Removing about: blank
March 16, 2005 8:57 AM Subscribe
My computer has been jacked by the about: blank bug.
I have run Hijack This and removed the offending sites but apparently this one automatically regenerates. Anyone have an idea how to remove this? I have Windows ME (please don't laugh-it was on sale).
I have run Hijack This and removed the offending sites but apparently this one automatically regenerates. Anyone have an idea how to remove this? I have Windows ME (please don't laugh-it was on sale).
1. Get Ad-Aware SE Personal (free download.)
2. Run it. It will show you a logfile. Copy the logfile and paste to the Ad-Aware foums.
3. A volunteer will respond to you telling you to download About:Buster. They will also tell you what ELSE to do to eradicate this malicious and persistent pest from your machine. That's why you should go to Ad-Aware first, not just About:Buster.
4. Use Firefox from now on as much as possible.
That's how I got rid of it. Be warned, it is one of the hardest pieces of adware filth to eradicate. Expect to do the separate tasks to get rid of About over the course of several days.
posted by Miko at 9:03 AM on March 16, 2005
2. Run it. It will show you a logfile. Copy the logfile and paste to the Ad-Aware foums.
3. A volunteer will respond to you telling you to download About:Buster. They will also tell you what ELSE to do to eradicate this malicious and persistent pest from your machine. That's why you should go to Ad-Aware first, not just About:Buster.
4. Use Firefox from now on as much as possible.
That's how I got rid of it. Be warned, it is one of the hardest pieces of adware filth to eradicate. Expect to do the separate tasks to get rid of About over the course of several days.
posted by Miko at 9:03 AM on March 16, 2005
I have found that this combination of (free) tools is particularly effective:
1. Sanitize your machine with SpyBot Search and Destroy. Download the app, update it to the current version then scan and fix all problems. Use it to immunize yourself against future potential IE problems.
2. Sanitize your machine with LavaSoft Ad-Aware. Again, download the app, update it to the current version then scan and fix all problems.
3. Sanitize your machine (again) with GriSoft AVG. Guess what... download the app, update it to the current version then scan and fix all problems. Also, activate the resident shield that is a part of this program.
4. From now on, only use FireFox to surf the web.
These apps are all free and have proved extremely potent at keeping virii off my machine, and they're also easy to keep updated. I have had no such problems since installing these apps.
As an aside, the first time I scanned my machine I found that 1/3 of all the files on the machine were viral... :( That's 22000 files out of 60000 that were eeeeevil.
posted by gaby at 9:30 AM on March 16, 2005
1. Sanitize your machine with SpyBot Search and Destroy. Download the app, update it to the current version then scan and fix all problems. Use it to immunize yourself against future potential IE problems.
2. Sanitize your machine with LavaSoft Ad-Aware. Again, download the app, update it to the current version then scan and fix all problems.
3. Sanitize your machine (again) with GriSoft AVG. Guess what... download the app, update it to the current version then scan and fix all problems. Also, activate the resident shield that is a part of this program.
4. From now on, only use FireFox to surf the web.
These apps are all free and have proved extremely potent at keeping virii off my machine, and they're also easy to keep updated. I have had no such problems since installing these apps.
As an aside, the first time I scanned my machine I found that 1/3 of all the files on the machine were viral... :( That's 22000 files out of 60000 that were eeeeevil.
posted by gaby at 9:30 AM on March 16, 2005
I used HijackThis! to get the printout (seems to be what most folks ask for for analysis online). Ad-aware+spybot+MSAntiSpyware did not do the trick for me, so I ended up searching for the site it was trying to get to, and that led me to a fix (safe mode, deleting files). I did have about:blank (I forget if Spybot cleaned it or I did), but there was one pernicious one that nothing got that had to be done manually (it started with a P, and the name escapes me).
Boy, I felt stupid for clicking "yes". I was in a hurry, and "slipped".
posted by RikiTikiTavi at 9:34 AM on March 16, 2005
Boy, I felt stupid for clicking "yes". I was in a hurry, and "slipped".
posted by RikiTikiTavi at 9:34 AM on March 16, 2005
Just to dovetail with the excellent comments above, I will say that I could not control the spyware scourge on my own machine under IE, and I am a programmer! Using IE is setting yourself up for failure. Get Firefox.
posted by rolypolyman at 9:35 AM on March 16, 2005
posted by rolypolyman at 9:35 AM on March 16, 2005
What they said!
I had been running AdAware and SpyBot faithfully, but still could not manage to eradicate all the problems. And there were many!
I went to http://www.spywareinfo.com/, they helped me clear up everything. It took several rounds of checking, fixing, downloading updates/applications, etc. But finally, I'm free of all problems. And, to reiterate, switch to Firefox.
Good luck!
posted by ObscureReferenceMan at 9:37 AM on March 16, 2005
I had been running AdAware and SpyBot faithfully, but still could not manage to eradicate all the problems. And there were many!
