Warning

 

Close

Confirm Action

Are you sure you wish to do this?

Confirm Cancel
Member Login
Posted: 2/16/2006 3:12:58 PM EDT
[Last Edit: 2/16/2006 3:32:18 PM EDT by Rocketeer]
Hi Guys,

I have a 4700 Dell system that is just over a year old. It has Windows XP Home Edition and McAfee Security (VirusScan, Personal Firewall Plus, Privacy Service, Spamkiller).

The PC has been infected with a web highjacker called about:blank. It piggybacks itself behind my usual web browser and slows everything down. When you click to go to a web sight, it bounces it back and forth to another advertising sight before it goes to the sight I want. You can watch the address as it does this.

I had it before a few months back and the only way I was able to get rid of it was to do a "image restore." I thought I had remembered how to do this by powering up the PC and hitting the F11 button right after the DELL icon show up. This then would show me a screen to proceed with restoring my computer back to where it was when I first turned it on. Brand new out of the box.

As I'm sure you all know, Windows XP has a feature called restore that takes you back several months to a place that was saved in time, or you can set a date yourself. I tried this the first time I got about:blank and it was a no go. Like I said, I had to do a "image restore" that basically puts your system back to where it was when I bought it, straight from the factory.

I would greatly appreciate any info on how to do this again. Unfortunately for some reason it's not working this time. Also, I would really appreciate info on how not to get this piece of crab nuisance again. I took every precaution and kept my security updated. I'm not sure how I got it again.

I have DSL, but now I might as well have dial up because I'm creeping along!!!!!!

Thank you in advance for your help.


Edit: I just wanted to add that I did search all of the sights and downloaded Spybot, Adaware, and several others. After spending hours trying everything, it was still there. Out of desperation, I called the Dell support hotline. After going through several people that I couldn't understand (I believe they were from across the ocean by the sound of it) they finally connected me back to a guy in the US.

He basically took over my PC under the safe networking system. He did everything by the book and nothing showed up. Right when he said I was fine and disconnected from my PC, the about:blank came up. He then believed me and spent over an hour trying to get rid of it. He finally had me do the "image restore", back to factory settings and default, by hitting F11. At least that's how I remember it. That was the only way to get rid of. My PC was immediately back to it's usual self.

But now, that doesn't seem to be working.
Link Posted: 2/16/2006 3:15:09 PM EDT
I would attempt to install and run both adaware and spybot as a first step. I would attempt manual removal as a second step, if necessary. Googleing about:blank should prove useful, if you decide to remove it manually. I'm sure somebody's done it.
Link Posted: 2/16/2006 3:18:49 PM EDT
Link Posted: 2/16/2006 3:18:56 PM EDT
After a quick google search, it looks like Spybot will nuke this. It's certainly worth a try. Other than that, there's a manual removal procedure here: www.securiteam.com/securityreviews/5RP0L0UD5U.html

Link Posted: 2/16/2006 3:20:28 PM EDT
I had that same hijacker a year ago, and NOTHING would fix it. I did a clean boot of my computer, and it was as good as new.
Link Posted: 2/16/2006 3:21:11 PM EDT

Originally Posted By tc6969:
JAVAMAN will be along shortly to tell you that this never would have happened if you had signed on with a user account.

Do a search, there is a manual way to remove it if the anti's dont work.



And he'd be wrong. Non-administrator accounts can certainly install browser toolbars, as well as download and execute malicous code. I've done it plenty of times for kicks in a VMware virtual machine.
Link Posted: 2/16/2006 4:42:20 PM EDT
[Last Edit: 2/16/2006 4:46:47 PM EDT by A_Free_Man]
The "about:blank" hijacker is a variant of the "Cool Web Search" thing. Get CWShredder and that will take care of it.

Merijn sold it to TrendMicro. Download (free) from any of these:

www.trendmicro.com/cwshredder/

www.spywareinfo.com/~merijn/downloads.html

www.intermute.com/spysubtract/cwshredder_download.html

This may also help

www.pchell.com/support/aboutblank.shtml

Often this comes in as a package of numerous problems... the Hijacker invites in a number of other trojans and spywares.

People who write this stuff should be tortured to death. At least.

Anyway, you may have to also run Adaware AND Spybot one after the other, CWShredder, HiJack This, reboot, and repeat several times before you get it all.

When you run into these problems remember you aren't the first. Do a search on it, and usually you will find numerous threads on fixing it.

Google "about blank hijacker" and see what you find.
Link Posted: 2/16/2006 5:07:33 PM EDT
tag
Link Posted: 2/16/2006 11:19:28 PM EDT

Originally Posted By tc6969:
JAVAMAN will be along shortly to tell you that this never would have happened if you had signed on with a user account.

Do a search, there is a manual way to remove it if the anti's dont work.


