about:blank problems

I should point out that the registry settings for app_init_dlls is currently set to a dll that doesn't exist as I had managed to get rid of it previously. So I think the problem lies elsewhere.

hi Can anyone help me with problems regarding the dreaded about:blank homepage. There are various posts on this site concerning this nasty little problem. I've followed them all however the problem still reappears no matter what I try. Please can someone help?

Do I need to post my hijackthis log here or something? I've not used this site before. Thanks.

This needs to be put in the Security section and you can also post your hjt log there. I would move it for you, but I don't know how yet.

It's ok thanks I think I've fixed it. The problem with this is that there are a lot of advice and fixes and they are pretty much all incorrect. You should follow the registry fixes etc but there is still one final step:

Users will need to search for the latest dll in windows/system32 (i.e. list by date), rename it. Reboot into safe mode and delete it.

Moved to Security.

It's ok thanks I think I've fixed it. The problem with this is that there are a lot of advice and fixes and they are pretty much all incorrect. You should follow the registry fixes etc but there is still one final step:

Users will need to search for the latest dll in windows/system32 (i.e. list by date), rename it. Reboot into safe mode and delete it.

Hey all you senior techies out there, is this a good fix?

Not being funny but a lot of the solutions offered to this fix are a) incorrect or b) correct to some degree or c) badly written in the extreme.

One thing is for sure, cwshredder, about:buster, hijackthis, reglite.exe, ad aware - none of these will fix this problem for sure. You need to run my dll check as listed above or it will keep coming back. I hope this helps I can't believe that there isn't an automated solution to this yet another glaring security problem.

ok after my previous posturing this thing appears to back. Similarly to other people it has come back about two days later. I think it's to do with other users logging onto my pc, somehow this propogates again. Can anyone help?

All I can say is this:

The system I'm using now was infested with this about|blank rubbish, it is'nt now!

Just after it got hit with the about|blank thingy, it also got hit with a netsky variant virus. Here's the combination of tools I used on it, all in 'Safe mode'.

Stinger
AdAware
Spybot Search & Destroy
CWShredder
Trojan Remover

It took several reboots before full functionality of the system was restored, as several OS functions 'dissappeared for a little while (System Properties, Add/Remove programs and a few others. They came back after a few reboots)

Having got the system back to clean, working order, I've installed a better AntiVirus package and paid more attention to keeping it updated, as failure to install an update is the reason it copped the virus infection. I've also switched to using Mozilla as my default browser, and use Internet Explorer only when absolutely necessary.

I'm sorry catweasle but I simply don't believe you and I reckon you are trying to hawk adaware. Why on earth would it require several reboots? Either it's fixed or not. Similarly why would system properties disappear and come back?

Oh my! I'm not accustomed to being called a liar! The tale was related just as it occurred.

And as far as 'hawking AdAware' goes, I think you should read the Security forum 'sticky'! You'll notice that it suggests the use of several programs in combination to deal with Malware. Anyone who thinks any one program is 'the answer' is simply a fool!

Rather than rant I thought I would explain a bit more why I think you are trying to hawk adware software on here. Here is an excerpt from elsewhere:
=======================
So here are the programs I TRIED to use to remove this malware!

-Ad aware 6.0 w. updates
-Spybot w. updates (doesnt seem like they update anymore though)
-Latest version of cwshedder
-Hijack this
-Spy Sweeper with updates (takes a long time to scan but picks up more stuff than spybot/adaware)
-BHO Demon 2.0 (picks up the randomly generated .dll file

None of these programs have helped me remove this nasty spyware..

*all done in safe mode btw*
=====================

You seen this on the web time and time again. People are running these progs in safe mode and not getting anywhere. How come the security experts on this site cannot find a fix for this either?

So far you have given us nothing to work with, so *nothing* is the result. :)

What do you need to work with? All you need to know really is that any spurious entries in any of the hijack this logs mentioned in ANY threads related to this problem are deleted accordingly, however they come back. The registry setting that needs to be deleted is also non-existent on my machine.

What do you need to work with? All you need to know really is that any spurious entries in any of the hijack this logs mentioned in ANY threads related to this problem are deleted accordingly, however they come back. The registry setting that needs to be deleted is also non-existent on my machine.

If you've done any research on the "about:blank" problem, then you should know that recent versions have become very sophisticated and difficult to remove.

You need to start somewhere, so start with the tools you've already found in other posts, then post an hjt log here so the techs have someplace to start.

Well guys all i can say is that I eventually removed it I believe by running all the tools mentioned in safe mode and also for each individual user in safe mode.

The part I believe I can offer as a solution was my original dll removal posting at the start of this thread. You need to find the newest dll in the system32 directory, rename it and remove in safe mode, this came back twice. Hope this can help someone.

In some of the infections that file will not be visible even when you have all files/folders set to show.

Well I hate to say it but it is now back... I'm slowly drawing a blank, the file pointed to in the registry does not exist. A new dll gets created but I delete it in safe mode. hijackthis shows up some entries which i remove in safe mode, I then run, spybot, noadaware etc, cw shredder, about:buster, in safe mode, for each user, but then it comes back.

any new ideas?
Do you reckon sp2 will help? I can only see it leading to problems to be honest if other microsoft software is anything to go by.

I reckon formatting and installing fresh would help.

