the about blank virus

September 25, 2013 at 19:10:07
Specs: Windows 7
Is there an antivirus that gets rid of about blank?

See More: the about blank virus

Report •


#1
September 25, 2013 at 20:50:29
1: Run AdwCleaner
http://www.softpedia.com/get/Antivi...
http://www.softpedia.com/progScreen...
http://general-changelog-team.fr/en...
http://www.raymond.cc/blog/adwclean...
Please download AdwCleaner by Xplode onto your desktop.
Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Delete.
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please Copy & Paste the contents of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

2: Run Junkware Removal Tool
http://www.softpedia.com/get/Securi...
http://www.softpedia.com/progScreen...
http://www.bleepingcomputer.com/dow...
http://thisisudax.blogspot.com.au/2...
Download Junkware Removal Tool to your desktop.
Warning! Once the scan is complete JRT will shut down your browser with NO warning.
Shut down your protection software now to avoid potential conflicts.
Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...
Run the tool by double-clicking it. If you are using Windows Vista or Windows 7/8, right-click JRT and select Run as Administrator
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Copy and Paste the contents of the JRT.txt log please.


Report •

#2
November 14, 2013 at 08:16:05
Hi,
Thanks for your reply. Haven’t been ignoring this post. I tried downloading AdwCleaner from several places. Couldn’t figure it out. The download kept wanting me to download numerous other programs. Forget that. It never did mention AdwCleaner. I did download Junkware Removal Tool and ran that. ‘fraid I deleted the first log. Just ran it again and here’s the log:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Home Premium x64
Ran by Administrator on Thu 11/14/2013 at 9:22:24.23
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\speedmaxpc"
Successfully deleted: [Folder] "C:\Users\Administrator\AppData\Roaming\drivercure"
Successfully deleted: [Folder] "C:\Users\Administrator\AppData\Roaming\speedmaxpc"
~~~ FireFox

Emptied folder: C:\Users\Administrator\AppData\Roaming\mozilla\firefox\profiles\858jo8cm.default\minidumps [23 files]

~~~ Event Viewer Logs were cleared
Scan was completed on Thu 11/14/2013 at 9:59:48.29
-----------------------------------------------------------------------------------------------------------------
My internet service was offering McAfee for free and so I downloaded that. Don’t like McAfee, I had it once before and it kept screwing up my computer. After a 20 hour scan it found one Trojan. That’s good, but that doesn’t seem too efficient. Don’t know how good McAfee is at protecting against the about blank virus.
Every so often a screen with about blank pops up. Then I read something like this:
http://googlesystem.blogspot.com/20...
And now I wonder if about blank is a normal computer function. I did have the about blank virus that kept redirecting my homepage to something I didn’t want so I go on alert every time I see a page with about blank.


Report •

#3
November 14, 2013 at 12:22:59
"And now I wonder if about blank is a normal computer function"
Who knows, that is why special programs are available to check, process of elimination.
If we get clean logs from you, we then know.

3: Download & run Unhide
http://www.bleepingcomputer.com/for...
http://download.bleepingcomputer.co...
To run Unhide, simply download it to your desktop and then double-click on the Unhide icon. The program will open a black box and start making the files on your fixed disks visible again. Please note, that this program will not unhide removable drives like flash cards and usb drives as the FakeHDD rogues do not target these types of drives. Once it has finished, the program will display a Windows alert stating that your files have been restored. You should then reboot your computer for all of the settings to go into effect.
Copy & Paste the contents of the log. Let me know if it doesn't produce a log please.

4: Reboot

5: Run RogueKiller
http://www.softpedia.com/get/Securi...
http://www.softpedia.com/progScreen...
http://majorgeeks.com/RogueKiller_d...
http://www.geekstogo.com/forum/file...
http://tigzy.geekstogo.com/roguekil...
http://www.sur-la-toile.com/RogueKi...
User guide
http://www.adlice.com/softwares/rog...
Official tutorial
http://tigzyrk.blogspot.fr/2012/11/...
If RougeKiller won't run, open IE & turn off SmartScreen Filter.
http://windows.microsoft.com/en-AU/...
Download & SAVE to your Desktop.
Quit all programs that you may have started.
Shutdown your antivirus to avoid any conflicts.
Please disconnect any USB or external drives from the computer before you run this scan!
For Vista or Windows 7/8, right-click and select "Run as Administrator to start"
For Windows XP, double-click to start.
Wait until Prescan has finished ...
Then Click on "Scan" button
Wait until the Status box shows "Scan Finished"
click on "delete"
Wait until the Status box shows "Deleting Finished"
Click on "Report" and Copy & Paste the content of the Notepad into your next reply.
The log should be found in RKreport[1].txt on your Desktop
Exit/Close RogueKiller.
When completed make sure to re-enable your antivirus.


