Removing about_blank

I followed the instructions to remove about_Blank that I found in the threads where people said they had success.
I look in: HKEY LOCAL MACHINE\SOFTWARE\Microsift\WindowsNT\Current Version\Windows
I find the AppInit_Dlls thing but when I click and choose MODIFY it shows a box titled: Edit String.
In the same box it has a field titled Value Name it has: AppInit_Dlls and below that another field titled: Value Data - this field is completely blank. I cannot find the next step in the process.
I dont find a way to "Right click and choose MODIFY BINARY DATA" like the instructions say to do, to ultimately find the path that is re-installing the web page.
My right click only allows me to MODIFY, DELETE or RENAME

I'm using win2k pro, at work. I am not able to sign in as "administrator". Could that be the problem ?
Please help ?
The instructions I am using are located at:
http://www.daniweb.com/techtalkforums/thread5531.html
They are the same as what I found in this forum.

HELP H E L P HELP H E L P HELP H E L P HELP H E L P !!!!!!!!!!!!!!!!!
-FIREBIRD

Comments

  • edited May 2004
    1) Download reglite
    2) install "Reglite" and run it, enter HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs into the address bar.
    3) Double click on AppInit_DLLs to open a "Data Editor" properties window, if the bottom textfield named "Value" contains a .dll file; then this is the hidden file you need to get rid off.
    4) You should not be able to delete this file if you try to clear the value field, IMPORTANT: take note of the path and name of the .dll file. Write it down so you do not forget it.
    5) Rename the Folder "Windows" (This is a purple "highlighted" folder in the left hand window) to NOTWINDOWS. Simply click on the folder, click on "Edit" in the menu bar and select "Rename".
    6) Click AppInit_DLLs again and clear the value containing the .dll and ok it. This should have removed the .dll
    7) Rename the windows folder back to its original name "Windows".
    8) Run SpyBot, Ad-Aware and CWShredder
    9) Check the following three links for instructions on downloading and running the applications listed:
    o How to use Spybot to remove Spyware
    o How to use Ad-Aware to remove Spyware
    o How to Remove CoolWebSearch with CoolWeb Shredder
    10) Next step will be to remove this dll file so make sure you have it noted down.
    11) Step 1
    12) Download KillBox
    13) Unzip and start the application
    14) Paste in the dir <path and name of dll as found in the appinit value box> i.e C:\Windows\System32\nameofdll.dll
    15) Menu Select Action -> Delete on Reboot
    16) Select File -> Add file <It should add the path automatically>
    17) <Same Window> Select Action -> Process and Reboot
    18) If Step 1 didn't work
    19) Step 2
    20) Click "Start" => "Run" and type in "cmd" (Without the quotations) and click on "Okay".
    21) This will open a command window I will assume you have a basic knowledge of DOS if you have any problems at this point just write back I will outline the commands.
    22) Type in dir <path and name of dll as found in the appinit value box> and press "Enter". You should see the name of the file listed.
    23) Go to the system32 folder (This is where the .dll file will typically reside) and type attrib -R "nameofdll".dll
    24) Carry out Step 1 again
    25) Restart your computer in safemode
    26) Open cmd window again as before
    27) Type dir <path and name of dll as found in the appinit value box> and locate the dll name the dll should now have been removed and will not be listed.
    28) While in safe mode (How do I boot into "Safe" mode?), run the 3 ad-removal programs again, just to make sure all traces are gone.
    29) Boot up pc as normal and you should be trouble free.


    ********************************************************
    If that doesnt work try this fix !!



    This is a fast way to stop the About:Blank trojan redirector !!


    1. Go to your desktop and click "Start" then "Run"> type in regedit in the address
    bar. and hit OK.\
    2. Once in the registry go up to the first folder (HKEY_CLASSES_ROOT) and click on
    the (+) sign to access the folders. Find the folder BHO.HelperObject click on
    the (+) sign to view the sub folders inside. Look for a folder called: CurVer
    then Right Click on the CurVer folder and choose "Permissions" from the list.

    3. Highlight the Administrator or the first group user in the list at the top of
    the permissions group list. Now go to the bottom area and check the boxes for
    "Deny" for Full Control and Read categories
    4. If there is a second Group user after the Adminstrator then highlight it and
    repeat the same steps as above to "Deny" Full Control and Read privileges for
    it also.
    5. Click "Apply" and "OK" and close out of the registry area

    6. This should stop the About:Blank trojan from setting up .dll files in your
    System32 files

    7. Download and Run Spysweeper and Download Spywareblaster to prevent
    future spyware infections.




    I followed the instructions to remove about_Blank that I found in the threads where people said they had success.
    I look in: HKEY LOCAL MACHINE\SOFTWARE\Microsift\WindowsNT\Current Version\Windows
    I find the AppInit_Dlls thing but when I click and choose MODIFY it shows a box titled: Edit String.
    In the same box it has a field titled Value Name it has: AppInit_Dlls and below that another field titled: Value Data - this field is completely blank. I cannot find the next step in the process.
    I dont find a way to "Right click and choose MODIFY BINARY DATA" like the instructions say to do, to ultimately find the path that is re-installing the web page.
    My right click only allows me to MODIFY, DELETE or RENAME

    I'm using win2k pro, at work. I am not able to sign in as "administrator". Could that be the problem ?
    Please help ?
    The instructions I am using are located at:
    http://www.daniweb.com/techtalkforums/thread5531.html
    They are the same as what I found in this forum.

    HELP H E L P HELP H E L P HELP H E L P HELP H E L P !!!!!!!!!!!!!!!!!
    -FIREBIRD
  • edited May 2004
    Thanks,,, I am going to give that a try this weekend. I have to go out of town with computer (laptop) for work and dont want to risk a malfunction while I am out.
  • edited May 2004
    I followed your instructions and so far has been fine for 3 days now. Seems to have worked. THANK YOU for your help !!!
Sign In or Register to comment.