Tom's Guide | Tom's Hardware | Tom's Games
 |
 |
 |
Re: about blank, HomeOldSp, unremoved viruses
Hp Pavillion 4550Z Win 98 4.10.222A IE 5 6.0.2800.1106
256 MB RamI have been trying to get rid of this "Search Assistant" about/blank hijack for about a week without success. I am running Win Patrol which catches it trying to install "about blank" about every 5 or ten minutes. When I deny it permission to change it gives the message search assistant "uninstall failed" in a small window with an ok box in the center.
I am also running Spybot Resident which catches
1) an attempt to "change an important registry entry" Category --Browser Helper Object, Change--Value added Here is the portion of the entry that shows {BB7753C0-8D50-11D9-9437-0000A16100BE 2)
2) A similar box shows Category - Browser Helper Object Change - Value Deleted {09ED6747-8C86-11D9-9437-0000445BF2E4..
3) Third message that pops up is Category - ActiveX Distribution Unit Category- Value added {04E21E5-63AF-4236-83C6-A7ADCBF9Bd02... Fourth Message CAtegory-Browser page Old data: res//C:\WINDOWS\TEMP\se.dll/sp.html New data: res//c:\windows\TEMP\se.dll/sp.html but the button to deny change is not active -- I close with the x in the corner. Another file named EKFJOE.DLL keeps poping up with the message
4) Finally the scan done with Trend Micro is showing several “uncleanable’ viruses.I know some of these issues have been delt with on the board but I am not confident I can remove them without help.
Thanks
Here are results from Trend Micro scan from a few days ago a current Hijack This log follows. Thank you for your help.
Results: We have detected 6 infected file(s) with 8 virus(es) on your computer. Detected FileAssociated Virus NameC:\WINDOWS\SYSTEM32\securityID=816093-MS03-011&privacyAPI32=x401.htmlHTML_ADVER.A <http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=HTML_ADVER.A>C:\WINDOWS\.jpi_cache\jar\1.0\ar2.jar-741bd86b-2299e9e2.zip (A.class)JAVA_CLOADER.E <http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=JAVA_CLOADER.E>C:\WINDOWS\.jpi_cache\jar\1.0\stat.zip-1a7f6452-15f5ceea.zip (go_in.class)JAVA_NOCHEAT.A <http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=JAVA_NOCHEAT.A>C:\WINDOWS\.jpi_cache\jar\1.0\count.jar-6f603a77-4c9010f2.zip (BlackBox.class)JAVA_BYTEVER.A <http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=JAVA_BYTEVER.A>C:\WINDOWS\.jpi_cache\jar\1.0\count.jar-6f603a77-4c9010f2.zip (VerifierBug.class)JAVA_BYTEVER.A <http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=JAVA_BYTEVER.A>C:\WINDOWS\.jpi_cache\jar\1.0\counters.jar-41c90c26-1f3d1e62.zip (web.exe)TROJ_SMALL.UG <http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_SMALL.UG>C:\WINDOWS\.jpi_cache\jar\1.0\count1.jar-6dbafe7-5167ce6d.zip (BlackBox.class)JAVA_BYTEVER.A <http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=JAVA_BYTEVER.A>C:\WINDOWS\.jpi_cache\jar\1.0\count1.jar-6dbafe7-5167ce6d.zip (VerifierBug.class)JAVA_BYTEVER.A <http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=JAVA_BYTEVER.A>Trojan/Worm Check
No worm/Trojan horse detectedResults:
We have detected 6 infected file(s) with 8 virus(es) on your computer: 0 virus(es) cleaned, 8 virus(es) uncleanable, 0 virus(es) deleted, 0 virus(es) undeletable, 0 virus(es) passed.
