about:blank/hijack this

Discussion in 'Malware Help (A Specialist Will Reply)' started by suedvorak, Oct 26, 2005.

  1. suedvorak

    suedvorak Private E-2

    thank you so much...your information has helped me to get morwillsearch.com and winfixer out of my life! i want to be sure there aren't any other problems. my daughter receives the about:blank. i am attaching my hijack this log for your review. hope i have done everything correctly...
     

    Attached Files:

    suedvorak, Oct 26, 2005
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    I'm happy to hear the sticky threads have been of help.

    You do not have an about:blank hijacker problem.

    Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    R3 - Default URLSearchHook is missing
    O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
    O2 - BHO: Bho - {EFDAC3FE-F44A-4030-8589-1E23BC6573D5} - C:\WINDOWS\system32\yxrpjgao.dll (file missing)
    O2 - BHO: MSEvents Object - {FC148228-87E1-4D00-AC06-58DCAA52A4D1} - (no file)
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

    After clicking Fix, exit HJT.

    Now reboot in normal mode and post a new HJT log.

    And tell us how things are working.
     
    chaslang, Oct 26, 2005
    #2
  3. suedvorak

    suedvorak Private E-2

    ok, here's exactly what i did:

    1-i made sure all my browsers were closed
    2- i clicked startup, run, entered msconfig, clicked ok. then i selected normal startup, clicked ok, then rebooted.
    3- i ran hjt and posted the log below for you
    4 - now when i start my computer i receive messages from my spyware tellling me i have possible spies/trojans on my computer. should i allow the files they're referring to, or delete them?
    5- am i supposed to leave my computer in this 'normal startup' (thru msconfig), or should i return to the 'selective startup' it was in before i ran hjt?

    note: i had already previously checked the items on the hjt page which you specified in the previous thread, and i did click on 'fix' BEFORE doing the above steps. i realized after the fact that i may not have run the hjt scan in the correct mode, so i started over and did the items listed above. i am not clear when you state to 'now reboot in normal mode...' does that mean the mode it was in (selective startup) prior to my changing it, or does that mean i should leave it in the 'normal startup' mode???

    thanks for your patience...
     

    Attached Files:

    suedvorak, Oct 27, 2005
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Do not use msconfig to control startups at all during any of this cleanup process. In other words, leave it set for Normal Starup. This has nothing to do the words that said:

    Now reboot in normal mode

    That is referring to normal boot mode versus safe boot mode.
     
    chaslang, Oct 27, 2005
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    The only item in your current log that should be fixed using HJT is:


    O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain

    However, you could first look in Add/Remove programs to see if anything for WildTangent appears. If so, uninstall it. If not, run HJT and fix the O4 line.

    Then reboot into safe mode and delete:
    C:\Program Files\WildTangent <--- the whole folder

    Now reboot in normal mode!

    I see no other problems in you log. But I do questions using
    MS Antispyware
    SpySweeper
    Trend Micro's Antispyware

    all at the same time. This could be very resource intensive on your PC. Did you buy SpySweeper or Trend Micro's software?
     
    chaslang, Oct 27, 2005
    #5
  6. suedvorak

    suedvorak Private E-2

    i have attached my current hjt log, which i performed in safe mode. let me know if you see anything i need to take care of. thanks so much....!
     

    Attached Files:

    suedvorak, Oct 28, 2005
    #6
  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Read my directions again!

    But I do not need anymode HJT logs! Just respond to my comment in messsage # 5 about using the three spyware blocking programs.
     
    chaslang, Oct 28, 2005
    #7

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds