i have had this virus for about a month and i just did everything the messages instructed...it said to post the log that i got from hijackthis...so i guess i can post it here..I am new to all this so any help i recieve would be greatly appreciated. When exactly will the about:blank thing go away? Is it gone now or do I still need to do more?

Thanks,
RSuave427



Logfile of HijackThis v1.97.7
Scan saved at 1:13:26 AM, on 5/31/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\svchosd.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://yellow-pages.ws/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
F0 - system.ini: Shell=Explorer.exe svchosd.exe
F1 - win.ini: run=C:\WINDOWS\system32\services\wmplayer.exe
F2 - REG:system.ini: Shell=Explorer.exe svchosd.exe
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [win32.exe] C:\WINDOWS\win32.exe
O4 - HKLM\..\Run: [mswspl] C:\WINDOWS\sb.exe
O4 - HKLM\..\Run: [Aplune Service] svchosd.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.flingstone.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab

Hey rsuave427

you should not post a new problem on this thread. create your own. As DMR said (If you need to repost, please start your own thread instead of continuing here. To keep threads clear and concise, we ask that members abide by our policy of "one member, one problem" per thread.). Also did you try CAPERJACK's instructions.

The most direct response to the about|blank hijack I've seen is in this topic:


http://daniweb.com/techtalkforums/thread5531.html

You have more than about blank ,like this one --O4 - HKLM\..\Run: [Aplune Service] svchosd.exe.
This is why its always best to start your own thread instead of piggie backing to one like this one.
Everyones log is different!!Everyones problems are different!

Run this free online virus scan ,check off auto fix.and and then Scan
http://housecall.trendmicro.com/hous...start_corp.asp

about:blank trojan removed!
(aka HomeOldSP hijacker)

I tried most adware programs to no avail.
The wicked pest kept returning.
Now I am happy to report that there is a cure:
Adware Away.
It is as easy as pie to use.
The about:blank trojan was killed in minutes.

Click "more" on Adware Away's menu.
Icons with names of various hijackers are displayed.
Click on those bothering you, and they're gone!!

In fact it also trashed
CoolWebSearch, Lycos SideSearch and IstBar -
trojans I didn't even know I had. All I can say,
"Adware Away is FANTASTIC".

www.AdwareAway.com

Does the program actually remove them, or just disguise them?? I am trying to get more info on it. If it only prevents the running of these programs it's not much cop. You also have to pay for it.

Yeah crunchie. Adware Away actually zaps about:blank trojan!
They have a five day free trial. The tech support guy is great. Responded to me immediately. And even updated his fine program the same day with a suggestion of mine.

After running Scan on the first page of Adware Away, click on More. This takes you to a menu of Hijackers. Click on the about:blank icon. It is zapped instantly! The trojan, that is! (not the icon.) hehe

It was like finding the cure for cancer. This guy was so happy he paid ten bucks extra for their CD. The program even found other malware on my PC that I was ignorant of, as mentioned above.

I was afflicted with the same virus and thanks to this message post I was able to fix it. I just wanted to say thank you very much for all your help! :mrgreen:

Not related to happyguy are you?? Noticed it was you first post.

No, just a guy with a spyware problem, and I was reffering to the first point to this topic, using the cwshredder. BTW: New problem, I ran cws shredder, and removed the problem and fixed everything just dandy, now the about:blank thing keeps coming back every other time i turn on my pc, how do i kill this SOB virus permanently!?