OT: about:blank homepage hijacker..

[Karibu]

This problem can be solved by modifying Windows registry. Check out following path:

HKEY_LOCAL_MACHINE -> SOFTWARE -> Microsoft -> Windows -> Current Version -> Run.

On Run -folder you find every program which are started during windows startup. You should check it for programs you don't know and delete those keys. However, when modifying register, you have to know what you do, for deleting wrong keys can and will screw up your OS. However, it is fairly safe to modify keys in this Run -folder.

Oh, you can start registry editor by Start -> Run and write there regedt32.

[Sivran]

It's most likely CWS. Get CWShredder here: http://www.majorgeeks.com/download4086.html

And if you *must* use IE, visit this page: http://sivran.netfirms.com/IE.html

Follow the instructions, get TrustSetter, SpywareBLaster, Spywareguard, and ScriptSentry from the links provided. It's all free, and your IE browsing will be safer for it.

As others have said, and as CERT and the US Government have strongly suggested, you should switch to an alternative browser.

Edit: If CWShredder fails to clean it up (and if it is CWS, even CWShredder might fail. Some variants of CWS are very nasty), visit http://www.dslreports.com/faq/8428 - If you've followed those steps, and still you have problems, make a post here: http://www.dslreports.com/forum/security and someone will help you.

[ July 04, 2004, 18:41: Message edited by: Sivran ]

[David E. Gervais]

FYI: I'm not a newb when it comes to compters. I did all the rededit, cwshredder etc, etc. whe the instructions say to boot in safe mode, I prefer to boot in DOS and delete the 'suspicious' files that way. I'm an old DOS school person.

It's deeper than this. When I launch my homepage with a shortcut, I check the internet settings and there is no sign of about:blank. I clean the registry and there are no instances of about:blank (I changed them all to point to the shrapnel forums login page.) When I launch IE the regular way that has it load the 'default' homepage,.. about:blank gets installed again.

as for the 'run' thing, I have nothing running in the background. That is a pet peve with me. it's the first thing I make a point to do. turn off all those useless 'boot at startup' things that you can simply acces when needed and are not needed to be running all the time.

even turning off and removing all these references to boot-up programs there are still more 'Processes' running than suits my fancy. but I don't know what processes are 'safe' to turn off.

Windows is a 'processing pig' there are too many things running that rarely get used in any of my normal sessions on my computer. One good example is the nVidia nvcpl that allways seems to manage to be running in the background. it basically is there if I want to activate the dual-display thing. I only have the one monitor so it's a useless waste of resources. e-mail to nVidia asking how to turn it off came back negative. they basically say turn off the 'nview' function in the display propeties but it is already 'Off'. So why does this boot at startup if it is not used? beats me. I even deleted the nvcpl.dll and it still managed to get back in the system.

No! it's not a virus, I have scanned my system and it comes out clean as a whistle. and this app does not seem to have adverse effects on my comp, it's just annoying that it boots and is not needed.

anyway, enough babbling, Cheers!

Edit: I'm now using Mozilla. I'll give it a good test run and see if everything stays this way.

[ July 04, 2004, 21:07: Message edited by: David E. Gervais ]

[Karibu]

Okay, this seems to be tough case. I would have bet it was something in your Run -folder in Registry. Though, once there was one exe, which would install the virus every time I booted my computer. The situation was so, that merely deleting the virus itself diidn't solve the problem, but finding out which was the virus' installation executalbe, deleting it and removing its key from Run -folder in registry.

However, you said there is nothing in your Run -folder, so this is to no help. However, I put here a link to one thread in computer discussion group (its in finnish), but you can see the links in this particular thread, and can follow them. Take a look, there propably is some programs you haven't tried yet. How to get rid of banners, pop ups, etc.

[David E. Gervais]

I just checked my e-mail through MS Messenger and it launches IE instead of Mozilla. Guess what? I get a pop-up every time I go to a new page. Know what it is? An ad/warning that I have 'Spyware' on my computer. "Click OK to scan my system for free". I may well be a bit paranoid, but does this not seem to support my theory that it is the 'Spyware Removal" companies that have infected my computer? and in order to remove their spyware I have to 'Pay!' for their software? It's kind of like they shot themselves in the foot, how esle would they know if I had spyware on my system unless they themselves 'Spied' on my system to find out.

If I had the resources I'd sue the pants off the dasterdly spyware companies that are spreading this nasty virus in order to promote sales of their product.

Well, in a few days, I'll do the old Format and re-install of windows and then I'll know my system is clean. (then using Mozilla might help fend off the nasty buggers for a bit longer than IE) BTW, IMHO thise spyware/hijackers are worse than viruses.

Oh well, such is life, it seems that we do indeed live in 'Interesting times'

Cheers!

[ July 05, 2004, 12:00: Message edited by: David E. Gervais ]

[David E. Gervais]

Quote:

Originally posted by Karibu:
Okay, this seems to be tough case. I would have bet it was something in your Run -folder in Registry. Though, once there was one exe, which would install the virus every time I booted my computer. The situation was so, that merely deleting the virus itself diidn't solve the problem, but finding out which was the virus' installation executalbe, deleting it and removing its key from Run -folder in registry.

However, you said there is nothing in your Run -folder, so this is to no help. However, I put here a link to one thread in computer discussion group (its in finnish), but you can see the links in this particular thread, and can follow them. Take a look, there propably is some programs you haven't tried yet. How to get rid of banners, pop ups, etc.

I have already tried most of the removal programs listed on that page. I even did a search on google and found 'replies' on other forums that detail the process of how to remove the offending hijacker. the system does not seem to want to be purged of the hijacker. I have a 'Boot-CD' anti virus software (Kaperski) that has a virus database that was updated on june 14, 2004. When I do a deep scan of my system (it takes about 1 hour) the anti-virus software reports no viruses found.

Just because I was paranoid, I installed Avast and scanned with it, no virus found with avast. So, I'm pretty sure that my system is virus free, but this hijacker thing obviously can not be detected and removed by the anti-virus software. and the spyware removal programs do find it but are unable to remove it. So why should I believe that if I 'Purchase' (aka register) the spyware removal program it will all of a sudden gain the capability to remove the hijacker. Like I said, I think it's an evil plot by the spyware removal companies to promote sales. And it's not a 'Fear-tactic' campaign, they are simply using an "IN YOUR FACE" bug you to death tactic.

I really hope bill gate's computer get's infected by this piece of **** and he sues them to death.

[/babble mode off]

Cheers!

[psimancer]

ok couple of things
to mention thgat you have probably already tried

one absolutly free ad remover program removes ads spyware etc and havs never done a pop[up on me

go to Ad-aware select the standard Version its free as a bird and truthfully i forgot it was on my machine for the Last 6 months since it doesnt remind me course as a free Version its totally manual not an auto runner not a continous shield or any of that

two check the left hand menu items for plugins and in plugins go to the vx2 page something there about a win nt/2k/xp thats EXtTREMLY diffucult to kill and they have a fix for it for free