Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

About:Blank frustration 3

Status
Not open for further replies.
bjdobs

bjdobs

Programmer
Mar 11, 2002
261
CA
XP Pro sp2

Is there a new variation of the VSB About Blank virus?

Does anyone have any ideas?

This one infected a machine in mid October ... It got by Norton NIS 4 ... it won't allow connections to microsoft, or any antivirus site ... it appears to hyjack any address and goes to a proxy to determine what it will allow the user to access ... I have run both the Symantec and macaffe scans by copying their scan files to cd with no luck.

I used an XP Sp2 disk to load Sp2 hoping it would get rid of this but that didn't work.

I tried to do a restoral from September no luck

Note can't even get around it in Safe mode


 
Sort by date Sort by votes
I'd run hijack this, then go to config, then misc tools and then open host files manager. Take out everything except the localhost entry and try getting to some sites that were once blocked, see if that helps.

Hijack this is how I got rid of an about:blank problem
 
Upvote 0 Downvote
pretty sure MS antispy does it- saved me from sbout:blank when nothing else did
 
Upvote 0 Downvote
A word to the wise...

In order to prevent immediate reinfection you have to remove the trojan that is downloading and/or reinstalling it, before you reboot the machine into protected mode (I always remove this crap while in safe mode). It has been my experience that this is one area where the scanners fall short.

It often proves to be a hidden/system dll or exe file. These are usually found in the user's Docs & Settings subfolders (mainly under application data & temp), in /system32, in c:\temp or c:\temporary, in \temporary internet files, or in /windows/temp. Sometimes they are in the root of \program files or \common files. I have also found them in the root directory (c:\).

Other places they hide are in their own little subfolders under \windows or \system32.
 
Upvote 0 Downvote
I had good luck by booting into safe mode and deleting c:\windows\system\jlob.dll and making a folder with the same name and deleting c:\windows\temp\se.dll and making a folder with the same name.

Windows cannot replace a folder with a file.

I tried to remain child-like, all I acheived was childish.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

N2NT
  • Locked
  • Question
about:blank, now on steroids! 1
Replies
19
Views
99
G0AOZ
G0AOZ
sgd3476
  • Locked
  • Question
about:blank and out of control spyware
Replies
6
Views
67
diogenes10
diogenes10
dyarwood
  • Locked
  • Question
about:blank shows advertising
Replies
3
Views
50
carrr
carrr

Part and Inventory Search

Sponsor

Back
Top