Report •

Related Solutions

#4
November 24, 2013 at 20:04:18
Thanks for your reply. I've been running all kinds of antiviruses. They don't seem to find any malware. I ran roguekiller as you suggested, ran McAfee, updated my computer, downloaded some of the microsoft security programs ( microsoft makes the software so I figure they 'd best know how to protect it). Sometimes my computer freezes, but that's probably a problem with the programs clashing- all those antiviruses. Usually I just have to let it sit until it straightens itself out.
Keep getting pages that say about blank, but from some things I've read these pages may just be normal for foxfire while it figures out what to do next. I noticed mention on some pages of l.yimg when strange pages would open up. Like the about blank virus the l.yimg virus can hijack your browser. The l.yimg virus would account for my browser going to webpages I never chose. Haven't seen any sign of this virus since running all these programs. Hope its gone.

Report •

#5
December 4, 2013 at 15:04:04
Dang saw the l.yimg page come up again.

Report •

#6
December 4, 2013 at 15:09:06
It is impossible to know what is going on, if I don't see the logs.

Copy & Paste the contents of the 2 logs from my post #3 as requested.

message edited by Johnw


Report •

#7
December 6, 2013 at 07:12:28
RogueKiller V8.7.11 _x64_ [Nov 25 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/rog...
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Administrator [Admin rights]
Mode : Scan [Aborted] -- Date : 12/06/2013 10:07:52
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


¤¤¤ MBR Check: ¤¤¤

Finished : << RKreport[0]_S_12062013_100752.txt >>



Report •

#8
December 6, 2013 at 11:23:02
"I tried downloading AdwCleaner from several places. Couldn’t figure it out"
Here is how to download AdwCleaner.
http://i.imgur.com/BWELEfV.gif
http://i.imgur.com/4luY3rU.gif
Go back to my post #1 & proceed.

Report •

#9
December 6, 2013 at 12:57:26
Unhide by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Unhide.exe can be found at this link:
http://www.bleepingcomputer.com/for...

Program started at: 12/06/2013 01:13:56 PM
Windows Version: Windows 7

Please be patient while your files are made visible again.

Processing the C:\ drive
Finished processing the C:\ drive. 308437 files processed.

The C:\Users\ADMINI~1\AppData\Local\Temp\smtmp\ folder does not exist!!
Unhide cannot restore your missing shortcuts!!
Please see this topic in order to learn how to restore default
Start Menu shortcuts: http://www.bleepingcomputer.com/for...

Searching for Windows Registry changes made by FakeHDD rogues.
- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
* NoActiveDesktopChanges policy was found and deleted!
- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
* DisableTaskMgr policy was found and deleted!
- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced

Program finished at: 12/06/2013 03:26:39 PM
Execution time: 2 hours(s), 12 minute(s), and 43 seconds(s)


Report •

#10
December 14, 2013 at 18:47:51
I think I figured out how to get the info from adwcleaner. It said to check to see if there is anything I want to keep before I clean the computer. I don't know because I don't know what any of it is.
# AdwCleaner v3.015 - Report created 14/12/2013 at 21:25:28
# Updated 10/12/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Administrator - WENDY-PC
# Running from : C:\Users\Administrator\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\safeguard-secure-search.xml

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AVG SafeGuard toolbar
Key Found : HKCU\Software\SpeedMaxPC
Key Found : [x64] HKCU\Software\AVG SafeGuard toolbar
Key Found : [x64] HKCU\Software\SpeedMaxPC
Key Found : HKLM\Software\AVG SafeGuard toolbar
Key Found : HKLM\Software\AVG Security Toolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Found : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Found : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\EasyGPS_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Found : HKLM\Software\SpeedMaxPC
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Found : [x64] HKLM\SOFTWARE\DataMngr
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Found : [x64] HKLM\SOFTWARE\Tarma Installer
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16736


-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\858jo8cm.default\prefs.js ]


-\\ Google Chrome v

[ File : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [3802 octets] - [08/12/2013 16:56:15]
AdwCleaner[R1].txt - [3674 octets] - [14/12/2013 21:25:28]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [3734 octets] ##########

I've had the l.yimg virus keep coming up in messages like:
transferring data from l.yimg, on my machine.
The l.yimg virus seems to be associated with yahoo. Couldn't get the yahoo toolbar to uninstall no matter how many times I tried to get it to do so. Finally was able to get rid of it with revouninstaller. So happy,( I can't wait to uninstall more with that program). Had hoped finally getting rid of yahoo toolbar would be the end of l.yimg.
Still when I go to yahoo.com there are messages about l.yimg activity on my machine. I'm using firefox which seems to use yahoo as its search engine.


Report •

#11
December 14, 2013 at 20:27:58
"I've had the l.yimg virus keep coming up in messages like:
transferring data from l.yimg, on my machine"
One step at a time, lets see what is happening after deleting the files in AdwCleaner.

"I don't know because I don't know what any of it is"
No need, hit Delete & post the new log.


