DaniWeb IT Discussion Community

DaniWeb IT Discussion Community (http://www.daniweb.com/forums/index.php)

- Viruses, Spyware and other Nasties (http://www.daniweb.com/forums/forum64.html)

- - about:blank virus (http://www.daniweb.com/forums/thread5810.html)

Re: about:blank virus

Quote:

Originally Posted by Dreg_02

No, just a guy with a spyware problem, and I was reffering to the first point to this topic, using the cwshredder. BTW: New problem, I ran cws shredder, and removed the problem and fixed everything just dandy, now the about:blank thing keeps coming back every other time i turn on my pc, how do i kill this SOB virus permanently!?

Aahhh, my mistake. I thought you were referring to happyguy's post, (obviously).
Seeing as you have run CWShredder, run Adaware & spybot S&D then post your hijackthis log in your own thread.

Re: about:blank virus

is this program legit? anyone else tried it?

Re: about:blank virus

Quote:

Originally Posted by crunchie

Aahhh, my mistake. I thought you were referring to happyguy's post, (obviously).
Seeing as you have run CWShredder, run Adaware & spybot S&D then post your hijackthis log in your own thread.

After posting that last one, I tried that program that was posted by happyguy. It seemed to work, the about blank crud isnt coming back for now. However I am remaining skeptical about it. It actually found alot more crud than i thought it would. I guess ad-aware doesn't really find everything. Anyway, it's working for me, but try it at your own risk. I'll let you know if I have an reoccurrances. thanx for the help everyone!

Re: about:blank virus

Using only one adware/malware removal tool is only a partial approach. You will find the same advice everywhere you go looking for answers - use two or three such tools in combination!

Re: about:blank virus

Quote:

Originally Posted by Catweazle

Using only one adware/malware removal tool is only a partial approach. You will find the same advice everywhere you go looking for answers - use two or three such tools in combination!

Yes- absolutely. The people who write these removal utilities are always one or two steps behind the #$^$&* who are writing the malware programs; there is no single program which will catch/fix all of the problems.

Re: about:blank virus

Quote:

Originally Posted by DMR

The Program turns out does not work. the about:blank virus continues to atk my computer, here is my hijack this log after just deleting the virus for the 10th time using cwshredder

Logfile of HijackThis v1.97.7
Scan saved at 3:11:12 PM, on 6/29/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\lrrhxr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Spyware Doctor\spydoctor.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Dreg\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Dreg\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.afes.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [alchem] C:\WINDOWS\alchem.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [spdjldoxbhm] C:\WINDOWS\System32\lrrhxr.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/game...s/y/potd_x.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B84EAA12-6D6D-4E10-A941-FE42EC4E3935}: NameServer = 206.13.31.12,206.13.28.12

Re: about:blank virus

CWShredder version 1.59.1 now fixes this. Please update yours :) . HJT version 1.98 is out too so you should update that too.

Re: about:blank virus

Quote:

Originally Posted by crunchie

CWShredder version 1.59.1 now fixes this. Please update yours :) . HJT version 1.98 is out too so you should update that too.

Could someone link me to the update? the programs are unable to update on their own on my computer.

Also the we page i believe i got this virus from, is now unreachable by my pc. It still is reachable through other pcs but not mine, anytime i try to go there or try to br redirected there, i am taken to about:blank again and the virus is uploaded to my pc again. how do i fix this?

Re: about:blank virus

CWShredder is made by the same guy who makes HJT:

http://www.spywareinfo.com/~merijn/downloads.html

Re: about:blank virus

1.98 link in my signature.
The Removal tools link .