|
OT: about:blank homepage hijacker..
Hello, people
I got hit again by the 'IMPOSSIBLE' to remove hompage hijacker that set my home page to about:blank. But after all attempts to remove it, I thought of a simple solution.. I went to may Favorites folder and created a shortcut (sent to desktop) of the link I want to be and normally is my homepage. (the shrapnel forums login page.) I then deleted the quick-launch icon for IE and replaced it with the shortcut to the shrapnel forums login page. What is the diff? well, IE only uses the 'homepage' when no paramiters are given to it when launched. (the default settings) and therefore the about:blank keeps replacing any homepage I set. By telling IE where to go when it is alunched, I no longer goto (or use) the 'homepage option' so for all intensive purposes the about:blank hijacker no longer gets launched and is bypassed alltogeather. Just thought I'd share this genius solution with any of you that have run into this nasty highjacker. Cheers! http://forum.shrapnelgames.com/images/icons/icon10.gif FYI: running Spybot Search & Destroy, AdAware and HijackThis, dit not succede in removing the about:blank hijacker. even booting in safe mode and deleting 'suspect' .exe's listed in the hijack log file did not fix the problem. Since the only bad thing about this hijacker seems to be the outright theft of your homepage and pointing it to ads for downloading spyware removal programs. I think it's all a conspiracy of these 'removal' program companies to scare you into purchasing their product. I find it very strange that a 'removal' program can detect the hijacker, but is not able to remove it. If you can't remove it, then what is the use of telling me I have it? [/babble mode off] [ July 04, 2004, 16:17: Message edited by: David E. Gervais ] |
Re: OT: about:blank homepage hijacker..
Or better yet, don't use Internet Explorer.
http://forum.shrapnelgames.com/images/icons/icon10.gif Grab youself a copy of Mozilla, David, before IE causes your computer to catch on fire and burn your house down. And if you don't believe that, just wait! With all the problems and holes IE has, it's just a matter of time before some hacker can turn IE into a modern day 'Philadelphia Experiment'. http://forum.shrapnelgames.com/images/icons/icon12.gif |
Re: OT: about:blank homepage hijacker..
Quote:
|
Re: OT: about:blank homepage hijacker..
Mozilla downloaded, installed, and now running. Looks good so far. Thanks for the suggestion.
But for you IE diehard fanatic followers that refuse to change Loyalties, my solution/bypass seemed to be working fine. Cheers! http://forum.shrapnelgames.com/images/icons/icon10.gif |
Re: OT: about:blank homepage hijacker..
Try using system restore if you have it.
|
Re: OT: about:blank homepage hijacker..
an easier way is to go into the system registry ad change the home page value and the home page backup value if you have the actual webpage name you can search your registry for that site name then just delete those keys this wont cause any undue problems for ie
another thing is to check the downloaded program files directory many of these programs set in java applets that automatically reset the home and search pages just click the properties and see what dependencies they have usually a file on the website is listed if so just delete the applet |
Re: OT: about:blank homepage hijacker..
This problem can be solved by modifying Windows registry. Check out following path:
HKEY_LOCAL_MACHINE -> SOFTWARE -> Microsoft -> Windows -> Current Version -> Run. On Run -folder you find every program which are started during windows startup. You should check it for programs you don't know and delete those keys. However, when modifying register, you have to know what you do, for deleting wrong keys can and will screw up your OS. However, it is fairly safe to modify keys in this Run -folder. Oh, you can start registry editor by Start -> Run and write there regedt32. |
Re: OT: about:blank homepage hijacker..
It's most likely CWS. Get CWShredder here: http://www.majorgeeks.com/download4086.html
And if you *must* use IE, visit this page: http://sivran.netfirms.com/IE.html Follow the instructions, get TrustSetter, SpywareBLaster, Spywareguard, and ScriptSentry from the links provided. It's all free, and your IE browsing will be safer for it. As others have said, and as CERT and the US Government have strongly suggested, you should switch to an alternative browser. Edit: If CWShredder fails to clean it up (and if it is CWS, even CWShredder might fail. Some variants of CWS are very nasty), visit http://www.dslreports.com/faq/8428 - If you've followed those steps, and still you have problems, make a post here: http://www.dslreports.com/forum/security and someone will help you. [ July 04, 2004, 18:41: Message edited by: Sivran ] |
Re: OT: about:blank homepage hijacker..
FYI: I'm not a newb when it comes to compters. I did all the rededit, cwshredder etc, etc. whe the instructions say to boot in safe mode, I prefer to boot in DOS and delete the 'suspicious' files that way. I'm an old DOS school person.