Detected FileAssociated Virus NameAction takenC:\WINDOWS\SYSTEM32\securityID=816093-MS03-011&privacyAPI32=x401.htmlHTML_ADVER.A <http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=HTML_ADVER.A>UncleanableC:\WINDOWS\.jpi_cache\jar\1.0\ar2.jar-741bd86b-2299e9e2.zip (A.class)JAVA_CLOADER.E <http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=JAVA_CLOADER.E>UncleanableC:\WINDOWS\.jpi_cache\jar\1.0\stat.zip-1a7f6452-15f5ceea.zip (go_in.class)JAVA_NOCHEAT.A <http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=JAVA_NOCHEAT.A>UncleanableC:\WINDOWS\.jpi_cache\jar\1.0\count.jar-6f603a77-4c9010f2.zip (BlackBox.class)JAVA_BYTEVER.A <http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=JAVA_BYTEVER.A>UncleanableC:\WINDOWS\.jpi_cache\jar\1.0\count.jar-6f603a77-4c9010f2.zip (VerifierBug.class)JAVA_BYTEVER.A <http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=JAVA_BYTEVER.A>UncleanableC:\WINDOWS\.jpi_cache\jar\1.0\counters.jar-41c90c26-1f3d1e62.zip (web.exe)TROJ_SMALL.UG <http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_SMALL.UG>UncleanableC:\WINDOWS\.jpi_cache\jar\1.0\count1.jar-6dbafe7-5167ce6d.zip (BlackBox.class)JAVA_BYTEVER.A <http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=JAVA_BYTEVER.A>UncleanableC:\WINDOWS\.jpi_cache\jar\1.0\count1.jar-6dbafe7-5167ce6d.zip (VerifierBug.class)JAVA_BYTEVER.A <http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=JAVA_BYTEVER.A>Uncleanable
kruffner2
Visit the website below for detailed info on about blank. http://www.spywareinfo.com/~merijn/cwschronicles.html
0 
If it really comes to it, some of the stuff here might help:
Win ME Forum 45241Can you post the number of the previous post (to save you getting the same suggestions again)?
Derek.W
0
Here's how I solved the problem (for win98):First, make sure there are no unusual .dat or .exe files in any folders downloaded at the time of the virus attack. Delete them. If they will not delete, do a 'cntrl-alt-del' and click out of all programs (except explorer and cdi). Then try the delete.
Get rid of any adware or other antivirus software you have in *Temp* folders. Reboot in dos and do a scanreg. It's easy. Follow the instructions on your computer. It'll give you a selection of 5 days to choose from. Unless you have installed any important programs since the time, highlight the date when you didn't have the 'blank page' virus - - the registry will revert back to that date. If it still doesn't work on reboot, go to windows update (get the address and type it in if you have to) and download the security updates... but only after you've finished with the regscan. That should cure it. (You won't lose any notepad .txt files or email you've written or received in that time, as for the rest I have no idea. You might nor want to try this if you've installed or save-filed 'important-to-you' software in the 5-day period).
Again, make sure all your adware is gone and you've scanreg'd in Dos before you add the windows security update(s).
0
Look guys, I don't know how many times I need to post this same message. This website is the home of the guy that wrote CW Shredder AND Hi Jack this. He should be able to help this poster. http://www.spywareinfo.com/~merijn/cwschronicles.html
0
OtheHill
I don't think anyone is saying that your #1 shouldn't be the first thing to try. My own post said "If it really comes to it" for that very reason.
Folk are providing other known fixes just in case they prove necessary or can add further useful information. That's forums for you.
Derek.W
0
Derek
Just frustration coming out. This is old news with aboutblank. The instructions given at http://www.spywareinfo.com/~merijn/cwschronicles.html
are comprehensive and should work for all.
0
Derek
Do you know something about the site I recommend that I don't know? If the advice given there is not good I would like to know. I have only run into one instance of aboutblank and found this site using Google. The advise worked. If there is a better or simpler solution, I'm all for it.
0
Err...no, kinda assumed you did. Your #4 and the fact that this has worked before seems plenty enough reason to try that approach first. Like you I've plenty of faith in Merijn.
Derek.W
0
try out this page Its got info about se.dll/search assistant
http://www.secrets.pwp.blueyonder.co.uk/sevirus.html
0  |
 |
 |
This post is quite old and has been locked from receiving new replies. Please create a new posting instead.
| Ads by Google |
