following about:blank removal instructions

I have or had the about:blank spyware on my system. Here are the steps I have taken so far:

A. Followed your READ and RUN ME FIRST instructions, as well as I could.
B. Followed special removal instructions for about: Blank, simplified.

Attached are the logs requested (I hope!)

Thank you so much for your help in cleaning my computer! I appreciate it greatly and look forward to your reply.

jody

 

More log attachments....the bdscan file will not upload...I tried twice.

Again.....thanks so much for your help and detailed instructions.

jody

 

Forgot details about my computer...

I am running XP SP2, which I read on the screen when the computer was in safe mode.

Symptoms: tons of pop-ups, IE hijacked and came up about:blank all the time. Slow running; froze internet several times.

Now, my browser seems ok again - my home page comes up again. But the instructions say not to shut off the computer, so I'm assuming you'll have some additional tasks for me to complete to hopefully get this awful stuff off of my computer - for good!

Thanks a million.....jody

 

Using add/remove programs which can be accessed from the control panel, uninstall the following:

Download

- Pocket KillBox

Extract to its own folder somewhere that you will be able to locate later.

IMPORTANT: You should print or save the below locally, so you can refer to them while offline. You must exit all browsers before running the below steps and it would be best if you actually physically unplug your cable to the internet, reboot, and do not run anything but what I give you to do. Also it would be good to exit all processes and items in your System tray.

Do the above before continuing! Okay unplug your cable now.

Make sure you have rebooted in Normal Mode (do not open any other processes)


Run HijackThis. Click the 'Do a system scan only' button.

Once the scan has completed click Config

Click Misc Tools

Click Open Process Manager

Terminate the following processes by selecting them from the list and clicking Kill Process
Note: these may not all be running but we DO need to check for all of them.

Click back to return to the scan results.

Place a checkmark in the box next to the following lines:

Click on the 'Fix checked' button. Wait for HijackThis to finish; close HijackThis.

Now run Pocket Killbox:

Paste the below filenames into KILL BOX one at a time. Check mark the box that says "Delete on Reboot" and checkmark the box "Unregister DLL" (If available) Click the RED X and it will ask you to confirm the file for deletion say YES and when the next box opens prompting you to reboot now...click NO...and proceed with the next file. Once you get to the last one click YES and it will reboot.

If Killbox does not reboot or you get a Pending Operations type error message just reboot your PC yourself.

Now boot into SAFE MODE

Open Windows Explorer navigate to and DELETE the following: (Some of these may have already been deleted by Pocket Killbox)

If you have Windows XP delete the contents of C:\WINDOWS\Prefetch.


REBOOT to Normal Mode.

Let me know how things are running now

Post a fresh HijackThis log, a fresh newfiles log and a fresh activescan log.[/QUOTE]

 

Hello Matt! Thank you for helping me and providing these instructions.

So far, so good. My IE browser comes up with my homepage; no more pop-ups or freezing up.

Attached are the new logs you requested. What's next?

BIG thanks...........jody

 

YOur pretty much clean! We just need to tidy up a couple of small things and your good to go!

Run HijackThis. Click the 'Do a system scan only' button.

Place a checkmark in the box next to the following lines:

Click on the 'Fix checked' button. Wait for HijackThis to finish; close HijackThis.


Now boot into SAFE MODE

Open Windows Explorer navigate to and DELETE the following: (Some of these may have already been deleted by Pocket Killbox)

Empty your recycle bin.

1. If we used Pocket Killbox during your cleanup, do the below
   • Run Pocket Killbox and select File, Cleanup, Delete All Backups
2. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
3. If you are running Windows XP or Windows ME, do the below:
   • go back to step 8 of the READ & RUN ME to Disable System Restore which will flush your Restore Points.
   • Then reboot and enable System Restore to create a new clean Restore Point.
4. After doing the above, you should work thru the below link:
   • How to Protect yourself from malware!