It's deeper than this. When I launch my homepage with a shortcut, I check the internet settings and there is no sign of about:blank. I clean the registry and there are no instances of about:blank (I changed them all to point to the shrapnel forums login page.) When I launch IE the regular way that has it load the 'default' homepage,.. about:blank gets installed again. as for the 'run' thing, I have nothing running in the background. That is a pet peve with me. it's the first thing I make a point to do. turn off all those useless 'boot at startup' things that you can simply acces when needed and are not needed to be running all the time. even turning off and removing all these references to boot-up programs there are still more 'Processes' running than suits my fancy. but I don't know what processes are 'safe' to turn off. Windows is a 'processing pig' there are too many things running that rarely get used in any of my normal sessions on my computer. One good example is the nVidia nvcpl that allways seems to manage to be running in the background. it basically is there if I want to activate the dual-display thing. I only have the one monitor so it's a useless waste of resources. e-mail to nVidia asking how to turn it off came back negative. they basically say turn off the 'nview' function in the display propeties but it is already 'Off'. So why does this boot at startup if it is not used? beats me. I even deleted the nvcpl.dll and it still managed to get back in the system. No! it's not a virus, I have scanned my system and it comes out clean as a whistle. and this app does not seem to have adverse effects on my comp, it's just annoying that it boots and is not needed. anyway, enough babbling, Cheers! http://forum.shrapnelgames.com/images/icons/icon10.gif Edit: I'm now using Mozilla. I'll give it a good test run and see if everything stays this way. [ July 04, 2004, 21:07: Message edited by: David E. Gervais ] |
Re: OT: about:blank homepage hijacker..
Okay, this seems to be tough case. I would have bet it was something in your Run -folder in Registry. Though, once there was one exe, which would install the virus every time I booted my computer. The situation was so, that merely deleting the virus itself diidn't solve the problem, but finding out which was the virus' installation executalbe, deleting it and removing its key from Run -folder in registry.
However, you said there is nothing in your Run -folder, so this is to no help. However, I put here a link to one thread in computer discussion group (its in finnish), but you can see the links in this particular thread, and can follow them. Take a look, there propably is some programs you haven't tried yet. How to get rid of banners, pop ups, etc. |
Re: OT: about:blank homepage hijacker..
I just checked my e-mail through MS Messenger and it launches IE instead of Mozilla. Guess what? I get a pop-up every time I go to a new page. Know what it is? An ad/warning that I have 'Spyware' on my computer. "Click OK to scan my system for free". I may well be a bit paranoid, but does this not seem to support my theory that it is the 'Spyware Removal" companies that have infected my computer? and in order to remove their spyware I have to 'Pay!' for their software? It's kind of like they shot themselves in the foot, how esle would they know if I had spyware on my system unless they themselves 'Spied' on my system to find out.
If I had the resources I'd sue the pants off the dasterdly spyware companies that are spreading this nasty virus in order to promote sales of their product. Well, in a few days, I'll do the old Format and re-install of windows and then I'll know my system is clean. (then using Mozilla might help fend off the nasty buggers for a bit longer than IE) BTW, IMHO thise spyware/hijackers are worse than viruses. Oh well, such is life, it seems that we do indeed live in 'Interesting times' http://forum.shrapnelgames.com/images/icons/icon7.gif Cheers! http://forum.shrapnelgames.com/images/icons/icon10.gif [ July 05, 2004, 12:00: Message edited by: David E. Gervais ] |
Re: OT: about:blank homepage hijacker..
ok couple of things
to mention thgat you have probably already tried one absolutly free ad remover program removes ads spyware etc and havs never done a pop[up on me go to Ad-aware select the standard Version its free as a bird and truthfully i forgot it was on my machine for the Last 6 months since it doesnt remind me course as a free Version its totally manual not an auto runner not a continous shield or any of that two check the left hand menu items for plugins and in plugins go to the vx2 page something there about a win nt/2k/xp thats EXtTREMLY diffucult to kill and they have a fix for it for free |
Re: OT: about:blank homepage hijacker..
certain hijackers are really hard to remove. They not only edit the registry but insert variations of commonly used DLL's that will put it back if its removed.
Usually even with ad-aware or spybot you end up having to download a special program written to remove each variation of the program. Such as... the "blank homepage" and inserting search results to sites like 2020.. http://forums.spywareinfo.com/index.php?showtopic=6000 |
Re: OT: about:blank homepage hijacker..
I got rid of it by removing any and all startup programs/dll's. Now in msconfig, the 'Startup' tab is completely empty.
I have removed all instances of about:blank in the registry and have rebooted several times, the problem seems to be solved. (until me or the system needs and runs one of the old programs/dll's that used to be in the startup. FYI: the basic procedure for removing this kind of thing is as follows.. install and run Spybot Search & Destroy, install and run AdAware (it catches some stuff spybot misses.) scan your registry and remove any instances of about:blank. (or replace them with your original homepage.) run HijackThis it catches even more leftover stuff and it can produce a log file that tells you what apps are running and therefore might be corrupt. following this procedure did not fix the problem. and so I took the more drastic measure of not having any of the startup apps in the registry. (fyi: simply toggling them off in the msconfig does not prevent them from being re-activated by the worm. but if the worm finds no entry to 'modify' it aparently cannot install. Time will tell if any of the 'startup' apps were critical to my system, but I always have them toggled off in the msconfig anyway, so I don't forsee any problems. Mozilla is proving to be a very nice browser, I doubt that I will ever return to IE. nuf said, Cheers! http://forum.shrapnelgames.com/images/icons/icon10.gif [ July 05, 2004, 16:40: Message edited by: David E. Gervais ] |
Re: OT: about:blank homepage hijacker..
