Tom's Guide | Tom's Hardware | Tom's Games
 |
 |
 |
I have a feind that clicks on e-explorer icon and instead of going to her home page the internet goes to about blank homepage the a message from microsoft comes on and says that it has detected spyware on the pc
i helped her download spybot search & destroy we scaned the system every wich way and it appeared that everything was removed
we tested the scan by getting back on the internet and it still went to about blank homepage
we went to internet options and tried to change the brouser to the default it worked until we exited the internet and re-entered then te same about blank homepage apeared
we evan rebooted to se if it would takeshe want's her aol homepage back
I ran out of time and told her to download hijack this and the steps to copy and paste the log to me so i can show it to this forum
but in the meanwhile does anyone have other words of wisdom to hold us over
Thank You
Chris
Protocol on this forum indicates that HJT logs are psoted only at the request of the experts that can read them.
With respect to all, post it here:
http://www.pcguide.com/vb/forumdisplay.php?s=&forumid=34
or here:
http://forums.spywareinfo.com/
and remember when you download it to check the box that extracts it to C:\ file. Temp file and desk top are not as good, or open a new C:\ file and copy paste it to that, because you want the backups it will make in a C:\ file, not all over the desk top and in a temp where they can be deleted.Ahen you run teh scan make sure all browser and windows are closed, and logged off the net.
Thresher
0 
chris, FWIW, I have found that things can hide in Restore and get re-written on the next boot. If it were me facing the dillema you describe, I would TEMPORARILY disable Restore, clean/scan, re-enable Restore, restart. (be aware that you will lose all your restore points if you disable)
If you utilize the 'immunize' feature of Spybot S & D, it will not allow a change of homepage in future.
HTH.
Ed in Texas.
0
I ran ad aware and it seemed to fix the problem
another attempt thought it was removed but it may have rebuilt itself
we will see and i will keep you posted
0
If you have further difficulty
When using HJT, remove the line: HKCU\Software\Microsoft\Internet Explorer\Main, HomeOldSp=about:blank
Using CWShreader, scan you system and remove the items identified
Run Spybot
Reset your homepage then reboot.
This should do the trick.
Spybot and CWShreader are freeware and can be found by doiung a simple search.
0
Hi there,
.
Been working on this for 2 weeks now. One week in the registry alone. Even restored the registry (several times) to no avail. I've got all the good stuff, been running it for a long time. Firewall, Virus Scanner, SpyBot, Ad-Aware, CWShredder, RegProt, SPG, etc, all the latest versions.
Locking the Start Page in SpyBot "Immunize" does nothing, it looks okay for a while but still fails a short while later. I even reloaded IE with all the latest. Did the Windows Repair function. Even changed firewalls after ZoneAlarm started acting goofy.
.
Here the only thing that has worked for me:
.
CHANGED OVER TO USING NETSCAPE
.
Life is so much easier now. :- )
.
Joe
0
between adaware and hijack this, it seems that the problem is taken care of.
for this pc anyways.
0
The recipe for riding yourself of about:blank search hijacker is as follows.
There are two malicious .dll files on you computer. One is visible and can be easily deleted. The other is a HIDDEN core file. The hidden core .dll regenerates the viewable .dll if it is deleted or changed. The hidden core file is the problem.To rid your self of the hidden core .dll, which is the core of the problem, do the following:
1) Obtain CodeStuff Starter. http://members.lycos.co.uk/codestuff/news.shtml2) Also, if you have not already, download anti-spyware/malware software like AdAware or Spybot.
3) Open Internet Explorer.
4) Start CodeStuff Starter.
5) Click the Processes running button.
6) Look for “Internet Explorer” on the top half and highlight it.
7) In the middle panel you'll see a list of .dll's under the Module column.
8) Under the Handle column look for 61c00000 with a file size 61,440. Remember this file name or write it down.
9) Get the Windows XP or 2000 setup CD and boot up into the Recovery Console.
