[Audrey]

Hi Everyone
I have the About Blank virus please help how do I get rid of it. Thanks . I have windows XP IE. Thanks. AVg does not remove it . Spybot did not detect it . Ad-aware did not find it ...........Help thanks..................

[rejean]

Hi Audrey! How were your vacations! You may want to try this

Quote

How to remove the about:blank virus

Have you been infected by the about:blank adware or spyware virus that takes control of your browser's home page? The about:blank adware / spyware can be removed with the top rated about blank removal program by QSA software. The about blank removal program removes hundreds of variants of spyware, adware, malware, as well as about:blank adware.

The symptom that identifies the about:blank home page hijacker is that it appears as the address, but in the background a window pops up stating that spyware, adware or something similar has been found on your system. The simplest way to remove the about:blank adware is to use a specially designed tool, named about blank remover and clean up your system of the about:blank spyware.

Remove about:blank home page hijacker by first scanning your system with an antivirus program. If nothing is detected or the problem persists download and run about blank remover program. ABOUT BLANK REMOVER is our best recommendation for effective about:blank removal because of its ability to remove a broad spectrum of malicious software. The about:blank home page problem can be caused by spyware, browser hijackers or even worms, all of which can be removed by ABOUT BLANK REMOVER.

Once about blank adware is removed, your system will return to normal.
What is about:blank?

The about:blank hijack is a pesky form of spyware or adware that refuses to let you change your home page.To fix this about:blank hijack infection, you need a removal tool, about blank remover to eliminate and get rid of the about:blank hijack of your browser.

about:blank hijack is a hard-to-kill hijacker. It comes back immediately or several hours later after removing its objects. It changes internet explorer home page to a 'about:blank', This is not a real blank page, but pointing to some commercial site or search engine site.

This problem can be caused by various means. If your browser always opens about:blank and you cannot change it permanently, then you may have a browser hijacker infection on your PC. Browser hijackers are programs that usually stealth install and change the web browser's default home page, effectively making you a virtual prisoner of a website. It may also install an unwanted toolbar on your web browser and/or spawn pop-up advertising. The owner of the browser hijacker earns revenue from the advertisements displayed on the infected PC.

The normal procedure to change the browser home page is quite straight forward. Click the browser's Tools > Internet Options and you are then given the option to change the home page. However, this function is useless or at best has only a temporary effect against browser hijackers.

The Love Letter Worm is another culperate for setting the default home page to about:blank. Worms and viruses are self-replicating programs that travel from computer to computer by various means. Both can be very destructive, but there are differences between them. Worms may replace files whereas viruses insert themselves into files. Pest Patrol also detects and removes the Love Letter Worm.

Why about: blank may be harmful to both you and your computer

Spyware and adware, like about:blank homepage hijacker, is software made by publishers that allow about:blank homepage hijackers to snoop on your browsing activity, invade your privacy, and flood you with those horrible popups, just like the like about:blank homepage hijacker. If you are like most users on the internet, chances are you are probably infected with these about:blank homepage applications. That is why QSA software. has designed our revolutionary product to rid your system of the like about:blank homepage hijacker and other forms of spyware.

You need the about:blank remover because spyware and sdware, also called "malware", are files made by publishers that allow them to snoop on your browsing activity, see what you purchase and send you"pop-up" ads. This is one reason to get the about:blank remover. Spyware can slow down your PC, cause it to crash, record your credit card numbers and worse. Yet, another reason to get the about:blank remover. If you're like most Internet users, chances are you're probably infected with these files and need the about:blank remover. Simply surfing the Internet, reading email, downloading music or other files can infect your PC without you knowing it.

I strongly suggest that you wait for others advices before doing so, however. I am using the spoofStick toolbar and it looks legit.

Attached image(s)

• 

[rejean]

Sorry Audrey!
I just realised you have to pay for it and a few more that I found. But Smokey or Kent (or others of course) may be able to help you with this:

How do I Remove the About:Blank homepage hijacker?

There are three basic proven methods that help remove this pesky hijacker, a manual one, one using vbscripts and an automatic one used by a spyware removal program.

MANUAL METHOD

The manual method of removing the About:Blank hijacker is probably the most difficult, since if it is not followed absolutely correctly it can return quickly. There are two programs that are needed to help with this removal. The first is HijackThis and the next is a registry program called Reglite.exe, this particular program for whatever reason seems to be able to find the hidden dll file without the hijacker trying to undo the work and attack the system again.

Once you've downloaded HijackThis and Reglite, open Registrar Lite and navigate to the following entry:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows

Look for the Key named AppInit_DLLs, the value in this key is the hidden dll file that is causing your problems. Write down the name of this file and think of it as the hidden.dll file

Secondly, use the Windows Recovery Console in Windows XP to rename the file.

    * Restart the computer in Recovery Console mode using the Windows XP or Windows 2000 CD or by the option show below
    * Type cd \windows\system32 and press Enter
    * Type the following line to remove the read-only characteristic, replacing hidden.dll with the name of the dll file found with RegLite

          ATTRIB -R hidden.dll

    * Rename the hidden.dll file by typing the following command (replacing the word hidden.dll with the actual filename)

         RENAME hidden.dll badfile.dll

    * Type Exit and press Enter to Reboot Windows

ALTERNATE ACCESS TO RECOVERY CONSOLE

If you have Internet access still, place your Windows XP or Windows 2000 CD in the Drive and cancel out of any autostart menus.
1) Log onto the Internet
2) Click on the Start button
3) Click on Run
4) Type the following in the RUN line and Press Enter

D:\I386\WINNT32.EXE  /CMDCONS

Make sure you use your CD Drive letter in place of the letter D above

5) The computer will start to install the Recovery Console and add it as a boot option.
6) Once installed, you'll be able to restart your computer and press F8 to start the Boot Menu. Press the ESC key and you should have the following option available to choose

MICROSOFT WINDOWS RECOVERY CONSOLE

7)  Choose your Windows Installation, usually by pressing 1 and pressing Enter.

You'll have to enter the Administrator password to gain access to the Windows Recovery Console. If you do not know your Administrator password, you may try the procedure to help with a bad or unknown Administrator password.

FIX FOR BAD OR UNKNOWN ADMINSTRATOR PASSWORD

1) In Windows, click on Start, Run, and Type REGEDIT
2) Click on the plus signs (+) next to the following keys

    * HKEY_LOCAL_MACHINE
    * SOFTWARE
    * MICROSOFT
    * WINDOWS NT
    * CURRENTVERSION
    * SETUP
    * RECOVERY CONSOLE

3) Double-click on the option SECURITYLEVEL in the right-hand column and change the Value Data number to 1 then press OK

4) Restart the computer in Recovery Console mode using the Windows XP or Windows 2000 CD

Next, Remove the hidden.dll file from the registry

    * Open RegLite.exe and navigate to the following registry key

      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs
    * Double-click on the AppInit_DLLs key, delete the name of the dll file in the Value Data field, Apply the Changes and click OK then Exit Registrar Lite.

Edit registry to remove the second file

Run HiJackThis and scan the registry. Check the boxes to remove the entries similar to the following:

R1 - HKCU\Software\Microsoft\InternetExplorer\Main,SearchBar=res://C:\WINDOWS\system32\xaiyh.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\xaiyh.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\xaiyh.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\xaiyh.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\xaiyh.dll/sp.html#29126
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\xaiyh.dll/sp.html#29126

The dll file shown in these lines (in this case its called xaiyh.dll) is the second problematic file in the about:blank hijack.

Open My Computer and choose Tools, then click on Folder Options, click on the View tab and under Advanced Setting, choose Show Hidden Files and Folders, then click on OK and close My Computer. In Windows XP/2000, you may also want to uncheck the options for "Hide extensions for known file types" and "hide protected operating system files". This will although you to easily find the dll files to delete them.

Lastly, search for and delete the hidden.dll file found through reglite.exe and this second dll file found using HijackThis.

    * Click Start, point to Find or Search, and then click Files or Folders.
    * Make sure that "Look in" is set to (C:\WINDOWS).
    * In the "Named" or "Search for..." box, type, or copy and paste, the name of the hidden.dll filename you found using Reglite.exe. This file was renamed badfile.dll in our procedure. Search for it and delete it, then repeat this step for the dll filename you found using Hijackthis.

This should completely clean your system of the About:Blank homepage hijacker.

VBSCRIPTS REMOVAL METHOD

A company called Silent Runners has come up with several Visual Basic Scripts used in conjunction with Registar Lite 2.0 to remove the About:Blank version of the CWS Cool Web Search hijacker. You can visit their website and read through the instructions by clicking on the following link:

http://www.silentrunners.org/sr_cwsremoval.html

[jram]

If you don't have it to bad, this might get rid of it..

