about:blank removal

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by boobear, Jul 7, 2004.

  1. boobear

    boobear Private E-2

    I know that there is another thread for this, but I read it and it didn't help me much. I don't know a lot about computers. I learn as I go. So keep things simple for me. Anyway, my homepage keeps resetting itself to about:blank and spyware popups run with/without explorer open. First I tried system restore, but it won't work for any of the dates I tried. I tried using Norton Anti-virus, Ad-aware, and Spybot S&D (both from majorgeeks). They cleaned out a lot of the spyware, but didn't fix the homepage problem. I read up on HijackThis! Ran that and tried to fix a couple things, but it didn't work either. I am at my wits end! HELP!! I ran hijack again and this is what came up. If anyone has suggestions please help.
    Logfile of HijackThis v1.98.0

    Log file removed:
    http://forums.majorgeeks.com/showthread.php?t=35407



    Thanks,
    Boobear
     
    Last edited by a moderator: Jul 26, 2004
    boobear, Jul 7, 2004
    #1
  2. Major Attitude

    Major Attitude Co-Owner MajorGeeks.Com Staff Member

    HSremove or About:Buster. Instrucions on their download pages in spyware section.
     
    Major Attitude, Jul 7, 2004
    #2
  3. boobear

    boobear Private E-2

    Tried the About:Blaster. I thought it worked, but then closed and reopened explorer and the homepage had reset again to about:blank.
     
    boobear, Jul 7, 2004
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Please do the following:

    1) go here and download Registrar lite and install it: http://www.resplendence.com/reglite
    2) Run it, copy and paste this line to reglite's address bar:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs

    3) Click the "go" tab
    4) Find: "AppInit_Dlls" value on the right side panel.
    5) DoubleClick on AppInit_Dlls tell me exactly what you see in the Value.


    And then shutdown all applications (especially browsers) and post a new HijaakThis log.
     
    chaslang, Jul 7, 2004
    #4
  5. boobear

    boobear Private E-2

    Last edited by a moderator: Jul 26, 2004
    boobear, Jul 15, 2004
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Are you saying the value was blank? Did you do this correctly? In most cases there is a value there. Something like: c:\windows\system32\xxxxxx.dll is typically found (where xxxxxx is some random chars). However there are cases where it is blank. I just trying to confirm.

    What version of about:Buster were you using? In fact just download it again (it's currently on version 1.30). Get it here: http://www.majorgeeks.com/download4289.html

    According to its own directions:
    Fix ONLY these lines with HijackThis:
    O2 - BHO: (no name) - {3241738A-AA52-4E90-A3F5-D0CADA9AA692} - C:\WINDOWS\System32\gncgcaa.dll
    O18 - Filter: text/html - {AF72D7EA-F1F2-4470-BAC3-33594E198785} - C:\WINDOWS\System32\gncgcaa.dll
    O18 - Filter: text/plain - {AF72D7EA-F1F2-4470-BAC3-33594E198785} - C:\WINDOWS\System32\gncgcaa.dll

    Now run About:Buster. Save the log file from About:Buster and copy back here.
     
    Last edited: Jul 15, 2004
    chaslang, Jul 15, 2004
    #6
  7. boobear

    boobear Private E-2

    Okay, I ran hijack this again and fixed what you said. Then I ran About:blaster and this is what it's log said.

    -- Scan 1 --------
    About:Buster Version 1.31
    Error Removing! : C:\WINDOWS\System32\gncgcaa.dll
    Attempted Clean Of Temp folder.
    Pages Reset... Done!

    But I am guessing the error is causing my problems. It's still on my computer.

    Boobear
     
    boobear, Jul 23, 2004
    #7
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Make sure you have enable viewing of hidden files: http://www.xtra.co.nz/help/0,,4155-1916458,00.html

    The run Windows Explorer and navigate your way to find:
    C:\WINDOWS\System32\gncgcaa.dll

    Once you find it, right click on it and select Properties then look at the Attributes at the bottom and make sure that Read Only and Hidden are unchecked. If not, uncheck them and click Apply. Then try running about:Buster again but do it after booting in safe mode: http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406?OpenDocument&src=sec_doc_nam

    Save the about:Buster log and post it back here after booting in normal mode.
    Also post a new HijackThis log.
    If these three lines are still there try deleting them again:
    O2 - BHO: (no name) - {3241738A-AA52-4E90-A3F5-D0CADA9AA692} - C:\WINDOWS\System32\gncgcaa.dll
    O18 - Filter: text/html - {AF72D7EA-F1F2-4470-BAC3-33594E198785} - C:\WINDOWS\System32\gncgcaa.dll
    O18 - Filter: text/plain - {AF72D7EA-F1F2-4470-BAC3-33594E198785} - C:\WINDOWS\System32\gncgcaa.dll
     
    chaslang, Jul 23, 2004
    #8
  9. boobear

    boobear Private E-2

    It worked!! Thanks! I must have forgotten to un-hide my folders the first time. Thanks for your help. That darn thing was driving me up a wall! I will continue to use this site for any other help I may need b/c God knows that my fiance knows nothing of computers!

    Boobear
     
    boobear, Jul 26, 2004
    #9
  10. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Okay! You said it worked. That means the gncgcaa.dll file is gone right? And it no longer appears in your HijackThis log? Is the about:blank problem gone?
     
    chaslang, Jul 26, 2004
    #10
  11. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    If you still have about:blank problems download the latest about:Buster and follow directions on the link.
     
    chaslang, Jul 27, 2004
    #11

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds