha.dll/sp.html (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\elmfha.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {79200830-C83F-4B7C-AE32-19DA28943A2C} - C:\WINDOWS\System32\elmfha.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKCU\..\Run: [AIM] "C:\Program Files\AIM+\AIM+.exe" -cnetwait.odl
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - Global Startup: GoBack.lnk = C:\Program Files\Roxio\GoBack\GBTray.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: AOL Instant Messenger (SM) (HKLM)
O9 - Extra button: Real.com (HKLM)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://dev-www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_41.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20020323/qtinstall.info.apple.com/qt505/us/win/QuickTimeInstaller.exe
O16 - DPF: {50A28604-52F2-11D6-8F0F-5254AB11D5C2} - http://directplugin.com/dialers/109178.exe
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.hotwaxsurfshop.com/AxisCamControl.cab
O16 - DPF: {B8E71371-F7F7-11D2-A2CE-0060B0FB9D0D} (CDToolCtrl Class) - http://free.aol.com/tryaolfree/cdt175/aolcdt175.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - https://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
the R1 and R0 seem to be the problem and when i dump them they return. someone please help me.....
ps i'm in NC and i gotta work at 6 so i wont get home til 10ish or so..so it might be a while before i can respond or scream for more help
damn this thing makes me feel stupid and i thought i was good with computers
0
Comments
thanks
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\elmfha.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\elmfha.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\elmfha.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\elmfha.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\elmfha.dll/sp.html (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\elmfha.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about_:blank
O2 - BHO: (no name) - {79200830-C83F-4B7C-AE32-19DA28943A2C} - C:\WINDOWS\System32\elmfha.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O16 - DPF: {50A28604-52F2-11D6-8F0F-5254AB11D5C2} - http://directplugin.com/dialers/109178.exe
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.hotwaxsurfshop.com/AxisCamControl.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - https://www.stopzilla.com/_download...ller/dwnldr.cab
reboot, and then download adaware and update it, and then run it.
You should read this article.
FYI: there's no easy way to uninstall and reinstall IE - even if there was, it wouldn't fix the problem.
Anything come up?
The major culprit appears to be a dll called msxmlpp.dll. It appears to be of the msxml family in your system dir, but strangely is not published by microsoft.
What I did, and I will not warrant at any point that this will work for you is.
1. Fresh boot the machine
2. At a command prompt, go to the system directory, and run regsvr32 /u msxmlpp.dll and then use normal methods to delete the file.
3. In regedit, do a search for msxmlpp.dll. You should find two instances of it. One will make reference to a popup blocker application. I just blew this one away. The other will be a bit vaguer in its purpose. This one I changed the key to point back to msxml.dll
4. Still in regedit, do a search for about. You may run across a fair few aboutlook entries, which you can ignore. Eventually you should come across some methods for handling about resources. The sub-root of the entries should be titled about, and you should see other entries in the folder that subroot is in with things like ftp, http and the like. I just blew away the about branch, but it may originally have had some purpose, so you may want to look at how it looks in a fresh install.
5. Finally you can search for about:blank and replace you start pages with more appropriate pages as befits your interest.
I've reloaded my machine twice since this has happened and the evil scourge has not reappeared. Your mileage may vary, and people who understand these things better than I may have had fits of apoplexy upon reading this. Please elucidate me if I broke something vital.
Iv'e been to THREE different web sites, with three different techies helping me. Iv'e don everything from highjack.this log scans, to killbox, adware, etc.
I've easily spent 8 hours on this ordeal. Since the beginning, I've noticed that many more people are having the same problem.
I'm going to use my last resort. A complete clean and sweep of my harddrive, and then reinstall windows...start from scratch.
I've had the same problem and it drove me absolutely crazy for a couple of weeks. I tried everything to no avail. Finally, I found something that has worked for the past week.
See the "Can't remove "about:blank" homepage. Please help." thread that HeadHunter started and read my post on the third page.
It's been a week and I haven't had a problem. I think this is the answer.
2) install "Reglite" and run it, enter HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs into the address bar.
