Hi Guys,

I have a 4700 Dell system that is just over a year old. It has Windows XP Home Edition and McAfee Security (VirusScan, Personal Firewall Plus, Privacy Service, Spamkiller).

The PC has been infected with a web highjacker called about:blank. It piggybacks itself behind my usual web browser and slows everything down. When you click to go to a web sight, it bounces it back and forth to another advertising sight before it goes to the sight I want. You can watch the address as it does this.

I had it before a few months back and the only way I was able to get rid of it was to do a "image restore." I thought I had remembered how to do this by powering up the PC and hitting the F11 button right after the DELL icon show up. This then would show me a screen to proceed with restoring my computer back to where it was when I first turned it on. Brand new out of the box.

As I'm sure you all know, Windows XP has a feature called restore that takes you back several months to a place that was saved in time, or you can set a date yourself. I tried this the first time I got about:blank and it was a no go. Like I said, I had to do a "image restore" that basically puts your system back to where it was when I bought it, straight from the factory.

I would greatly appreciate any info on how to do this again. Unfortunately for some reason it's not working this time. Also, I would really appreciate info on how not to get this piece of crab nuisance again. I took every precaution and kept my security updated. I'm not sure how I got it again.

I have DSL, but now I might as well have dial up because I'm creeping along!!!!!!

Thank you in advance for your help.


Edit: I just wanted to add that I did search all of the sights and downloaded Spybot, Adaware, and several others. After spending hours trying everything, it was still there. Out of desperation, I called the Dell support hotline. After going through several people that I couldn't understand (I believe they were from across the ocean by the sound of it) they finally connected me back to a guy in the US.

He basically took over my PC under the safe networking system. He did everything by the book and nothing showed up. Right when he said I was fine and disconnected from my PC, the about:blank came up. He then believed me and spent over an hour trying to get rid of it. He finally had me do the "image restore", back to factory settings and default, by hitting F11. At least that's how I remember it. That was the only way to get rid of. My PC was immediately back to it's usual self.

But now, that doesn't seem to be working.

I would attempt to install and run both adaware and spybot as a first step. I would attempt manual removal as a second step, if necessary. Googleing about:blank should prove useful, if you decide to remove it manually. I'm sure somebody's done it.

After a quick google search, it looks like Spybot will nuke this. It's certainly worth a try. Other than that, there's a manual removal procedure here: www.securiteam.com/securityreviews/5RP0L0UD5U.html

I had that same hijacker a year ago, and NOTHING would fix it. I did a clean boot of my computer, and it was as good as new.

Quoted: JAVAMAN will be along shortly to tell you that this never would have happened if you had signed on with a user account. Do a search, there is a manual way to remove it if the anti's dont work.

And he'd be wrong. Non-administrator accounts can certainly install browser toolbars, as well as download and execute malicous code. I've done it plenty of times for kicks in a VMware virtual machine.

The "about:blank" hijacker is a variant of the "Cool Web Search" thing.  Get CWShredder and that will take care of it.

Merijn sold it to TrendMicro. Download (free) from any of these:

www.trendmicro.com/cwshredder/

www.spywareinfo.com/~merijn/downloads.html

www.intermute.com/spysubtract/cwshredder_download.html

This may also help

www.pchell.com/support/aboutblank.shtml

Often this comes in as a package of numerous problems... the Hijacker invites in a number of other trojans and spywares.

People who write this stuff should be tortured to death.  At least.

Anyway, you may have to also run Adaware AND Spybot one after the other, CWShredder, HiJack This, reboot, and repeat several times before you get it all.

When you run into these problems remember you aren't the first.  Do a search on it, and usually you will find numerous threads on fixing it.

Google "about blank hijacker" and see what you find.

tag

Quoted: JAVAMAN will be along shortly to tell you that this never would have happened if you had signed on with a user account. Do a search, there is a manual way to remove it if the anti's dont work.

Achmed will be along shortly to tell you that this never would have happened if you had used Knoppix when connected to the internet.

www.knoppix.net/

This never would have happened if you had used Knoppix when connected to the internet.

www.knoppix.net/

xblock


removes alot of common malware.  and clears your temp files.  

Looks like it's a problem for you porn surfers, kinda like computer VD.

I would also look into one of those program products that monitor the computer system's registry, and give you the option of denying the virus the oppurtunity of update the regiserty, this is very important because it  the virus can reinfect you computer if you deny it access to the registery.

Quoted: The "about:blank" hijacker is a variant of the "Cool Web Search" thing.  Get CWShredder and that will take care of it. Merijn sold it to TrendMicro. Download (free) from any of these: www.trendmicro.com/cwshredder/ www.spywareinfo.com/~merijn/downloads.html www.intermute.com/spysubtract/cwshredder_download.html This may also help www.pchell.com/support/aboutblank.shtml Often this comes in as a package of numerous problems... the Hijacker invites in a number of other trojans and spywares. People who write this stuff should be tortured to death.  At least. Anyway, you may have to also run Adaware AND Spybot one after the other, CWShredder, HiJack This, reboot, and repeat several times before you get it all. When you run into these problems remember you aren't the first.  Do a search on it, and usually you will find numerous threads on fixing it. Google "about blank hijacker" and see what you find.

+1

go to www.cnet.com and look for a free program called "hijack this" it is a great program and will fix you right up.

BTW, using these tools (CWShredder, Hijack This, etc) I HAVE successfully removed the about: blank trojan and other related problems from more than a few computers.  And no, did not have to reformat the hard drive.

Quoted: I had that same hijacker a year ago, and NOTHING would fix it.

Same here.

Quoted: BTW, using these tools (CWShredder, Hijack This, etc) I HAVE successfully removed the about: blank trojan and other related problems from more than a few computers.  And no, did not have to reformat the hard drive.

you haven't seen the computers i work with everyday.    

you don't have the slighted idea on how problematic these malware are

One thing to make sure you do, is boot up in safe mode before you try to remove it with Spybot or Adware or whatever you plan on using.

It will just keep loading its self if you do not boot up in safe mode. I've had it before too and it can't be a pain to get rid of it, but it can be done.

A friends computer is infested with a nasty hijacker 0dl.com (that's zerodl.com. This thing pops up even if you are not online. I've Googled without success.  Any Ideas?

google up rootkit. read up. then go commit suicide...

hijack this is a good tool. however its use is a bit arcane if you dont know what you are looking at..

I had success removing very persistent malware using ewido. It has a free 14 day trial. I was impressed enough to buy it.

As mentioned above, boot into safe mode when trying to remove these pests.

Quoted: JAVAMAN will be along shortly to tell you that this never would have happened if you had signed on with a user account.

You just saved me the trouble.  How nice of you to take time out of your busy thread-locking schedule to post this.

Quoted: Quoted: BTW, using these tools (CWShredder, Hijack This, etc) I HAVE successfully removed the about: blank trojan and other related problems from more than a few computers.  And no, did not have to reformat the hard drive. you haven't seen the computers i work with everyday.     you don't have the slighted idea on how problematic these malware are

Yes I do.

Which is why a mere death penalty for the purveyors of this crap is just not enough.  They should suffer first.

Get rid of MacAfee as your firewall and get Zone Alarm Pro or something similar.  I have never been impressed with the quality of MacAfee products.