about:blank virus
Please support our Viruses, Spyware and other Nasties advertiser: Programming Forums
![]() |
•
•
Posts: 18
Reputation:
Solved Threads: 0
•
•
•
•
Originally Posted by Dreg_02
After posting that last one, I tried that program that was posted by happyguy. It seemed to work, the about blank crud isnt coming back for now. However I am remaining skeptical about it. It actually found alot more crud than i thought it would. I guess ad-aware doesn't really find everything. Anyway, it's working for me, but try it at your own risk. I'll let you know if I have an reoccurrances. thanx for the help everyone!
Okay update, it came back! I went into safe-mode ran a cwshredder search, it found 1 CWSearchX.exe and killed it. I also ran an adaware and PC doctor scan. Ad-aware found the CoowWebSearch cookie and PC doctor found a bunch of cookies and the seemingly-imortal Twain-Tech thing, anyway, I ran this hijack this log in safe mode immediatly after the CWShredder was ran, but before the other 2, check it out.
Logfile of HijackThis v1.97.7
Scan saved at 2:08:56 AM, on 6/28/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Dreg\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Dreg\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Dreg\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Dreg\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Dreg\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Dreg\LOCALS~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Dreg\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.afes.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - (no file)
O2 - BHO: (no name) - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [alchem] C:\WINDOWS\alchem.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [spdjldoxbhm] C:\WINDOWS\System32\lrrhxr.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Commo
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Dreg\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Dreg\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Dreg\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Dreg\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Dreg\LOCALS~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Dreg\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - (no file)
O2 - BHO: (no name) - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll
--------------------------------------------------------------------------
Download and install APM from: http://www.diamondcs.com.au/index.php?page=apm
Close all windows except HijackThis and fix the lines above.
In the upper window of APM select explorer.exe
In the lower window find and rightclick the BHO from the HijackThis log (systb.dll)
Select Unload DLL and click OK on the prompts that follow.
Reboot and scan with AdAware (after updating the reference file) to remove the txt and html protocol association.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Dreg\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Dreg\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Dreg\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Dreg\LOCALS~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Dreg\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - (no file)
O2 - BHO: (no name) - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll
--------------------------------------------------------------------------
Download and install APM from: http://www.diamondcs.com.au/index.php?page=apm
Close all windows except HijackThis and fix the lines above.
In the upper window of APM select explorer.exe
In the lower window find and rightclick the BHO from the HijackThis log (systb.dll)
Select Unload DLL and click OK on the prompts that follow.
Reboot and scan with AdAware (after updating the reference file) to remove the txt and html protocol association.
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Please do not PM me for help, (I will ignore you if you do). Instead, post in the public forum where others may benefit.
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Please do not PM me for help, (I will ignore you if you do). Instead, post in the public forum where others may benefit.
•
•
•
•
Originally Posted by Dreg_02
Okay update, it came back! I went into safe-mode ran a cwshredder search, it found 1 CWSearchX.exe and killed it. I also ran an adaware and PC doctor scan. Ad-aware found the CoowWebSearch cookie and PC doctor found a bunch of cookies and the seemingly-imortal Twain-Tech thing, anyway, I ran this hijack this log in safe mode immediatly after the CWShredder was ran, but before the other 2, check it out.
Have split your post out to your own thread for simplicity
. Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Please do not PM me for help, (I will ignore you if you do). Instead, post in the public forum where others may benefit.
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Please do not PM me for help, (I will ignore you if you do). Instead, post in the public forum where others may benefit.
![]() |
Similar Threads
Other Threads in the Viruses, Spyware and other Nasties Forum
- About:blank virus (smitfraud) (Viruses, Spyware and other Nasties)
- about: blank virus (Viruses, Spyware and other Nasties)
- about:blank virus (Viruses, Spyware and other Nasties)
- About:Blank virus too confusing to remove (Viruses, Spyware and other Nasties)
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: slow computer
- Next Thread: hijack this log
•
•
•
•
Views: 7926 | Replies: 2 | Currently Viewing: 1 (0 members and 1 guests)






Linear Mode