Like I suggested before, try system restore. I had a similar problem with a hard to kill hijack program, but got rid of it by restoring the system before I got infected. It was completely gone.
|
Re: OT: about:blank homepage hijacker..
The stories about how persistant and ingenious these spyware/adware/hijackware programs can be are getting quite amazing. I've heard about how they install processes to watch themselves and re-install, or hide 'bombs' all over your system in hopes of causing re-infection. I'm glad I've always surfed in 'paranoid' mode with a browser filter/proxy between me and the net. Now with Mozilla instead of IE I'm a bit safer, but being Online is still getting scarier every day. I'm very much afraid that this chaos will provide an excuse for the government to step in and regulate everything, ruining our nice 'free' Internet.
[ July 05, 2004, 17:35: Message edited by: Baron Munchausen ] |
Re: OT: about:blank homepage hijacker..
Quote:
You will be quite happy to know that the primary vector for spyware installation is closed when you use Mozilla. Mozilla will NOT install anything without your ok. Now all you have to worry about are dubious "free" programs... and I think you should update your antivirus. |
Re: OT: about:blank homepage hijacker..
Quote:
Just because I was paranoid, I installed Avast and scanned with it, no virus found with avast. So, I'm pretty sure that my system is virus free, but this hijacker thing obviously can not be detected and removed by the anti-virus software. and the spyware removal programs do find it but are unable to remove it. So why should I believe that if I 'Purchase' (aka register) the spyware removal program it will all of a sudden gain the capability to remove the hijacker. Like I said, I think it's an evil plot by the spyware removal companies to promote sales. And it's not a 'Fear-tactic' campaign, they are simply using an "IN YOUR FACE" bug you to death tactic. I really hope bill gate's computer get's infected by this piece of **** and he sues them to death. [/babble mode off] Cheers! http://forum.shrapnelgames.com/images/icons/icon10.gif |
Re: OT: about:blank homepage hijacker..
DEG, you probably already knew about this, but be sure to run the update feature on both AdAware and Spybot. The installers, IIRC, come with definitions that are over a year old.
|
Re: OT: about:blank homepage hijacker..
can someone post a link to mozilla?
|
Re: OT: about:blank homepage hijacker..
|
Re: OT: about:blank homepage hijacker..
Link to kill it:
http://www.securiteam.com/securityre...RP0L0UD5U.html And as the others have said Mozilla or Firefox to prevent it. If you have to keep IE6, then Firefox is a little more IE friendly. If you work with SQL web apps or Frontpage, then you will want to keep IE around. |
Re: OT: about:blank homepage hijacker..
Quote:
btw: following this kind of procedure does not always work, and it did not work for me. I still had the problem after running through the procedure. But I found a workaround.. I viewed all the files in my ..\windows, \system and \system32 folders and sorted by date. I then deleted all suspicious files and made special notes of the ones that said 'unable to delete' and removed them in dos. When I rebooted the system complained but was nice enough to let me know what it was looking for. I searched the registry and removed any references to these files. it seems fine now. BTW I wouldn't reccomend this type of drastic procedure unless you have a good knowledge of what is what in the windows folder. It would be easy to delete a 'needed' file and cause windows to die. One good indication that it's a bad file is when it has a very obscure name, like snxyfc.dll or mxtargoo.dll etc. Anyway, the problem seems to be solved, and now that my primary browser is Mozilla I should be safer. Cheers! http://forum.shrapnelgames.com/images/icons/icon10.gif P.S. Thermo, I'm approaching 100 folds for the sharky team. Man I hat getting these ***/400 folds, they take several days to complete. [ July 07, 2004, 11:57: Message edited by: David E. Gervais ] |
Re: OT: about:blank homepage hijacker..
Try Spy Sweeper from webroot: http://www.webroot.com/wb/products/spysweeper/index.php
I'd never had problem witrh spyware, hijacks after I got spy sweeper. |
Re: OT: about:blank homepage hijacker..
Here's another little free program to throw in the mix. I use IE (due to IntraNet applications) and this little app has been quite helpful and definitely has a place in my toolbag. Anyone using IE should check this out.
http://www.definitivesolutions.com/bhodemon.htm PS. David, I think Thermo has given up on the Folding project for now - haven't seen him post any new WU's for a while now so I was finally able to pass him. (That's the only way I passed him in SETI@home as well. http://forum.shrapnelgames.com/image...s/confused.gif http://forum.shrapnelgames.com/images/icons/icon10.gif ) |
Re: OT: about:blank homepage hijacker..
Quote:
|
| All times are GMT -4. The time now is 06:28 PM. |
Powered by vBulletin® Version 3.8.1
Copyright ©2000 - 2025, Jelsoft Enterprises Ltd.
Copyright ©1999 - 2025, Shrapnel Games, Inc. - All Rights Reserved.