Achmed will be along shortly to tell you that this never would have happened if you had used Knoppix when connected to the internet.

www.knoppix.net/
Link Posted: 2/16/2006 11:20:03 PM EDT
This never would have happened if you had used Knoppix when connected to the internet.

www.knoppix.net/
Link Posted: 2/17/2006 4:50:00 AM EDT
xblock


removes alot of common malware. and clears your temp files.
Link Posted: 2/17/2006 5:14:07 AM EDT
[Last Edit: 2/17/2006 5:15:52 AM EDT by CS223]
Looks like it's a problem for you porn surfers, kinda like computer VD.
Link Posted: 2/17/2006 5:37:50 AM EDT
I would also look into one of those program products that monitor the computer system's registry, and give you the option of denying the virus the oppurtunity of update the regiserty, this is very important because it the virus can reinfect you computer if you deny it access to the registery.
Link Posted: 2/17/2006 5:40:07 AM EDT

Originally Posted By A_Free_Man:
The "about:blank" hijacker is a variant of the "Cool Web Search" thing. Get CWShredder and that will take care of it.

Merijn sold it to TrendMicro. Download (free) from any of these:

www.trendmicro.com/cwshredder/

www.spywareinfo.com/~merijn/downloads.html

www.intermute.com/spysubtract/cwshredder_download.html

This may also help

www.pchell.com/support/aboutblank.shtml

Often this comes in as a package of numerous problems... the Hijacker invites in a number of other trojans and spywares.

People who write this stuff should be tortured to death. At least.

Anyway, you may have to also run Adaware AND Spybot one after the other, CWShredder, HiJack This, reboot, and repeat several times before you get it all.

When you run into these problems remember you aren't the first. Do a search on it, and usually you will find numerous threads on fixing it.

Google "about blank hijacker" and see what you find.



+1
Link Posted: 2/17/2006 6:25:06 AM EDT
go to www.cnet.com and look for a free program called "hijack this" it is a great program and will fix you right up.
Link Posted: 2/17/2006 6:25:15 AM EDT
BTW, using these tools (CWShredder, Hijack This, etc) I HAVE successfully removed the about: blank trojan and other related problems from more than a few computers. And no, did not have to reformat the hard drive.
Link Posted: 2/17/2006 6:26:50 AM EDT

Originally Posted By Beltfedleadhead:
I had that same hijacker a year ago, and NOTHING would fix it.


Same here.
Link Posted: 2/17/2006 6:55:23 AM EDT

Originally Posted By A_Free_Man:
BTW, using these tools (CWShredder, Hijack This, etc) I HAVE successfully removed the about: blank trojan and other related problems from more than a few computers. And no, did not have to reformat the hard drive.



you haven't seen the computers i work with everyday.

you don't have the slighted idea on how problematic these malware are


Link Posted: 2/17/2006 7:09:30 AM EDT
One thing to make sure you do, is boot up in safe mode before you try to remove it with Spybot or Adware or whatever you plan on using.

It will just keep loading its self if you do not boot up in safe mode. I've had it before too and it can't be a pain to get rid of it, but it can be done.
Link Posted: 2/17/2006 10:48:38 AM EDT
A friends computer is infested with a nasty hijacker 0dl.com (that's zerodl.com. This thing pops up even if you are not online. I've Googled without success. Any Ideas?
Link Posted: 2/17/2006 10:52:44 AM EDT
google up rootkit. read up. then go commit suicide...

hijack this is a good tool. however its use is a bit arcane if you dont know what you are looking at..
Link Posted: 2/17/2006 10:56:33 AM EDT
I had success removing very persistent malware using ewido. It has a free 14 day trial. I was impressed enough to buy it.

As mentioned above, boot into safe mode when trying to remove these pests.
Link Posted: 2/17/2006 1:49:16 PM EDT

Originally Posted By tc6969:
JAVAMAN will be along shortly to tell you that this never would have happened if you had signed on with a user account.




You just saved me the trouble. How nice of you to take time out of your busy thread-locking schedule to post this.
Link Posted: 2/17/2006 3:10:46 PM EDT

Originally Posted By cruze5:

Originally Posted By A_Free_Man:
BTW, using these tools (CWShredder, Hijack This, etc) I HAVE successfully removed the about: blank trojan and other related problems from more than a few computers. And no, did not have to reformat the hard drive.



you haven't seen the computers i work with everyday.

you don't have the slighted idea on how problematic these malware are



Yes I do.

Which is why a mere death penalty for the purveyors of this crap is just not enough. They should suffer first.
Link Posted: 2/17/2006 8:47:31 PM EDT
Get rid of MacAfee as your firewall and get Zone Alarm Pro or something similar. I have never been impressed with the quality of MacAfee products.
Top Top