3) Double click on AppInit_DLLs to open a "Data Editor" properties window, if the bottom textfield named "Value" contains a .dll file; then this is the hidden file you need to get rid off.
4) You should not be able to delete this file if you try to clear the value field, IMPORTANT: take note of the path and name of the .dll file. Write it down so you do not forget it.
5) Rename the Folder "Windows" (This is a purple "highlighted" folder in the left hand window) to NOTWINDOWS. Simply click on the folder, click on "Edit" in the menu bar and select "Rename".
6) Click AppInit_DLLs again and clear the value containing the .dll and ok it. This should have removed the .dll
7) Rename the windows folder back to its original name "Windows".
8) Run SpyBot, Ad-Aware and CWShredder
9) Check the following three links for instructions on downloading and running the applications listed:
o How to use Spybot to remove Spyware
o How to use Ad-Aware to remove Spyware
o How to Remove CoolWebSearch with CoolWeb Shredder
10) Next step will be to remove this dll file so make sure you have it noted down.
11) Step 1
12) Download KillBox
13) Unzip and start the application
14) Paste in the dir <path and name of dll as found in the appinit value box> i.e C:\Windows\System32\nameofdll.dll
15) Menu Select Action -> Delete on Reboot
16) Select File -> Add file <It should add the path automatically>
17) <Same Window> Select Action -> Process and Reboot
18) If Step 1 didn't work
19) Step 2
20) Click "Start" => "Run" and type in "cmd" (Without the quotations) and click on "Okay".
21) This will open a command window I will assume you have a basic knowledge of DOS if you have any problems at this point just write back I will outline the commands.
22) Type in dir <path and name of dll as found in the appinit value box> and press "Enter". You should see the name of the file listed.
23) Go to the system32 folder (This is where the .dll file will typically reside) and type attrib -R "nameofdll".dll
24) Carry out Step 1 again
25) Restart your computer in safemode
26) Open cmd window again as before
27) Type dir <path and name of dll as found in the appinit value box> and locate the dll name the dll should now have been removed and will not be listed.
28) While in safe mode (How do I boot into "Safe" mode?), run the 3 ad-removal programs again, just to make sure all traces are gone.
29) Boot up pc as normal and you should be trouble free.
******************************************************
If that solution doesnt work try this fix !
This is a fast way to stop the About:Blank trojan redirector !!
1. Go to your desktop and click "Start" then "Run"> type in regedit in the address
bar. and hit OK.\
2. Once in the registry go up to the first folder (HKEY_CLASSES_ROOT) and click on
the (+) sign to access the folders. Find the folder BHO.HelperObject click on
the (+) sign to view the sub folders inside. Look for a folder called: CurVer
then Right Click on the CurVer folder and choose "Permissions" from the list.
3. Highlight the Administrator or the first group user in the list at the top of
the permissions group list. Now go to the bottom area and check the boxes for
"Deny" for Full Control and Read categories
4. If there is a second Group user after the Adminstrator then highlight it and
repeat the same steps as above to "Deny" Full Control and Read privileges for
it also.
5. Click "Apply" and "OK" and close out of the registry area
6. This should stop the About:Blank trojan from setting up .dll files in your
System32 files
7. Download and Run Spysweeper and Download Spywareblaster to prevent
future spyware infections.
and click uninstall
It seems to have worked, I hope it hasn't unleashed something worse
My quick fix is no longer working.
Good Luck
1. Remember roughly when it first started occuring.
2. search "all files" for .dll files.
3. check the "created" date of all the .dll files.
You should find 2 .dll files time stamped at the same date and time. These .dll files should be close to the time the homepage got "highjacked" they could be named anything with a .dll extention.
One will delete easily, with the other one that will not delete. With this one rename it, and rename the .dll extention to .file. Then refresh and delete.
The homepage will now be reset to a blank page so you can add you favourite back into the homepage section.
If you cant remember when the problem occured, then i do not know if you will be able to remove it in this manner.
Also i did not at all use any type of spy remover or virus checker to try to rid me of this problem.
I hope this helps......
Sean