about:blank

AndersM · Sun 13/02/2005 01:21:32

does anyone know a freeware / free program tht removes about:blank from my computer (and a working link to it) ?

LGM · Sun 13/02/2005 02:48:13

Umm.. That's not something you "remove". It's a URL that browsers use to simply display a blank page. It's not spyware or adware or anything, unless your home page keeps changing to it. Then I don't know. Just use Spyware: S&D and Adaware and you'll be fine. You can find the links in the stickied Freeware thread.

Kweepa · Sun 13/02/2005 03:00:26

Actually there's a browser hijacker type thingy that resets the home page to about:blank every so often and puts up a crappy search page.

I don't have the problem so I can't recommend a solution...
It's probably safe to follow instructions on one of the big antivirus or antispyware forums.

LGM · Sun 13/02/2005 03:52:36

Yea. There's really no option for individual programs that remove one piece of spyware. The programs I listed earlier should wipe out any problems you have.

But remember, Google is your friend!!!

big brother · Sun 13/02/2005 04:52:43

http://www.spywareinfo.com/~merijn/downloads.html

This place is really helpful.

Peter Thomas · Sun 13/02/2005 05:28:17

Get a new computer.

Radiant · Sun 13/02/2005 09:24:53

Speaking of which, do try this link:

about:mozilla

(without the http)

Barbarian · Sun 13/02/2005 10:50:42

Yeah, it looks like you may have a variation of the "CoolWebSearch" spyware/trojan, in which it can be very difficult to remove this pest, but with the right tools and knowledge, it can be done:
http://cwshredder.net/cwshredder/cwschronicles.html#aboutblank

I suggest you download and run the free stand-alone utility of "CWShredder" which you can find on this page:
http://www.intermute.com/spysubtract/cwshredder_download.html

However, some versions of "CoolWebSearch" will force CWShredder and other anti-spyware programs to automatically close so you can't run them, if this is the case, then download and run this program first:
http://www.safer-networking.org/files/delcwssk.zip
which is a "CoolWWWSearch.SmartKiller removal tool", then after running it, you should be able to run the CWShredder program.

Additionally, you should consider getting these well-known, good (and they offer free version as well) spyware scanning and removal utilities:

SpyBot Search and Destroy:
http://www.safer-networking.org/en/download/index.html

and LavaSoft's AdAware: http://www.lavasoft.de/

Running an up-to-date Anti-Virus program and having a Firewall running should also be done as well. If you need links to some good and free AntiVirus programs and Firewalls, let me know and I can suggest some.

AndersM · Sun 13/02/2005 12:49:27

Thanx Barbarian, CWShredder vapourated it completly!

Barbarian · Sun 13/02/2005 13:07:54

Quote from: MrMasse on Sun 13/02/2005 12:49:27
Thanx Barbarian, CWShredder vapourated it completly!

Hey MrMasse, good to know that the CWShredder program did the trick for you.
Glad to be of help.
Best regards.

RickJ · Sun 13/02/2005 14:31:10

You may want to give the Firefox browser a try as well, if you havent already done so... mozilla.org

Akira · Sun 20/02/2005 19:54:15

Help me!!!
Everytime I open IE appears the about:blank page, and I can't change it. I put in here the HijackThis Log:

Logfile of HijackThis v1.98.2
Scan saved at 03:17:40 p.m., on 20/02/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\SYSTEM32.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\SYSTEM32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\SYSTEM32.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\ARCHIVOS DE PROGRAMA\THINKPAD\EASY LAUNCH BUTTONS\TPHKMGR.EXE
C:\WINDOWS\SYSTEM\DAEMON.EXE
C:\WINDOWS\LTSMMSG.EXE
C:\WINDOWS\SMCTRLW.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\SYSTEM32.EXE
C:\ARCHIVOS DE PROGRAMA\ARCHIVOS COMUNES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\SYSTEM32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\ARCHIVOS DE PROGRAMA\INCREDIMAIL\BIN\IMAPP.EXE
C:\MIS DOCUMENTOS\ELEAZAR\ARCHIVOS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://c:\WINDOWS\TEMP\se.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://c:\WINDOWS\TEMP\se.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = VÃnculos
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\ARCHIVOS DE PROGRAMA\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\archivos de programa\google\googletoolbar1.dll
O2 - BHO: (no name) - {5B887803-A1AA-4DD8-89C7-08E6FFAEF821} - C:\WINDOWS\SYSTEM\FPOO.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\archivos de programa\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [TPHOTKEY] C:\ARCHIV~1\THINKPAD\EASYLA~1\TPHKMGR.EXE
O4 - HKLM\..\Run: [TrackPointSrv] daemon.exe
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [Control Panel] smctrlw.exe
O4 - HKLM\..\Run: [LexStart] lexstart.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [System32] System32.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe" Ã,Â -osboot
O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [System32] System32.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Archivos de programa\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\RunOnce: [System32] System32.exe
O4 - Startup: Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\ARCHIV~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Google Search - res://c:\ARCHIVOS DE PROGRAMA\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: InstantÃ¡nea de cachÃ© de la pÃ¡gina - res://c:\ARCHIVOS DE PROGRAMA\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: PÃ¡ginas similares - res://c:\ARCHIVOS DE PROGRAMA\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: PÃ¡ginas vinculadas - res://c:\ARCHIVOS DE PROGRAMA\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Investigador - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O12 - Plugin for .spop: C:\ARCHIV~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {24311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O18 - Filter: text/html - {01F7732F-C3FE-466F-8CD1-D0F901751AA9} - C:\WINDOWS\SYSTEM\FPOO.DLL
O18 - Filter: text/plain - {01F7732F-C3FE-466F-8CD1-D0F901751AA9} - C:\WINDOWS\SYSTEM\FPOO.DLL