I went to http://www.spywareinfo.com/, they helped me clear up everything. It took several rounds of checking, fixing, downloading updates/applications, etc. But finally, I'm free of all problems. And, to reiterate, switch to Firefox.
Good luck!
posted by ObscureReferenceMan at 9:37 AM on March 16, 2005
When I got the about: blank hijack about a year ago, I spent weeks battling it (it kept coming back). I ended up formatting the machine and reinstalling everything, a four-day process in my spare time. The next week a friend reinfected my machine for me. That desktop is now sitting in a closet collecting dust. I now use a new laptop, and yes, firefox.
posted by Jonasio at 9:50 AM on March 16, 2005
posted by Jonasio at 9:50 AM on March 16, 2005
its been said before, but what you actually need is CWShredder . these other products can help with most other stuff, but if i'm right, CWShredder handles this one the best.
posted by alkupe at 10:20 AM on March 16, 2005
posted by alkupe at 10:20 AM on March 16, 2005
CWS doesn't eradicate About:Blank very well. It eradicates CoolWebSearch. CWShredder will remove some files but About will rebuild every time. About is the one that is connected to files named "Home Search Assistent" and "HAS". As I noted above, there is a custom cleaner for it called AboutBuster.
posted by Miko at 10:33 AM on March 16, 2005
posted by Miko at 10:33 AM on March 16, 2005
I've had this, and it's an absolute pain to remove. CWS Shredder, Ad aware and every other anti-spyware software failed. The spyware creates a hidden (like - really hidden) file which regenerates the spyware. Follow the manual instructions at pchell to get rid of it...
The process is as follows....
use reglite to find out the AppInit_DLLs value of the respawner DLL
Remove the obvious signs of infection using Hijack This, or whatever.
Reboot the PC from the Installation CD
attrib -h, attrib -r the file from AppInit_DLLs
delete this file
reboot the PC
remove the APPInit_DLLs value using reglite.
Things I learnt.
1) You have to follow the instructions given at PC Hell EXACTLY.
2) You have to have the original Windows Install CD to be able to remove it.
3) When they say use reglite - They mean USE reglite. The spyware hides itself from other registry editors.
Good Luck.
posted by seanyboy at 10:45 AM on March 16, 2005
The process is as follows....
use reglite to find out the AppInit_DLLs value of the respawner DLL
Remove the obvious signs of infection using Hijack This, or whatever.
Reboot the PC from the Installation CD
attrib -h, attrib -r the file from AppInit_DLLs
delete this file
reboot the PC
remove the APPInit_DLLs value using reglite.
Things I learnt.
1) You have to follow the instructions given at PC Hell EXACTLY.
2) You have to have the original Windows Install CD to be able to remove it.
3) When they say use reglite - They mean USE reglite. The spyware hides itself from other registry editors.
Good Luck.
posted by seanyboy at 10:45 AM on March 16, 2005
What gaby said. Also, you should add the ZoneAlarm firewall to the mix.
posted by deborah at 11:35 AM on March 16, 2005
posted by deborah at 11:35 AM on March 16, 2005
Seanyboy, now you've got me scared. How would I know I have it? I use microsoft antispy beta, spybot, adaware, avg and ewido security suite. Would those catch it, if not kill it?
posted by atchafalaya at 5:19 PM on March 16, 2005
posted by atchafalaya at 5:19 PM on March 16, 2005
I just cleaned that off my dad's laptop. It was the second time he got it. The first time, Hijack This was all I needed to get rid of it. The second time, HT did nothing, About:Buster did nothing, but CWShredder did the trick. So really, this is a case where you'll probably have to try all the advice given here until you find something that works for you. Start with CWShredder, I'd say, and work your way up.
Atchafalaya, you'd know if you had it because your browser's homepage would be changed to about:blank.
posted by Ruki at 6:00 PM on March 16, 2005
Atchafalaya, you'd know if you had it because your browser's homepage would be changed to about:blank.
posted by Ruki at 6:00 PM on March 16, 2005
Thanks, I feel better.
posted by atchafalaya at 6:06 PM on March 16, 2005
posted by atchafalaya at 6:06 PM on March 16, 2005
Response by poster: I have tried the Hijack This route and it comes back immediately. My Ad-Aware had the same thing happen to it. Sadly, Zone Alarm wasn't on. I am going to try every single one of these suggestions and then weep, either with happiness or sadness.
posted by DeepFriedTwinkies at 6:49 PM on March 16, 2005
posted by DeepFriedTwinkies at 6:49 PM on March 16, 2005
Ive had a lot of problems with ZoneAlarm and would reccomend Sygate firewall instead (also free).
posted by sophist at 10:28 PM on March 16, 2005
posted by sophist at 10:28 PM on March 16, 2005
This thread is closed to new comments.
posted by jepler at 9:02 AM on March 16, 2005