I have followed the instructions in the other post and downloaded and ran the Ad-aware, Spybot, and CW Shredder programs before running the Hijack This program. My problem is that I have been unable to shake this "about:blank" page that resets my homepage constantly. Even after it seems like I have fixed the problem, it reverts right back to it. I'd like to post the results of the Hijack This scan I've run, but it appears the site here won't let me do it. Do I need some sort of approval before posting? Thanks.

Yes you neeed approval, but you can try here... www.spywarewarrior.com/ Iligitimi non carborundum est

You can also try other sites listed in this thread Where can we post Hijack This Logs? http://computing.net/security/wwwboard/forum/12239.html

KTTD has informed me that he does allow HT logs to be posted as long as the person helping requests it. If you wish, post your log for review and I will get back to you ASAP. Bob da' ranchhand

The recipe for ridding yourself of the about:blank search hijacker is as follows: There are two or three malicious .dll files on you computer. One is visible and can be easily deleted (sort by most recent date in c:\windows\system32). The other is a HIDDEN core file. The one hidden core .dll regenerates the two viewable .dlls if they're deleted or changed. The hidden core file is the problem. To rid your self of the hidden core .dll, which is your main problem, do the following: 1) Obtain CodeStuff Starter. http://members.lycos.co.uk/codestuff/news.shtml. Great software and it's Free! 2) Also, if you have not already, download anti-spyware/malware software like AdAware or Spybot or CWShredder (http://www.majorgeeks.com/download4086.html). The CWshredder will delete the secondary .dll that is generated by the hidden core .dll and all associated registry entries. 3) Open Internet Explorer. 4) Start CodeStuff Starter. 5) Click the Processes running button. 6) Look for “IEXPLORE.EXE” running in the top half and highlight it. 7) In the middle panel you'll see a list of .dll's under the "Module" column. 8) Under the "Handle" column look for 61C00000 with a file size 61,440. Also, you'll see that this file will not have any company or don’t have any description info. This is your malicious core .dll file. Remember this file name or write it down. 9) Get the Windows XP or 2000 setup CD and boot up into the Recovery Console. 10) Go into c:\windows\system32 directory (cd system32) and look for the hidden core .dll file. 11) Delete that darn malicious core .dll file! 12) Run anti-spyware if desired. I have AdAware v6, Spybot Search & Destroy and CWShredder. Later on, you could do a Registry search for the hidden core .dll file and search for any about:blank entries. I'm a Support Specialist and I've done this for many companies and friends. This is a nasty little CWS variant.

Thanks for the advice. Unfortunately, I'm not running Windows XP or 2000 on this computer - just Windows 98. Is there any other way to get around having to use the Windows XP or 2000 recover CD?

I ran CodeStuff, but did not find the .dll file you referred to. I found two files, both of size 61,400, but not with a handle name of 61C00000. One was called RNR20.DLL, the other was SHD401LC.DLL. The handle on the first one was 783C000, the second is 02F20000. Any advice? Keith