CWSHredder................ If that doesn't work, and it probably won't(no such luck) Go here............ and get HJT and about buster, run HJT by hitting on run scan and save log, copy the log and paste it in the HJT logs only..DON'T run about buster yet.

[JohnT]

JR you are fast to respond. I was going to mention JR's response from another forum that had some info on it that looked good.



You can read some of the ways tried here
http://www.faqfarm.c...ter/Virus/19285 also a person I know had it,he got rid of it by running CWSHredder .. You can get that here..
http://www.radiosplace.com/ when it opens,from your desk top with no other windows open..hit fix..If that fails ,go here and run a scan.
http://www.pandasoft...n_principal.htm

[Smokey]

Hello Audrey, Sorry to hear that you have this virus because its not an easy one to get rid of.
First of all you should try to do a System Restore to see if you're lucky. Do you know when you got this virus? If you do try to do a restore, go back a few days before you think you were infected. If not, just try to go back 2 weeks.

Click Start >> All programs >> Accessories >> System tools >> System restore. The first window will look like this:





Tick ... restore my computer to an earlier time and click next.

In the next shot I outlined some of the highlighted dates that "system checkpoints" were made. Just click on the "back arrow" to go back to January and select a highlighted date.






Once you've made the selection click next. On the next window you will click next again to confirm your restoration. If the restoration fails try another date, but this time don't go so far back.

Good luck.... post back and we will go from there.

[DANO]

Hi Audrey. If your still having problems go here:

http://www.smartestc...?showtopic=3384

Go through the steps Dophar has lined out and if still infected post your Hijackthis log
here:

http://www.smartestc...hp?showforum=19

[Smokey]

Audrey,
These are all great suggestions but please try the System Restore option first. If you remove anything from your computer's configuration System Restore will no longer be an option.

The "About Blank" virus installs two malicious .dll files on you computer. One is visible and can be easily deleted. The other is hidden. The hidden .dll regenerates the viewable .dll if it is deleted or changed. The hidden file is the problem. It has the ability to change its name therefore most scans won't find it.

[Audrey]

Good Morning

I just checked in.What a great bunch you are I am so grateful for all your help. Now I going to read them all and get back to you. Again a million thanks .

Attached image(s)

• 

[Audrey]

Ok Thanks again to you all.
Here goes.
Smokey . I did systems restore but I think it happened last week I could not go back .
Here are some of my findings I think it is gone it no longer controls my home page.

I also ran cw shredder all is well there .

I ran Avg a few times and Ad-Aware and spybot. I posted some of the results.


Thanks again.

Attached image(s)

• 
• 
• 

[Smokey]

Audrey, on Feb 6 2005, 06:44 PM, said:

Ok Thanks again to you all.
Here goes.
Smokey . I did systems restore but I think it happened last week I could not go back .
Here are some of my findings I think it is gone it no longer controls my home page.

I also ran cw shredder all is well there .

I ran Avg a few times and Ad-Aware and spybot. I posted some of the results.
 

Thanks again.

<{POST_SNAPBACK}>

That sounds good Audrey, unfortunately I think it may return. In most cases a hidden registry key needs to be deleted to kill this virus.
CWShredder and Spybot are great programs. I find these essential to detect and remove files associated with About Blank but neither program offers a permanent solution in most cases.

[Audrey]

Hi Smokey

Any suggestions you have I will sure try. With deep appreciations.Let's go for it.
Thanks.There are a lot out there who will remove anything for a price.I have reg cleaner.Would that help?

Attached image(s)

• 

[Smokey]

Lets wait and see if it comes back first. Are you ok with making changes to your registry? For now you can run your registry cleaner.... it sure won't hurt anything.

Quote

There are a lot out there who will remove anything for a price.

Even the programs that cost a lot don't always remove what they say they will remove.

[jram]

There are different variants of about blank hijacker, some remove easier than others, I'd wait and see if your machine is running good, the real bad variant is real hard to get rid of, but there are tools for it...You might have had a easier one..

[Audrey]

Thanks ...............Things seem to be running smooth I have not noticed anything unusual. No email problems no folders problems . I sure will keep an eye on it. I ran reg cleaner .Things seem fine for now. Thank you. :thanks:

[Audrey]

Quote

Hi Audrey! How were your vacations

Bonjour Réjean. Thanks for asking it was very good. I will post some pictures later.