What files I have to delete???
Please anybody help me!!! Thanks

Las Naranjas · Sun 20/02/2005 21:12:53

at the risk of sounding like a anti-MS zealot, just stop using IE.

Chicky · Sun 20/02/2005 21:24:00

Some people are scared of change, others are just stupid.

Ishmael · Mon 21/02/2005 15:10:28

Quote from: Las Naranjas on Sun 20/02/2005 21:12:53just stop using IE.

Seconded.

I'd suggest giving a try on Maxthon browser. I have heard several stories of crashing Firefox's, but Maxthon has never gone down on me. It truly is what the hype says.

Federikazzo · Tue 22/02/2005 01:49:20

i had the same problem... and even lavasoft adaware had problems removing it!
the only way to avoid that crap is to find a dll file in the system32 folder. it's name should look strange (mine was called bcdbe.dll, my friend's dll was named fdxas.dll).
when you find it, rename it adding an underscore to it (i.e. _file.dll). it won't bug you anymore: TRUST ME!

then, start your favourite antispyware app and let it deepscan your system. (go to www.lavasoft.com and grab the free version of adaware: it works fine to me)

anyways, a good thing to do would be to migrate to firefox. less problems with spywares, and it really works good. use ie ONLY when you have to surf non-working pages.

Ishmael · Tue 22/02/2005 16:55:17

Quote from: Federikazzo on Tue 22/02/2005 01:49:20
anyways, a good thing to do would be to migrate to firefox. less problems with spywares, and it really works good. use ie ONLY when you have to surf non-working pages.

Use Maxthon and you will meet even less non-working pages ._.

PaulSC · Fri 25/03/2005 00:03:26

Sorry to drag this up, but I seem to have the same virus people are talking about here: IE opens with about:blanks, and every time I use explorer AVG finds an se.dll file that resurrects itself as soon as it's deleted. I've looked all over the internet for a solution, but I can't find one that works - every bad file I delete just comes right back.

But what I'm mainly interested in now are the odds of me spreading this virus to other PCs. See, I was planning to wipe my hard drive anyway, but I'm wary of shifting any of the countless files I want to keep onto another PC, just in case I end up infecting that one as well.

I've scanned all the files I want to take over, they seem to be clean, and I'm hoping that as it seems to be an internet based virus it has nothing to do with my files. but I'm still not 100% sure enough to actually do it.

Does anyone have any idea exactly how safe that process would be? Should a well prepared PC be able to detect anything I might inadvertantly take over?

If anyone can help me with this, it'd really be appreciated. And once I finally sort this out I promise never to use Internet Explorer again.

Barbarian · Fri 25/03/2005 00:22:30

Hi PaulSC.
Your computer may have been infected with a varient the "CoolWebSearch" hijacker. More specific details about this I gave in a previous post:
http://www.adventuregamestudio.co.uk/yabb/index.php?topic=19142.msg233566#msg233566

As some anti-virus programs may not see "CWSearch" as a "virus" per se, even though it often seems to certainly act like a virus in some ways, it becomes more classed as "Spyware or Browser Hijacker", therefore some anti-virus program don't pick-it-up or block it.

If you have tried everything you can to remove it, then formatting your hard drive and reinstalling windows should get rid of it, and your other programs/files/data you back up should be fine as this type of spyware/hijacker likes to mainly attack the "Windows" files and IE Browser, but tends not to bother files or programs outside of that scope.

Good luck, I hope you can get your system running clean again.
I know from experience it's a real hassle to reformat, reinstall Windows, reinstall drivers, programs, settings, etc.. all over again

But, yes, sometimes it comes down to doing just that.

PaulSC · Fri 25/03/2005 00:56:54

Thanks for the quick response, my good man!

I wasn't sure if the thing I have was the same one you were talking about, but now I'll definitely give those programs you linked to a go tommorrow. My PC is so clogged with junk after all these years that i'm planning to start afresh either way, like I said, but learning how to beat this thing wouldn't do me any harm at all.

And don't worry - I won't blame you if everything somehow goes all to hell.

about:blank

Akira