10) Go into c:\windows\system32 (cd system32) directory and for the hidden core .dll file.
11) Delete that .dll file!
12) Run anti-spyware if desired. I have AdAware v6 and Spybot Search & Destroy. Later on, do a Registry search for the hidden core.dll file and about:blank and delete the entries.
I'm a support specialist and I've done many times at various companies and friends PC's. It's a nasty little CWS variant.
0
I think I finally fixed this problem. I will try to explain the fix in laymans terms so most will understand.
First off, the problem seems to be in the file ince.dll
Scotty the watchdog on WinPatrol picked right up on this when ince.dll kept trying to access my computer. Even though I would say NO to the request Ince.dll would override and get into the system.
Trying to delete Ince.dll by doing a "start/search/ files and folders and typing in Ince, found the file but because it's a dll file I was unable to delete. The system thinks its an important part of the computer and deleting it is a big no no.
I then used hijack this, and the INCE file always appeared, but even after deleting it through this program it would reappear within minutes.
This got me thinking. What if I fooled my computer into thinking that the INCE.dll file was no longer needed.
What I did was this, and so far, so good. My homepage is back to what I want,and about blank is gone. Thank God.While on line, I went to search files and folders and typed in INCE.dll
When the file appeared I double clicked on it.
A message appeared that by running this file It might be unsafe. I said, what the heck, the way my computer was running was unsafe anyway. After double clicking a box opened up asking me what program I wanted to run INCE.dll in. I chose something safe. I chose wordpad. Wordpad opened the file and it was just unreadable computer lanquage details.
I then went to edit/select all and deleted all that was written.
I then went back to "start/search/ files and folders and typed in INCE.dll
The file appeared, but now since its aassociation is with wordpad and not the main operating system, I was able to delete the file.
I tricked the computer into deleteing it.
It's only been 2 days, but so far about blank
seems to be gone.
0
To Al:
Hi Al....ive got this about:blank prob also.
When I run HJT, I do not encounter the INCE.dll file, not can I find it when I search files. Could the CWS variant be under another name? Do you know what that name might be (or names)? Also, what it is the visible malicious .dll file that I can find right away to delete in Ad-aware? thanks, schmynka
0
To schmynka:
OK what's happening here is that the dll file is disguising itself through a different ddlFirst off do you have win patrol?
If so, use it to monitor your startup programs. Only allow the minimum if any at startup. After reboot see if a message appears that a dll file is trying to access the startup. This is probably the ddl in question. Even by saying NO, it will load up.
Next run the Hijack This program and see if the ddl file appears. It will. It will also have no association with anything. This is probably the culprip. Now do the search for that ddl file and open it into wordpro. Delete it through wordpro and then delete it through start/search/ files and folders. This should get rid of it.Good Luck.
Al
0
from what i have read the cws varient changes to random files
from some of the things i am reading on this post it may be possible that the .dll file could be the random changing file
if this makes any sense
i havn't had a chance to try cwshredder but a post that i saw from another forum said that it took care of the varient
the site was:
http://www.spywareinfo.com/~merijn/cwschronicles.html
Scsi - What you call your week-old underwear
0
I am going to try joopdog's post after i try cwshredder because it has rebuilt itself even after all of the spyware killer tries
Scsi - What you call your week-old underwear
0
Ok. I've been frustrated with this for some time but this is all I've found that worked. Download Win patrol and under IE Helpers you should find a little .dll file. On mine it was called dapg.dll. Search for this file in windows. When the file appears it thinks the file is an important system file. To change this right click on the file and select open with. From your selections choose word-pad and press ok. When the file opens select all the text and delete it and then press save. (Note: It will not allow you to save if you still have search box open.) Then go back and search for the file again. This time you should be able to right click on it and delete it. Remove it from your recycle bin and your good to go.
Hope This Helps!
0  |
 |
 |
This post is quite old and has been locked from receiving new replies. Please create a new posting instead.
| Ads by Google |
