about:blank issues..........real big issues

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by IAmThurt, Jan 22, 2005.

  1. IAmThurt

    IAmThurt Private E-2

    I have been infected majorly with spyware...please help. I have downloaded all the programs recommended(ad-aware, spybot, aboutbuster, CWShredder, hijackthis, kill2me, hsremove, stinger, spyware blaster, and ccleaner) and followed all the instructions in the thread about spyware. and still have this problem of my homepage saying about:blank and it being a search site that i cant right click on. I am also unable to run any online scanners because it only loads that freakin search page, it also prevents windows update from running.

    I will upload a hijackthis log and a hsremove log. Please provide all the help you can.
     
  2. IAmThurt

    IAmThurt Private E-2

    this is my ad-aware log and my hijackthis log
     

    Attached Files:

  3. IAmThurt

    IAmThurt Private E-2

    this is my cwshredder log. hope these help you help me.
     

    Attached Files:

  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    If you are using WinXP or WinMe, make sure you have system restore disabled (per the tutorial).
    For all OS types, make sure viewing of hidden files is enabled (per the tutorial).

    Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\TREYHU~1\LOCALS~1\Temp\sp.dll/sp.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    O2 - BHO: (no name) - {362BA6EE-DF26-4A2C-ACA5-13C689AFAF8F} - C:\WINDOWS\system32\idoepoh.dll
    O18 - Filter: text/html - {9278EB07-103C-45D7-A9E7-B4000E748E51} - C:\WINDOWS\system32\idoepoh.dll
    O18 - Filter: text/plain - {9278EB07-103C-45D7-A9E7-B4000E748E51} - C:\WINDOWS\system32\idoepoh.dll

    After clicking Fix, exit HJT.

    Boot into safe mode and use Windows Explorer to delete:
    C:\WINDOWS\system32\idoepoh.dll
    C:\Documents and Settings\TREYHU~1\Local Settings\Temp <--- delete all files and folders here (some may not be deleteable, note which ones)

    Now reboot in normal mode and post a new HJT log. And tell us how things are working.

    Those O18 lines can sometimes be very stubborn to get rid of and they will keep causing problems to come back.
     
  5. IAmThurt

    IAmThurt Private E-2

    so far so good. I can do the online scans and windows update. It also let me reset my homepage and restart my computer and it didn't change. Thanks so much.
    If you see anything in the log that can still be fixed.
     

    Attached Files:

  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Well I would avoid using programs like Limewire! - Peer to Peer (P2P) file-sharing client. As with all P2P sharing programs they are susceptible to various forms of malware.

    But you problem looks like it is still there to me!
     
  7. IAmThurt

    IAmThurt Private E-2

    One thing I just noticed is that when I press ctrl+alt+del alot of it is missing I will upload a screen shot. If not limewire then what do you suggest.
     

    Attached Files:

  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You need to look at the Processes tab! You have lots of things running based on your previous log! And as I said you still have the problem. I saw the below still in your HJT log.

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\TREYHU~1\LOCALS~1\Temp\sp.dll/sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\TREYHU~1\LOCALS~1\Temp\sp.dll/sp.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

    Are you saying you no longer see any problems?

    I do not use programs like that! They all have their problems. Some are much worse than others. Kazaa is probably the worst. All P2P programs make you susceptable. They are all security risks. Check in the Software Forum for opinions about them because my opionion would be not to use them at all.
     
  9. IAmThurt

    IAmThurt Private E-2

    There are no tabs, that is all that is there.

    I had to cut alot of it off because of the limit you have on the uploads. I will remove those, but yes my home page has stayed to what I set it as.
     
  10. IAmThurt

    IAmThurt Private E-2

    i have removed all things you listed.
     

    Attached Files:

  11. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    Hey, Since Chas isnt here at the moment. I checked your log, it looks clean as of now. Are you still experiencing any problems?

    Note: If your "Task Manager" still has no tabs, simply "Double Click" as shown on image attached. This should bring it back to normal. If this does NOT bring it back to normal then DOWNLOAD THIS REG ENTRY and merge it into the registry.

    Thanks Bj :)
     

    Attached Files:

  12. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Agreed! Log is clean now. And try what BJ said about double clicking in your TaskManager window. That is why you did not see all the other info it can show.
     
  13. IAmThurt

    IAmThurt Private E-2

    I feel retarted, but thanks for the help. Who ever thought of the double click changing that should be shot......why would you have a need to change it. But again many thanks.


    May The Force Be With You
     
  14. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome! And I agree it is a pretty stupid un-necessary feature that is more trouble than it's worth.
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds