About:Blank not going away

I have a Search Page hijacking my IE home page (Firefox is fine) also causing pop-ups. I have tried many things to get rid of this, no luck, it just keeps coming back. Sometimes you think its gone, than it comes back.

OK, I have ran HSRemover, at first it found 8 items, after that nothing.

I ran About:Buster, it says nothing is infected.

I run Hijack This, everytime it finds the about:blank entries and the 'Search Assistant' entries and the 'Search Page' entries after a restart. I remove them each time but they still show up. I have tried pulling the power plug after fixing, this does not help. Normal restart will make IE work temporarily (like 60 seconds) then you see the screen blink, and if you click on your homepage up comes the Search Page. This happens whether the network cable is plugged in or not.

Help! I am usually VERY good at removing malware and spyware but this has got me. Time for the big guns, I really hope I don't have to wipe anything. Thanks for any help anyone can give!

 

I am also having a similar problem. I will remove and all is good for a few restarts then BAM! it is back. Now it is hijacking all links and taking me to about:blank. I would also appreciate any help with this annoying jack.

Thanks,

Chad

 

I seem to have fixed it.

ofjce.dll
sp32.dll
sp.dll

were the culprits.

ofjce.dll is present in the registry and in C:Windows\System32.
sp32.dll I only found in the registry.
sp.dll is in the registry plus it was in a temp folder (you can search for it).

Start by renaming ofjce.dll to ofjce.txt, than delete it.

Do the same for sp.dll.

Than open the registry and do a search for ofjce.dll

Delete every entry. If it is the only entry in the folder, delete the whole folder it is in.

Do the same for both sp32.dll and sp.dll.

Then open up Hijack This!, delete the bad entries and restart.

If you wanted to go further before restarting you could delete registry entries that have to do with 'Search Assistant', 'Omniscient.exe', 'Omniband.exe', and wsaupdater.exe'.

Deleting the first three dll's should fix the issue if it is similar to mine.

Good Luck, this wasn't easy.

 

I've done the sp.dll and sp32.dll but I didn't find the ofjce.dll the first time around. I too am not new at this hijack removal thing, but I am having difficulty with this one. It isn't even my machine, it is a friend's. I will try and get rid of the ofjce.dll or similar randomly named dlls. It seems each time I get rid of it it renames itself something different. I will AGAIN attempt to banish this insideous evil. If I AGAIN fail I will post for more help.

 

It sounds like I am having one of the more difficult ones. You (chaslang) helped me remove this one once before, but it has returned under new and exciting names. I will start my own thread as soon as I gain access to the infected computer and can get a log file.

 

This one tried to populate itself. The 1st couple of times I removed from HJT, it came back with more entries. It did not seem to mutate luckily, it was the same .dll's causing the problem , I just needed to find the 'master' so to speak, which was ofjce.dll.

 

Have you posted your HJT log? I don't mind if you hijack this thread.

 

I suppose so, but it was still time consuming and a pain in the you know where!