About:Blank frustration 3

[bjdobs]

XP Pro sp2

Is there a new variation of the VSB About Blank virus?

Does anyone have any ideas?

This one infected a machine in mid October ... It got by Norton NIS 4 ... it won't allow connections to microsoft, or any antivirus site ... it appears to hyjack any address and goes to a proxy to determine what it will allow the user to access ... I have run both the Symantec and macaffe scans by copying their scan files to cd with no luck.

I used an XP Sp2 disk to load Sp2 hoping it would get rid of this but that didn't work.

I tried to do a restoral from September no luck

Note can't even get around it in Safe mode

 

[AndyWatt]

Have you tried Spybot/Ad-Aware/Hijack This?

Andy
"Logic is invincible because in order to combat logic it is necessary to use logic." -- Pierre Boutroux

 

[DestinysDream]

I ran into the same problem and by running the items mentioned above in a series of 3 I was able to finally get rid of about:blank. Norton AV will not recognize about:blank or fix it. You just have to load as many anti-spyware items as you can a keep hitting it over and over.

If anyone calls and says "I know a little something about computers" just tell them to reformat it.

 

[bjdobs]

Thanx ... this one was linked to some company attempting to solicit adaware removal software ... VERY disappointed with the antivirus/Security companies ... this IS NOT a trivial undertaking and should be caught by these Security Programs ... Its Time the ISP's start taking some responsibility for this crap too. I can't imagine how the normal PC user can cope with all this junk flying around.

This PC was behind a Router had NIS 4 running with up to date sigs and it still got infected!!!

 

[bjdobs]

This is the actual link that has the links to the program that cleans up the mess

http://www.securiteam.com/securityreviews/5RP0L0UD5U.html

 

[petermeachem]

I don't think about blank is actually classed as a virus, just very annoying, which is a good reason why an av programme won't remove it. A router or a firewall won't make a scrap of difference either.
Using Firefox will.

http://www.accuflight.com

http://www.lettersdirect.co.uk

http://www.ourhouseinportugal.co.uk/

 

[bygeek]

AVAST! antivirus is pretty good at removing this. I've also had good results with Adware-Away. they're both free downloads.

 

[bjdobs]

So what do you define as a VIRUS??? ... I have no idea how this About:Blank thing got on their machine but I'm sure they didn't ask it to install. This was most likely a covert program that comes along with one of those glizty popup search bars ... either way I still classify it as a virus because it modified the functionality of the OS without the permission of the user. As such it SHOULD be in the AV and Security/Firewall software Sigs.

 

[smah]

Most antivirus companies distinguish the various forms of malware something like:

virus
worm
trojan
adware/spyware

Sometimes these programs have overlapping areas of definition, but usually are quite distinct in there purpose and/or method. Most antivirus companies have defintions for all this malware similar to

https://knowledgemap.nai.com/phpcli...Type=DOC_KnowledgeBase&iterationID=1&docName=

 

[MeGustaXL]

Just before you switch to FireFox, clean up your PC with About:Buster from MajorGeeks -

http://www.majorgeeks.com/download4289.html

the get Firefox:

http://www.mozilla.org/products/firefox/index.html

and surf without Sh*tware!


Chris

Varium et mutabile semper Excel

 

[bcastner]

Using Google I searched for "Sh*tware" and the highest ranked page result was:

http://www.virtouch2.com/Brochures/Catalog_Braille_Rev2.PDF

I am not sure how this will help.

Follow carefully the steps in faq608-4650 The problem with the about:blank malware is that it is polymorphic, and with NTFS volumes can at times use NTFS streaming in order to hide.

If doing it by hand seems too much, use a trial version of an antitrojan software. My favorite of the month is by Giant software:

http://www.giantcompany.com/(hhgyyq45s5wvvuz4yzqxzxui)/default.aspx

There are some other choices listed in the FAQ linked just above.

 

[MeGustaXL]

Hi Bill,

Thanks for that link - very amusing!

Of course, you knew that I meant that About:Buster automatically removes about:blank infections, by unhiding the hidden random .dll's, then deleting all of its nasty little .dll's and Registry Key entries, all the stuff that the link given by bjdobs recommends, in fact.

Once the PC is clean, download, install and use FireFox, deleting all your desktop links to Internet Explorer, only using when absolutely essential, such as when your bank's website insists on it. This will enable you to surf without being infected with Sh*tware like about:blank, iwannalook.com and other Hijackers

But you knew that, of course

Chris

Varium et mutabile semper Excel

 

[icsupt]

Will slamming your PC get rid of about.blank?

 

[MeGustaXL]

Depends what you slam it with! If you use the flat of your hand, probably not, but if you use About:Buster, SpyBot, HijackThis, Avast, etc. you should get rid of it. Follow this up with a switch to FireFox, Opera or Netscape, and you'll slam the back door in the Sh*tWare peddlars faces!

Chris

Varium et mutabile semper Excel

 

[rosepetal]

This thread is an excellent example of why I LOVE THIS SITE!
Thank you all so much for your participation.

 

[Sympology]

Of course if you install Firefox and then go back to bad surfing habits, you will eventually get a slap.
There are already expliots that hit these variant browsers, as they get more popular, so will the temptation for the arseh*les to right software for these applications.
Not matter what browser you use, common sense is often your best defence. Unless of course those 1,000,000 customer pop ups are genuine?

Read this article if you think only i.e has big holes in it.

http://www.theregister.co.uk/2004/12/09/secunia_browser_exploit_warning/

Stu..

Only the truly stupid believe they know everything.
Stu.. 2004

 

[dstcroix]

This has got ot be one of the most persistent malware hijacks I have seen. Not only does it take 2 hours to get this gone (and 90 percent of the time nothing works) that time is tech time as well as lost user time. Not good.

I have used all these programs to get rid of this:

AdAway
HiJackThis!
CWShredder
AVG
Adaware
Spybot
Reglite


I have booted into safe mode and deleted the offending files:

mui
srcasst
javajs32.exe
(all in C:\Windows)

They come right back!!! I have deleted all possible sources of this. It seems to be java related, and their is an install.js that I think keeps this thing alive.

Any other suggestions on how to get rid of this? I have yet to try the About Buster but I will as a last resort.

Man, kids these days!!

 

[diogenes10]

Not sure if I got the right variant, but see if this helps:

http://www.bleepingcomputer.com/forums/topict3341.html

-------------------------------------
It's 10 O'Clock ( somewhere! ).
Are your registry and data backed up?

 

[erikhertzel]

Try MS AntiSpyware, that may do the trick.

Erik

 

[dstcroix]

About Buster didn't do it. I ran MSCONFIG and turned off most of everything. Then ran Ad-aware and Hijack This again. That seemed to have done it. But then again, I thought it was fixed yesterday only to find out it has come back.

Diogenes10, thanks so much for the excellent information you just posted. I'm filling this away for the next one (any time now!!)

Deanna