Report •

#12
December 15, 2013 at 20:50:32
# AdwCleaner v3.015 - Report created 15/12/2013 at 23:27:58
# Updated 10/12/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Administrator - WENDY-PC
# Running from : C:\Users\Administrator\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16736


-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\858jo8cm.default\prefs.js ]


-\\ Google Chrome v

[ File : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [3802 octets] - [08/12/2013 16:56:15]
AdwCleaner[R1].txt - [3866 octets] - [14/12/2013 21:25:28]
AdwCleaner[R2].txt - [3926 octets] - [15/12/2013 17:43:16]
AdwCleaner[R3].txt - [959 octets] - [15/12/2013 23:27:58]
AdwCleaner[S0].txt - [3956 octets] - [15/12/2013 17:45:49]

########## EOF - C:\AdwCleaner\AdwCleaner[R3].txt - [1078 octets] ##########


Report •

#13
December 15, 2013 at 21:39:59
Thanks, AdwCleaner has done it's job.

""I've had the l.yimg virus keep coming up in messages like:
transferring data from l.yimg, on my machine""

Are you still getting that message?



Report •

#14
December 15, 2013 at 22:01:21
Download OTL from any of the following links and save to your desktop.
http://itxassociates.com/OT-Tools/O...
http://oldtimer.geekstogo.com/OTL.exe
http://www.itxassociates.com/OT-Too...
Double click the OTL icon to start the tool. (Note: If you are running on Vista or Windows 7 accept UAC alert)
When the window appears, underneath Output at the top, make sure Standard output is selected.
Select Scan all users
Change Drivers to All
Under the Extra Registry section, check Use SafeList
In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
Click Run Scan and let the program run uninterrupted.
When the scan is complete, two text files will be created on your Desktop. Copy & Paste the contents of both logs please.
OTL.Txt <- this one will be opened
Extras.txt <- this one will be minimized

message edited by Johnw


Report •

#15
January 2, 2014 at 16:58:59
I ran OTL. It produced a lot of information about my computer. Wondering if I should be posting it here since I don't really know what it is I'm posting. Wondering if I should have posted any. Feeling a little leery with all the identity and information theft going on on the internet.
An interesting thing happened when I ran the above programs. When I first started using firefox the opening homepage was google firefox search. Then for no reason it started using yahoo firefox search for the homepage. After I ran the above programs it reverted back to google firefox search. I wonder if the homepage had been hijacked to yahoo firefox search (a fake?) especially since I kept getting references to l.yimg with yahoo.
I think if I'm going to do any more tweaking I'll just clean out my computer and reload the OS system. Thanks for all the referrals to anti malware programs which I'm sure I'll use again. Now on to my next question.

Report •

#16
January 2, 2014 at 17:10:51
Make sure when you reinstall, you delete ALL partitions & format to NTFS.
XP - D to Delete the selected partition
http://www.blackviper.com/os-instal...
Vista - Drive options (advanced)
http://www.vistax64.com/tutorials/1...
W7 - Click on > Drive options (advanced) Then highlight each partition & hit > Delete.
http://www.blackviper.com/os-instal...
http://www.blackviper.com/os-instal...
W8 - The complete guide to a Windows 8 clean installation
http://i.imgur.com/2FOd60C.gif
http://i.imgur.com/pm8d5Xm.gif
http://pcsupport.about.com/od/windo...
http://www.techrepublic.com/blog/wi...
Here are some examples of why you delete all partitions.
http://forums.spybot.info/showthrea...
http://forums.whatthetech.com/index...
http://blog.eset.com/2011/10/18/tdl...

Go to any malware forum & you will see that looking at logs is normal, in fact it is impossible to work out, without logs.

Here a few of them.
http://www.bleepingcomputer.com/for...
http://www.techspot.com/community/t...
http://www.techie7.com/help/spyware...
http://maddoktor2.com/forums/index....
http://5starsupport.co.uk/index.php...
http://forums.devshed.com/antivirus...
http://discussions.virtualdr.com/sh...
http://www.computing.net/answers/se...
http://www.computing.net/answers/se...
http://www.computing.net/answers/se...
http://www.help2go.com/content/tuto...
http://www.pchelpforum.com/xf/threa...
http://www.computerforum.com/131398...
http://www.computerhope.com/forum/i...
http://www.dslreports.com/faq/13616
http://www.malwarebytes.org/forums/...
http://www.247fixes.com/forums/topi...
http://www.neowin.net/forum/topic/7...
http://gladiator-antivirus.com/foru...
http://www.theeldergeek.com/forum/i...
http://www.spywareinfoforum.com/top...
http://www.geekstogo.com/forum/topi...
http://forum.bullguard.com/forum/9/...
http://www.malwareteks.com/kb/Clean...
http://www.windowsbbs.com/malware-v...
http://www.malwareremoval.com/forum...
http://www.spywareinfoforum.com/top...


Report •

Ask Question