about:blank

I don't have the about:blank virus actually changing my home page; however, every time I launch a new IE window, a window flashes up real quick that's entitled "about:blank" and then it disappears and the site I asked for comes up.

I thought I might have some remnant of about:blank on my computer, so I ran through all the steps in your "About:Blank and HSA Hijacker - Simplified Removal" post. I did all the steps as outlined in that post.

Attached are the ab1 and ab2 logs as well as the HJT log.

Let me know what you think. Thanks in advance for your help!

 

Copy the contents on the below quote box to notepad; save as FixReg.reg to your Desktop.

Double-click FixReg.reg and answer 'Yes'.

In HJT Choose Open the Misc Tools Section choose Process Manager, Highlight:

Choose Kill Process

Now scan and have HJT Fix the following:

Download
- Pocket Killbox

Now run Pocket Killbox:

Choose Tools -> Delete Temp Files and click the RED X.

Run Killbox.exe. Paste the below filenames into KILL BOX one at a time. Check mark the box that says "Delete on Reboot" and checkmark the box "Unregister DLL" (If available) Click the RED X and it will ask you to confirm the file for deletion say YES and when the next box opens prompting you to reboot now...click NO...and proceed with the next file. Once you get to the last one click YES and it will reboot. Note many of the file list below may not exist but we need to check for them anyway.

If Killbox does not reboot or you get a Pending Operations type error message just reboot your PC yourself.

Now boot into SAFE MODE

Open Windows Explorer navigate to and DELETE the following: (Some of these may have already been deleted by Pocket Killbox)

Now run CCleaner. If you have Windows XP delete the contents of C:\WINDOWS\Prefetch.

Then, as an added precaution, Go to Start -> Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.

REBOOT to Normal Mode.

Post a fresh HijackThis Log.

 

Thanks very much for your help. I followed the steps you laid out. *One important thing* When I got to the 2nd step (using HJT Process Manager to kill processes), it wasn't until *after* I killed the processes C:\PROG\schedsrv.exe and C:\PROG\schedmon.exe that I realized that this is a legitimate upload/download program that runs overnight. Therefore, I did not remove anything related to PROG or Progressive during the HJT fix or the Pocket Killbox. Of course, I didn't delete the related folders on C: either.

Do you think that killing the processes using HJT is going to cause a problem? If so, is there a way we start the processes again? Attached is the new HJT log. Thanks again!

 

Both of those processes are still active, so no worries.


You log appears to be clean of malware.

How is your computer running?