Removing about_blank
I followed the instructions to remove about_Blank that I found in the threads where people said they had success.
I look in: HKEY LOCAL MACHINE\SOFTWARE\Microsift\WindowsNT\Current Version\Windows
I find the AppInit_Dlls thing but when I click and choose MODIFY it shows a box titled: Edit String.
In the same box it has a field titled Value Name it has: AppInit_Dlls and below that another field titled: Value Data - this field is completely blank. I cannot find the next step in the process.
I dont find a way to "Right click and choose MODIFY BINARY DATA" like the instructions say to do, to ultimately find the path that is re-installing the web page.
My right click only allows me to MODIFY, DELETE or RENAME
I'm using win2k pro, at work. I am not able to sign in as "administrator". Could that be the problem ?
Please help ?
The instructions I am using are located at:
http://www.daniweb.com/techtalkforums/thread5531.html
They are the same as what I found in this forum.
HELP H E L P HELP H E L P HELP H E L P HELP H E L P !!!!!!!!!!!!!!!!!
-FIREBIRD
I look in: HKEY LOCAL MACHINE\SOFTWARE\Microsift\WindowsNT\Current Version\Windows
I find the AppInit_Dlls thing but when I click and choose MODIFY it shows a box titled: Edit String.
In the same box it has a field titled Value Name it has: AppInit_Dlls and below that another field titled: Value Data - this field is completely blank. I cannot find the next step in the process.
I dont find a way to "Right click and choose MODIFY BINARY DATA" like the instructions say to do, to ultimately find the path that is re-installing the web page.
My right click only allows me to MODIFY, DELETE or RENAME
I'm using win2k pro, at work. I am not able to sign in as "administrator". Could that be the problem ?
Please help ?
The instructions I am using are located at:
http://www.daniweb.com/techtalkforums/thread5531.html
They are the same as what I found in this forum.
HELP H E L P HELP H E L P HELP H E L P HELP H E L P !!!!!!!!!!!!!!!!!
-FIREBIRD
0
Comments
2) install "Reglite" and run it, enter HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs into the address bar.
3) Double click on AppInit_DLLs to open a "Data Editor" properties window, if the bottom textfield named "Value" contains a .dll file; then this is the hidden file you need to get rid off.
4) You should not be able to delete this file if you try to clear the value field, IMPORTANT: take note of the path and name of the .dll file. Write it down so you do not forget it.
5) Rename the Folder "Windows" (This is a purple "highlighted" folder in the left hand window) to NOTWINDOWS. Simply click on the folder, click on "Edit" in the menu bar and select "Rename".
6) Click AppInit_DLLs again and clear the value containing the .dll and ok it. This should have removed the .dll
7) Rename the windows folder back to its original name "Windows".
8) Run SpyBot, Ad-Aware and CWShredder
9) Check the following three links for instructions on downloading and running the applications listed:
o How to use Spybot to remove Spyware
o How to use Ad-Aware to remove Spyware
o How to Remove CoolWebSearch with CoolWeb Shredder
10) Next step will be to remove this dll file so make sure you have it noted down.
11) Step 1
12) Download KillBox
13) Unzip and start the application
14) Paste in the dir <path and name of dll as found in the appinit value box> i.e C:\Windows\System32\nameofdll.dll
15) Menu Select Action -> Delete on Reboot
16) Select File -> Add file <It should add the path automatically>
17) <Same Window> Select Action -> Process and Reboot
18) If Step 1 didn't work
19) Step 2
20) Click "Start" => "Run" and type in "cmd" (Without the quotations) and click on "Okay".
21) This will open a command window I will assume you have a basic knowledge of DOS if you have any problems at this point just write back I will outline the commands.
22) Type in dir <path and name of dll as found in the appinit value box> and press "Enter". You should see the name of the file listed.
23) Go to the system32 folder (This is where the .dll file will typically reside) and type attrib -R "nameofdll".dll
24) Carry out Step 1 again
25) Restart your computer in safemode
26) Open cmd window again as before
27) Type dir <path and name of dll as found in the appinit value box> and locate the dll name the dll should now have been removed and will not be listed.
28) While in safe mode (How do I boot into "Safe" mode?), run the 3 ad-removal programs again, just to make sure all traces are gone.
29) Boot up pc as normal and you should be trouble free.
********************************************************
If that doesnt work try this fix !!
This is a fast way to stop the About:Blank trojan redirector !!
1. Go to your desktop and click "Start" then "Run"> type in regedit in the address
bar. and hit OK.\
2. Once in the registry go up to the first folder (HKEY_CLASSES_ROOT) and click on
the (+) sign to access the folders. Find the folder BHO.HelperObject click on
the (+) sign to view the sub folders inside. Look for a folder called: CurVer
then Right Click on the CurVer folder and choose "Permissions" from the list.
3. Highlight the Administrator or the first group user in the list at the top of
the permissions group list. Now go to the bottom area and check the boxes for
"Deny" for Full Control and Read categories
4. If there is a second Group user after the Adminstrator then highlight it and
repeat the same steps as above to "Deny" Full Control and Read privileges for
it also.
5. Click "Apply" and "OK" and close out of the registry area
6. This should stop the About:Blank trojan from setting up .dll files in your
System32 files
7. Download and Run Spysweeper and Download Spywareblaster to prevent
future spyware infections.