Or you could do what I did:

Download and install Mozilla, and set it as your default browser. I only use Internet Explorer nowadays for the Windows Update site, and a handful of others I visit regular which have an issue or two with Mozilla. Most sites work just fine, and the browser is better (tabbed browsing is GREAT!) and also not prone to the net nasties that plage IE.

(Service Pack 2 is marvellous, by the way. But it doesn't stop IE from being a mess that can't be fixed ;))

Well I hate to say it but it is now back... I'm slowly drawing a blank, the file pointed to in the registry does not exist. A new dll gets created but I delete it in safe mode. hijackthis shows up some entries which i remove in safe mode, I then run, spybot, noadaware etc, cw shredder, about:buster, in safe mode, for each user, but then it comes back.

any new ideas?
Do you reckon sp2 will help? I can only see it leading to problems to be honest if other microsoft software is anything to go by.

Notice you haven't posted a hijackthis log ,any reason!!

And isn't NoAdware one of the programs that isn't good? Just curious...I couldn't remember. :)

ok here is my hjt logfile:

Logfile of HijackThis v1.97.7
Scan saved at 23:16:07, on 16/08/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\ShareDLL\CtNotify.exe
E:\Program Files\iRiver\iHP100\iHPDetect.exe
E:\Program Files\Winamp\winampa.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Creative\NOMAD Jukebox 2\PlayCenter2\CTNMRun.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\U.S. Robotics 802.11g WLAN\USRWLANG.exe
C:\Program Files\Creative\ShareDLL\Mediadet.exe
C:\Program Files\Yahoo!\Messenger\YPager.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\All Users\Documents\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Josh\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Josh\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Josh\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Josh\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Josh\LOCALS~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Josh\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5989DA1A-0F1A-4BB0-A3BD-15664072D4F6} - C:\WINDOWS\System32\negk.dll (file missing)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [CTStartup] "C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE" /run
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iHP-100] E:\Program Files\iRiver\iHP100\iHPDetect.exe
O4 - HKLM\..\Run: [WinampAgent] e:\Program Files\Winamp\winampa.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\\SmartDoctor.exe /start
O4 - HKCU\..\Run: [NOMAD Detector] "C:\Program Files\Creative\NOMAD Jukebox 2\PlayCenter2\CTNMRun.exe"
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: U.S. Robotics 802.11g Wireless Network Utility.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - E:\Program Files\DLink\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: ICQ Pro (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: Research (HKLM)
O9 - Extra button: @btrez.dll,-4015 (HKLM)
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O15 - Trusted Zone: http://www.hotmail.com
O15 - Trusted Zone: http://cb.msn.com
O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} (AccountTracking Profile Manager Class) - http://moneymanager.egg.com/activex/accounttracking.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38047.6118402778
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Please note that I've tried killing all the dodgy entries under R1 and 02, note that this entry...

O2 - BHO: (no name) - {5989DA1A-0F1A-4BB0-A3BD-15664072D4F6} - C:\WINDOWS\System32\negk.dll (file missing)

...appears to be the nasty dll causing the problem, in this instance I've renamed it. I then go on to delete it in safe mode, and run all the usual spyware tools including ad-aware, spy sweeper, hjt, cwshredder, about:buster, for each user in safe mode, however it comes back. Tonight I tried looking for that dll in the registry, I found it under: HKEY_CLASSES_ROOT\CLSID\{3D4FF913-E8FE-4690-8BF1-DF54FDE048DB}\InProcServer32 , so I renamed the dll entry. Does anyone know if this can be deleted entirely? Greatly appreciate any help here, cheers.

in answer to your question no adware is one of the programs that will not get rid of this. Forget what you read elsewhere from what I've seen for myself and read there are no successful anti adware tools that can remove this. Any news on the hjt log?

What I meant was that if I remembered correctly, I thought NoAdware was one of the "rogue" anti-spyware programs that gives you false positives to convince you to buy the full program. Luckily for me, the things I had on my computer a couple of months ago were easily removed with the anti-spyware/adware tools and removing certain entries from my hjt log. Good luck on your's too! :)

What I meant was that if I remembered correctly, I thought NoAdware was one of the "rogue" anti-spyware programs that gives you false positives to convince you to buy the full program.

Yes, that's exactly the issue with NoAdware; you can read more about it here:

http://www.spywarewarrior.com/rogue_anti-spyware.htm

Well I hate to say it but it is now back... I'm slowly drawing a blank, the file pointed to in the registry does not exist. A new dll gets created but I delete it in safe mode. hijackthis shows up some entries which i remove in safe mode, I then run, spybot, noadaware etc, cw shredder, about:buster, in safe mode, for each user, but then it comes back.QUOTE]

Reglite worked for me in fixing a similar problem, it will make the offending dll visible so it can then be deleted. Have a look at the last several posts in this thread for downloading and using it:
http://www.daniweb.com/techtalkforums/showthread.php?t=8508&page=2&pp=15

Good luck!

thanks for trying however I was at this stage towards the beginning of the problem. The two things I found were that 1) There was no point in downloading reglite, as regedit did the same thing pretty much. 2) It didn't fix the problem. I'm still astounded that this problem can't be fixed and reckon that I must be the worlds foremost body on this issue as there is not as of yet any identifiable solution. Therefore I personally have the most background on the issue!!

Follow this one
http://computercops.biz/postt57195.html