About:Blank Removal

Discussion in 'privacy problems' started by Sage, Jul 14, 2004.

Thread Status:
Not open for further replies.
  1. Sage

    Sage Registered Member

    Joined:
    Jul 14, 2004
    Posts:
    3
    I found this on another forum and it has worked for me. *puppy*

    THIS IS IT!!! Here is how you fix this damn problem. I scratched my heads for weeks trying to fix my friend's computer and I finally figured it out...GO ME.
    Follow these instructions, then I'll explain how I dumbfoundedly stumbled into the solution.

    1) Forget all of your spyware/adware detectors and registry programs.
    2) Go here: hxxp://www.oz.msie.tv (link deactivated - LWM)
    3) Click on the uninstall software link and save the uninstaller to your desktop
    4) Run the uninstaller.
    5) Go to your internet options and reset the home page to whatever you want.
    6) Launch your internet explorer!!! You're done, it's as easy as that!!!

    Here's how I stumbled onto the fix...I tried my 3 favorite internet fixer programs (ad-aware, spy sweeper, and hijackthis). I ran and updated them time after time and removed things manually and automatically from the registry and other locations on the hard drive to no avail. I then launched Internet Explorer and let it take me to the crappy search page which conveniently would show the URL as about:blank. I was looking for an uninstaller listed on the main page and did not see anything. I then wanted to try to figure out just what in the hell the URL for this search page was. Using some common sense and keeping my fingers crossed, I just went ahead and entered in a search for "legos" in the search bar. BOOM! Up came my results preceeded with ~snip~ (the link above) ~snip~. I then just deleted all of the search result info from the URL bar so that the URL simply read ~snip~ (the link above) ~snip~. I hit enter and BAM! There was the link to uninstall that piece of crap. I downloaded and scanned with antivirus program. It was good to go so I ran it. Rebootted, then changed my home page back in internet options and launched internet explorer.

    PLEASE POST THIS EVERYWHERE YOU USE FORUMS!!!

    I struggled and researched this a million times and every time, after every removal process, I would reboot and get this damn about:blank search site even after all my scanning showed no threats/hijackers and task manager did not indicate any suspicious processes running either.

    I hope this helps EVERYONE with this stupid about:blank problem!
     
    Last edited by a moderator: Jul 14, 2004
  2. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Hi there Sage,
    you might like to post your Hijackthis log in the HJT forum for expert help to see if there is anything malicious left on your system which might have been overlooked till now? [thread]15913[/thread] for posting into that forum and get adequate help.
     
  3. Sage

    Sage Registered Member

    Joined:
    Jul 14, 2004
    Posts:
    3
    Actually it was on a friends machine and it has left his homepage alone
    so far.
     
  4. IMM

    IMM Spyware Fighter

    Joined:
    May 6, 2004
    Posts:
    351
    deleted to read - no comment
     
  5. Arnold

    Arnold Registered Member

    Joined:
    Jul 14, 2004
    Posts:
    2
    Sage, hello
    Before I click on the 'uninstaller', can you advise if it will NOT uninstall anything besides the 'hijacker of about blank'.
    I'm a little leerie of 'uninstallers' perse without knowing more about them.

    Also, the page it first brings you too, is the 'search' page from the hijacker.

    Hope you have experience enough to advise.

    Thanks
    Arnold
     
    Last edited by a moderator: Jul 14, 2004
  6. notlikely

    notlikely Guest

    I have also come across said uninstaller.Not directly from the malware vendors site-it is being hosted on a reputable ftp site,now (More fool them-hope they don't suffer terrible consequences)

    As an I.T.-savvy pal of mine phrased it:"Never use uninstallers from Criminals.It's like trusting burglars to lock your house after they've robbed you."

    If indeed it *is* capable of removing about:blank,I see no reason why it can't be decompiled/reversed engineered/whatever and re-released sans any hidden malicious payload it will definately harbour.
     
  7. Zonnie

    Zonnie Registered Member

    Joined:
    Apr 6, 2004
    Posts:
    27
    This installer worked for me.

    Like Sage I tried lots of removal tools with no success.

    I wish we knew more about the source of the code and the potential effects of the uninstaller. If indeed it can be reverse engineered, let us know.

    In the mean time, I think Sage earned an Spyware Wars Battlefield Promotion.
     
  8. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,874
    Location:
    New England
    We'll take a look at this and the site referenced to see if we can determine if it is safe or not. While some installers from unknown sources do work, or at least partially, there could very well be other problems with the site or unforseen problems with the uninstaller.

    At this point, it is not recommended by this forum to use that uninstaller or to go to that site. (We want to be very careful when such links are provided, because frankly you just never know!)
     
  9. Sage

    Sage Registered Member

    Joined:
    Jul 14, 2004
    Posts:
    3
    I opened it with note pad and didn't see anything that might be a problem,
    but I'm far from being an expert. If you think it may cause problems please
    delete this post.
     
  10. keellayer

    keellayer Registered Member

    Joined:
    Jul 17, 2004
    Posts:
    2
    Just want to say thankyou. about:blank is gone, very easy
    keellayer
     
  11. keellayer

    keellayer Registered Member

    Joined:
    Jul 17, 2004
    Posts:
    2
    Thanks to Sage about:blank is gone I'm very happy!

    keellayer
     
  12. Rita

    Rita Infrequent Poster

    Joined:
    Jun 28, 2004
    Posts:
    6,863
    Location:
    wilds of wv
    hi imm
    is about blank pop up ads or what exactlyo_O

    thanks
    Rita
     
  13. Cathy1979

    Cathy1979 Guest

    I have been trying for months to remove about:blank. Nothing worked until today. Thanks SAGE!
     
  14. IMM

    IMM Spyware Fighter

    Joined:
    May 6, 2004
    Posts:
    351
    It's more about I posted to the wrong thread - too many open at once :)
     
  15. polak

    polak Registered Member

    Joined:
    Sep 1, 2003
    Posts:
    38
    Location:
    Canada
    LowWaterMark,

    Has the site and the uninstaller been tested to be safe.

    Thanks
     
  16. Ack!

    Ack! Registered Member

    Joined:
    Jul 11, 2004
    Posts:
    3
    Yes...Please check into this!
    Has it been tested?
    Is it safe?
    Where would it be safe to get it, & execute this pest?
    Really, no offense intended to anyone, but...
    I only want to hear from a mod, or trusted advisor on this.
    Have bookmarked this page.
    Thankyou. Keep up the great work all! :)
     
  17. snapdragin

    snapdragin Administrator

    Joined:
    Feb 16, 2002
    Posts:
    8,415
    Location:
    Southern Ont., Canada
    To the best of my knowledge, none of the Spyware Experts or Trusted Advisors are using or recommending that site in any of the logs they are working on.

    The safest recommendation I can give is to go to one of the known Anti-spyware forums and follow the instructions given by trusted Experts.

    You can find a list of anti-spyware forums here: http://a-sap.org/

    Regards,

    snap
     
  18. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Hi Rita, it is a mongrel piece of software developed by a team of russians that hijacks your Internet home page and is extreamly hard to remove, it is like a virus, it comes down in 2 parts, when you try to remove it, it replicates itself...

    In order to keep it off your system you should install and keep up dated:

    Spyware Guard
    Spyware Blaster
    Spybot Search & Destroy
    AdAware

    As well;
    Keep your Windows up-to-date
    Keep MS Office up-to-date
    Use an Anti-virus program
    Use a Firewall
    Use an alternative web-browser, such as Mozilla Firefox
    Use something like System Safety Monitor

    These should keep your system fairly safe and secure, just like a little fortress ;)

    Hope this helps...

    Cheers :D
     
  19. snapdragin

    snapdragin Administrator

    Joined:
    Feb 16, 2002
    Posts:
    8,415
    Location:
    Southern Ont., Canada
    Hi Ritaann,

    To add to Blackspear's post, about:blank is another variant of the CWS trojan (one of the more difficult variants to remove). You can read more about the many variants of CWS in Merijn's The CoolWebSearch Chronicles.

    Because it can be so difficult to remove, that is why we recommend you get the guided help from the Experts that have the best experience in manual removal of this type of malware.

    Regards,

    snap
     
  20. Thanks Sage, like ive had some easy removal B4
    But that was to easy
    Thanks again dude u did well to find it
     
  21. El Dudereno

    El Dudereno Guest

    I took a more drastic approach in getting rid of this pest. I went into the registry and edited the homepage to Google (MY choice!) in both Local Machine and Current User. Then I removed ALL permissions to that registry branch - including system. I just made sure that the Everyone group had read access.

    That's it.
     
  22. Ageman20XX

    Ageman20XX Guest

    Hi, yeah, I sorta used that little uninstall program up at the top, and now, a day later, my homepage is back to about:blank. Is it possible that I seriously screwed up when using this little executable and now I'm screwed big time 'cause it's really a virus or something?

    -Age
     
  23. Rich1210

    Rich1210 Guest

    I've had this problem for two months and tried all these suggestions and dloaded a ton of programs. In the end you know what worked? Rebooting in SAFE MODE and sweeping with ADAWARE. ADAWARE always removed it, but it keep coming back, only when I did it in SAFE MODE did it work. Two days now and no regeneration. Try it, much simpler.
     
  24. Rich1210

    Rich1210 Guest

    Completely worked, give it a try.
     
Loading...
Thread Status:
Not open for further replies.