Can't get rid of About:Blank, Trojan Startpage virus - Take Two

Re: Can't get rid of About:Blank, Trojan Startpage virus

Could someone take a look at this and advise me which I should delete? Thank you.

 

Re: Can't get rid of About:Blank, Trojan Startpage virus

From now on, please create a new thread so that we can concentrate your problems. Please pay close attention to forum guidelines. Yuo dont have to create a new one this time.

I will have this converted into your own thread. ( Done! - PP ) In the mean time please follow ALL the steps in this Sticky thread
READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal

 

Re: Can't get rid of About:Blank, Trojan Startpage virus

After you have followed all the steps in the sticky thread I mentioned. Post a new HJT log.

First:
Create a new folder in C:\Program Files and name it C:\Prorgam Files\Hijack This

Run HJT from this location!!

C:\WINDOWS\DESKTOP\HJT\HIJACKTHIS.EXE

Second:

Please make sure ALL browsers are closed when running HJT.

 

Re: Can't get rid of About:Blank, Trojan Startpage virus

I followed the steps you posted. I had some difficulties running the online scans from IE as it kept shutting down. I did them from Firefox. I have not yet done the alternative scans you mentioned, but attached is the most recent saved file from Hijack This. Thanks for your help.

 

You had the right version the first time!

If you dont have it download Hijack This 1.99.1 and attach a new log using the new version.

Be sure you run it from C:\Prorgam Files\Hijack This

 

Hopefully this is it.

 

First:

Please be sure that ALL browsers are closed when running HJT.

C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE

Second:

Please print out these instructions so that you can operate with All Browser Windows CLOSED.

Please make sure System Restore is OFF and the Viewing of Hidden Files & Folders is Enabled as per the tutorial.



Now, look in Task Manager (Ctrl-Alt-Del) for the following running processes and, if you see any of them, try to END them:


NTIZ32.EXE

JAVATZ.EXE


Now scan with HijackThis and Check the Boxes for the following:

Make sure All Browser Windows are Closed when you Click FIX.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\guxuf.dll/sp.html#12345
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\guxuf.dll/sp.html#12345
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\guxuf.dll/sp.html#12345
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\guxuf.dll/sp.html#12345
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\guxuf.dll/sp.html#12345
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\guxuf.dll/sp.html#12345

R3 - Default URLSearchHook is missing

O2 - BHO: Class - {595AD4D2-88BB-5563-8BB4-F6F7AC5BB382} - C:\WINDOWS\MSGL32.DLL

O4 - HKLM\..\Run: [JAVATZ.EXE] C:\WINDOWS\JAVATZ.EXE
O4 - HKLM\..\RunServices: [NTIZ32.EXE] C:\WINDOWS\NTIZ32.EXE


Again, make sure All Browser Windows are Closed when you Click FIX.


NOW:
Please boot into Safe Mode with the Viewing of Hidden Files & Folders Enabled and navigate to and DELETE the following if they should remain:

C:\WINDOWS\NTIZ32.EXE

C:\WINDOWS\JAVATZ.EXE

C:\WINDOWS\MSGL32.DLL

C:\WINDOWS\guxuf.dll


NEXT:

Run CCleaner


Then, as an added precaution, Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.


Reboot to Normal Windows

FINAL STEP

Reset Web Settings & Default Security Settings:


To Reset Web Settings:
Right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK


To Default Security Settings:
Right click on your desktop Internet Explorer icon and select Properties. Then click the Security Tab and click Default Level for Internet, Local Intranet, Trusted Sites, and Restricted Sites.


Now, Scan with HijackThis and attach the new log.
Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now.

Good Luck!

 

Well, I followed your instructions, it seemed to work, but when I reenabled System Restore the problem seemed to return on the reboot. It does seem a bit better, but I am not convinced it is gone. I may just reinstall Windows. I assume that would cure it?

 

Again I will say the same thing! Delete the version 1.99.0 so we wont run into this again. Thanks!