How do I get rid of About:Blank ? I have tried everything to delete it. But it keeps coming back. Can anyone help ? Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainStart Pageabout:blank Possible Browser Hijack attempt Object recognized! Type : RegData Data : "about:blank" Rootkey : HKEY_CURRENT_USER Object : Software\Microsoft\Internet Explorer\Main Value : Start Page Data : "about:blank" Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainStart Pageabout:blank Possible Browser Hijack attempt Object recognized! Type : RegData Data : "about:blank" Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Internet Explorer\Main Value : Start Page Data : "about:blank"

Answer below; http://www.lavahelp.com/articles/v6/04/05/1801.html From SpyDie: Remove that entry and your Start-page for IE will be reset to msn.com. Now, reset it again to About:Blank. Re-run a new scan with Ad-aware and place that object on the ignore list (right-click on the item in the 'results' window and select 'Add selection to Ignorelist') If you had the real coolweb hijack, you would have more problems then that.

Follow the link on Manual removal of of this nasty little variant. It worked for me. http://www.spywareinfo.com/~merijn/cwschronicles.html#realyellowpage

I battled this nasty boy for 2 days. Most solutions are temporary because there is a hidden .dll file. Check out this link, It worked for me. http://www.computercops.biz/postt43426.html Don't forget to plug the hole that allows this. The problem is in Virtual Machine (VM). You need to do your cridical updates from Microsoft to prevent future infections. Here we go again!

Norwal, I can't find anything with the suffix .dll when I use Reglite.exe. Can you help?

You are getting this because a remote system is connecting your your network using port 138 which is Netbeui over TCP/Ip. It uses this to establish itself as a node on your network at IP address x.x.x.255 (x is the value of your internal ip address, for me it would be 192.168.1.255). This is the same exploit which is used by the Downloader.Trojan. I have backtracked one source IP to 195.190.118.131. Enter that into a browser and it has a downloadable Uninstaller!!!! I have registered that IP address with the District Attourney's Internet Task Force. They are investigating it now. Download Norton Personal Firewall. Configure a rule to always block Port 138 Configure a rule to completely block IP address 192.168.1.255 (or other x.x.x.255, depending on your network) and this should stop about:blank. www.astral-computing.com Network Engineers Astral Computing We Take Care of I.T. Network Engineers Web Hosts for Business

having trouble removing it, goto ftp.astral-computing.com download the about:blank remover it's a self extracting zip extract to the root c:\ run ie.bat make sure you backup your registry first. This removes the dll, associations to the file, resets all IE registry settings and sets your home page to google, then launches Internet Explorer. If you keep getting infected with this hijack because you haven't configured Norton Personal Firewall to block port 138 put a shortcut on your desktop to ie.bat and use that to launch Internet Explorer. It will wipe the hijack everytime you launch IE. Astral Computing We Take Care of I.T. Network Engineers Web Hosts for Business