About:Blank--Removal

Welcome to Major Geeks!

It actually does not sound like about:blank malware which is a hijacker and is rarely seen anymore. It just sounds like you have a delay in page loading, but to be sure there is no malware at play, please follow the instructions in the below link and attach the requested logs when you finish these instructions.


READ & RUN ME FIRST. Malware Removal Guide

• If something does not run, write down the info to explain to us later but keep on going.

• Do not assume that because one step does not work that they all will not.

Notes:

1. If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode. You can run steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:
   
   • Starting your computer in Safe mode
2. If you have problems downloading on the problem PC, download the tools on another PC and burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.

 

I'm not exactly sure what you mean by clicking off the tab. Do you mean you go to another tab and when you come back to the tab where IMDB is that you get about:blank?

Still does not sound like a malware problem but to be sure, perhaps it would be best to check your PC for malware by running the procedure I game to you.

 

Still does not sound like malware. Especially if it is only happening on that one website.

Unless you do it ALL and attach the requested logs, we cannot offer you any help since the problem does not sound like malware and we would need the information from all the tools to say that for sure.

 

Just follow the procedures. They tell you which logs need to be attached.

 

Why not? You can skip it but is is better to have the Recovery Console installed.

You still need to attach the log from MGtools too.

 

I'm still waiting for the log from ComboFix and the MGtools log that I requested. We need them to continue.

 

If you are not running Windows Vista then you should not be running the instructions for Vista.

 

That has nothing to do with why UAC which is only related to Vista. The .NET Framework is only required for getting a particular tool within MGtools to work. It is not always necessary to have the log from this tool so you do not have to worry about installing .NET Framework right now.

You do need to run ComboFix though. So if yo have not run ComboFix, you need to run it before running MGtools.

 

I'm still waiting for the ComboFix log, but I can already tell you that while you have a few minor things to correct, but you do not have an about:blank hijacker problem. But I will give you some things below that you need to fix.

Why didn't you install and run CCleaner??? Or did you uninstall it already?

Also why did you uninstall SUPERAntiSpyware, Malwarebytes, and Spybot? You need these programs.

What you should have uninstalled is the below which wwas requested in two different parts of step 1 of the READ & RUN ME. Uninstall them now.

Ask Toolbar
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 3
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 2"
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1
Messenger Plus! 3
Messenger Plus! Live


You also need to run MSconfig and put your PC into Normal Startup mode as requested in step 1 of the READ & RUN ME.

Run this Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Owner\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)
O20 - Winlogon Notify: winopn32 - winopn32.dll (file missing)
O21 - SSODL: cinnamomum - {93ac7c30-3878-4eaa-9420-7977285df5b1} - (no file)
O22 - SharedTaskScheduler: {93ac7c30-3878-4eaa-9420-7977285df5b1} - cinnamomum - (no file)

After clicking Fix, exit HJT.

Now download The Avenger by Swandog46, and save it to your Desktop.

• Extract avenger.exe from the Zip file and save it to your desktop
• Run avenger.exe by double-clicking on it.
• Do not change any check box options!!
• Copy everything in the Quote box below, and paste it into the Input script here: part of the window:

• Now click the Execute button.
• Click Yes to the prompt to confirm you want to execute.
• Click Yes to the Reboot now? question that will appear when Avenger finishes running.
• Your PC should reboot, if not, reboot it yourself.
• A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

Also delete all files in the below folders except ones from the current date (Windows will not let you delete the files from the current day).
C:\WINDOWS\Temp
C:\Documents and Settings\Owner\Local Settings\Temp

Now run Ccleaner!

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

Then attach the below logs:

• C:\avenger.txt
• C:\MGlogs.zip

Make sure you tell me how things are working now!

 

WHY? You are not supposed to skip steps in our instructions. You need to do exactly what we request and nothing more or we will have problems helping you.

We never asked you to uninstall them. You need them. You should download and install the current versions from the links in the READ & RUN ME and make sure you update them after installation. Then run new scans and attach the new logs.

That's your choice in the end put it has infected tens of thousands of unsuspecting people on the internet.

 

Then no you are not doing it right. The first line in the script has to be Files to delete:

 

None of the steps I gave you would mess up Windows XP. What else have you been doing on your own?

If you are really having problems booting into Windows, I suggest that you boot into safe mode and perform a system restore and get a friend who is more familiar with Windows to help you perform steps.

 

If you mistakenly removed something with HijackThis, it does create backups and they can be restored. Just run the C:\MGtools\analyse.exe program and select Misc Tools and then Backups.

Did you try System Restore?

Did you ever complete all of my previous instructions? If so, I need the new logs.