About:blank

Discussion in 'malware problems & news' started by milanomike, Jul 6, 2004.

Thread Status:
Not open for further replies.
  1. milanomike

    milanomike Registered Member

    Joined:
    Jul 6, 2004
    Posts:
    1
    I have about:blank and tried everything to get rid of it. I have not yet been able to figure out how to run Recovery Console, but it sounds like that is only a temporary solution.
    I then was guided to a site and downloaded TDS-3 from Diamond CS and did a full scan (the express scan which is the default did NOT find this Trojan, so you must use the "Full Scan" feature) of the system.....low and behold there it was:

    Positive identification (DLL): Trojan.Win32.StartPage.ix1 (dll)
    File: c:\windows\system32\jfiae.dll (which continues to change names when you remove them)


    The same TDS-3 program has a string extratractor and below the line underneath is the string for the jfiae.dll

    Maybe someone here can understand what this string does and help us all to get rid of about:blank

    For people interested in getting the TDS-3 download (it's free for 30 days)
    click on the link http://tds.diamondcs.com.au/index.php?page=download
    -------------------------------------------------------------------------------------

    8: !This program cannot be run in DOS mode.
    129: 7}O's
    207: !tRichs
    473: .text
    514: .rdata
    552: @.rsrc
    592: @.reloc
    1055: -ud=b
    1358: i{ZFq
    1419: 1(c"$
    1460: d{{H`L
    1632: y2;'`F
    2395: gYz~|
    2557: p>=;{
    3041: U$:>t
    3112: 3;?<-
    3434: /(.!%r
    3478: yE\eN
    3664: 'f4c$b
    3733: 9FtL.
    3768: z.<Y2
    3822: A'!5$
    4423: X8OD,fk
    4474: >md0^y
    4565: +7CA@
    5043: V=SbO
    5182: D[\hR#);Y
    5321: 2^z%F/
    5331: lrY)c
    5525: {e_I}
    5626: ~!t}wv
    5646: :l83v
    5969: Y[37;
    6511: t[Pqw!
    6530: d[Acnw}
    6636: Aoy4j
    6769: U+nYU
    6886: _l)n+
    7070: abcdefghijklmnopqrstuvwxyz-.0123456789
    7137: yWry
    7157: uZc/|
    7361: %u.%u.%u.%u
    7833: 0jr6
    7958: Mh+t}H
    8169: %%%02x
    8197: count.cc
    8245: (null)
    8253: (bad)
    8261: (float)
    8269: %08X-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X
    8321: (badptr)
    12171: YPh\r
    17389: t$ h
    18969: t:HHt
    20568: t(SWB
    21480: ] f;E
    21548: f9U s
    21925: E f9} s
    26865: WS2_32.dll
    26880: GetProcAddress
    26898: LoadLibraryA
    26914: WriteProcessMemory
    26936: GetCurrentProcess{
    26956: VirtualProtect
    26974: InterlockedIncrement
    26998: InterlockedDecrement
    27022: MoveFileExAd
    27036: MoveFileA|
    27047: DeleteFileA
    27062: SetFileAttributesA
    27084: WritePrivateProfileStringA
    27114: GetShortPathNameA
    27134: GetTickCount
    27149: FindClose
    27161: FindFirstFileA
    27180: GetSystemDirectoryA
    27202: GetWindowsDirectoryA
    27225: ExpandEnvironmentStringsA
    27253: CloseHandle
    27268: UnmapViewOfFile^
    27286: MapViewOfFileN
    27301: CreateFileMappingA
    27324: GetFileSizeM
    27337: CreateFileA
    27352: GetVersion
    27366: GetModuleFileNameA
    27387: DisableThreadLibraryCalls
    27416: GetTempPathA
    27432: WideCharToMultiByte
    27453: AreFileApisANSI
    27472: IsBadStringPtrA)
    27490: IsBadReadPtr
    27506: HeapAlloc
    27518: GetProcessHeap
    27536: HeapFree
    27548: HeapReAlloc
    27562: GetSystemTimeAsFileTime
    27588: ReadFile
    27600: WriteFileKERNEL32.dll
    27626: RegCloseKey
    27640: RegCreateKeyExA
    27658: RegOpenKeyExA
    27674: RegQueryValueExA
    27694: RegSetValueExA
    27712: RegEnumKeyExAADVAPI32.dll
    27742: UuidFromStringA
    27760: UuidCreate
    27771: RPCRT4.dll
    27785: SHDeleteKeyA
    27799: SHLWAPI.dll
    27905: m.dll
    27911: DllCanUnloadNow
    27927: DllGetClassObject
    27945: DllRegisterServer
    27963: DllUnregisterServer
    28273: GIF89a&
    28292: PPDRRFNNCMMBQQFMMCNND
    28343: AoZ`N
    28551: K<$jBl
    28558: 820/-,
    28569: -/028
    28579: 81,+(
    28598: (+,18
    28681: (/n8@@
    29193: \7`7d7h7l7p7t7x7|7
    29234: ?'?C?j?
    29276: 1(1R1m1
    29300: 3.3A3R3i3
    29316: 4!4<4C4U4[4j4}4
    29336: 4z5t6
    29344: 6N7p7w7
    29360: 8&8[8i8w8
    29374: 879g9z9
    29398: ;*;<;V;
    29424: <,<W<v<
    29440: =&=C=J=`=
    29464: ?$?>?i?x?
    29494: 0E0Y0
    29506: 0"1=1B1h1
    29526: 2&232Z2m2
    29546: 3*3=3T3a3
    29590: 5D6K6^6
    29630: 9 9&939n9
    29650: :!:':7:N:\:h:t:
    29684: ;<;k;~;
    29698: =N=y=
    29710: =B>m>u>
    29742: ?0?_?r?w?
    29772: 5=5F5
    29780: 5(6a6p6/7^7
    29794: 8+8:8
    29822: :,;;;^;l;
    29847: >3?B?H?T?Z?d?
    29882: 4 4|4
    29894: 4%595K5z5
    29910: 6F6Z6p6
    29922: 747:7D7^7i7o7
    29942: 7;8K8X8m8
    29960: 9K9P9
    29978: :/;?;
    30000: >3>A>Q>Z>
    30016: ?A?Q?c?q?
    30051: 0B1H1
    30097: 1 1$1(1,1014181<1@1D1H1L1P1T1
     
  2. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    milanomike,

    Please follow these instructions to the letter and post your log file over on that particular forum.

    regards.

    paul
     
Thread Status:
Not open for further replies.