Help with this site

Discussion in 'Malware Help (A Specialist Will Reply)' started by jerky, Jul 13, 2005.

  1. jerky

    jerky Private E-2

    Am I retarded? Or is this site unbearably hard to navigate? It's not very clear how a person is supposed to go about getting some help and the Contact Us link leads to a page with two links buried in text that lead you right back where you started from. I've no doubt at all that Major Geeks are smart guys and know what they are doing, but they've designed a site for other smart geeks who probably don't need their help. Yeah, I'm bithching and I apologize, but if the reason for your site is to help people not so smart in PC problems, then you should make it REALLY easy to use. Don't design in it for people who know already, design it for people who don't. It took me 5 minutes just to find the New Thread link.

    So, can someone tell me where I go to get some help with possible about:blank problems. I've followed the directions from this page
    http://forums.majorgeeks.com/showthread.php?t=35407 and have run into some problems. Thanks :D
     
    jerky, Jul 13, 2005
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    It's only you having the problem. There are many novices that come here and have no problems. The Contact Us link works just fine and so do the embedded links. They do not take you back to where you started. They go to new links. You need to spend some time navigating around and reading. This site is no more difficult than any other Tech Forum site.

    New users should be reading the FAQs: Frequently Asked Questions (Read Only)

    Explain what problems you are having with the READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal sticky thread. Also explain your reason for running the steps in this sticky. What malware problems caused you to do this?
     
    chaslang, Jul 14, 2005
    #2
  3. jerky

    jerky Private E-2

    Possible about:blank and/or other malware.

    Hello. I believe I may have about:blank and/or other malware. I have gone through the steps outlined at this link; http://forums.majorgeeks.com/showthread.php?t=35407 but have run into some problems along the way.
    First, there is something wrong with "about:Buster" or it will not run on my PC. After trying to run AboutBuster.exe I get the following error message; "The database is either corrupted on missing. Please download a new one." I downloaded it from the link again and got the same error message.

    I have opened the Service window as instructed in step 2 (for Windows 2k users) but didn't see "Network Security Service" or "Workstation Netlogon Service" or "Remote Procedure Call (RPC) Helper".
    I am also unable to access the Internet while in safe mode. I now see that the two online scans that were listed yesterday were changed to Bitdefender and RavAnitvirus. Yesterday they were HouseCall from Trendmicro.com and some other one. I ran the HouseCall (not in safe mode) and came up clean. The other one popped up in a window which just sat there and did nothing.

    I ran all of the other programs anyway and it seemed that HSRemove did something. It claimed to have removed 8 items. While in safe mode I ran some again and HSRemove again claimed to have removed 8 items, although it doesn't list what they were. My PC seems to be a little faster than it was, but still lags.

    Can you tell me about the symptoms of about:blank? I notice that my IE windows take a long time to close and while they are trying to close the name of the website that was shown changes to about blank.

    Also I realize that due to the change over to Bitdefender and RavAnitvirus, I will probably have to start over again. While waiting for a reply I will run Bitdefender and RavAntivirus. As I mentioned I cannot access the Internet while in Safe Mode. I appreciate any help I can get. Thanks!
     
    jerky, Jul 14, 2005
    #3
  4. AbbySue

    AbbySue MajorGeeks Administrator

    jerky, I have merged your threads together. Please stay in one thread to avoid confusion for yourself and those that will step in to assist you. Thanks!:)
     
    AbbySue, Jul 14, 2005
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Re: Possible about:blank and/or other malware.

    You need to install About:Buster into its own folder. That is often the reason for getting the error message that you indicated.

    Please follow the steps below exactly:


    - Download HijackThis 1.99.1

    - Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

    - Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file.

    - Before running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

    - Run HijackThis and save your log file.

    - Post your log as an ATTACHMENT to your next message. (Do NOT copy/paste the log into your post).
     
    chaslang, Jul 14, 2005
    #5
  6. jerky

    jerky Private E-2

    Hello. Here is my HijackThis log file, attached. I tried again to down load aboutbuster, into it's own file this time, but I still received the same error message.

    Thanks!
     

    Attached Files:

    jerky, Jul 15, 2005
    #6
  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You do not nave and about:blank or HSA hijacker problem anyway so you do not need to use about:Buster or HSremove.

    Why do you have the below Proxy Overrides setup:
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.mcafee.com;64.136.29.30;64.136.21.30;64.136.29.34;mcafee.com;searchap.untd.com;127.0.0.1;localhost;*windowsupdate.microsoft.com;*windowsupdate.com;*wustat.windows.com;*.pogo.com;*test-speed.com;liveupdate.symantecliveupdate.com;*symantec.com;*.nai.com;*.networkassociates.com;<local>

    Do you really need this? Is this something that is required by your ISP (I assume Juno is your ISP)?

    Are the below settings what you want:


    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.netzero.net/s/search?r=minisearch
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.ebay.com/ws/eBayISAPI.dll?MyeBay&ssPageName=h:h:mebay:US
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.netzero.net/s/search?r=minisearch
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.netzero.net/s/search?r=minisearch
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=minisearch

    I would not use Kazaa (not even the Lite version). You should uninstall this:

    O4 - HKLM\..\Run: [KAZAA] "C:\Program Files\Kazaa Lite K++\kpp.exe" "C:\Program Files\Kazaa Lite K++\Kazaa.kpp" /SYSTRAY


    You can hava e HJT fix the below lines but they are not major problems:

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
     
    chaslang, Jul 15, 2005
    #7
  8. jerky

    jerky Private E-2

    I have no idea what any of that stuff means. :D My ISP is Netzero, it used to be Juno but I switched, then they became the same company anyway. I will uninstall Kazaa,... don't use it anyway. Do you suggest I make any changes to the above items other than uninstalling Kazaa? Thanks!
     
    jerky, Jul 15, 2005
    #8
  9. jerky

    jerky Private E-2

    One more thing, I'm not sure why anything Kazaa would show up. According to what I am looking at, there is no Kazaa on my C drive at all. :confused:
     
    jerky, Jul 15, 2005
    #9
  10. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Do you see the below folder?

    C:\Program Files\Kazaa Lite K++

    Do you see anything in Add/Remove programs?
     
    chaslang, Jul 15, 2005
    #10
  11. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Do you want you Start and Search page defaults set to what netzero set them to or would you prefer to choose your own?
     
    chaslang, Jul 15, 2005
    #11
  12. jerky

    jerky Private E-2

    I would like to choose my own. I was really irritated actually, when I got Netzero and all of a sudden my searches changed from MSN to the Netzero search. At this time, I usually go to google when I want to do a search that will get me results that I can actually use. I'd also like to set my start page to "My eBay" page at eBay. THANKS AGAIN!
     
    jerky, Jul 16, 2005
    #12
  13. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    If you are using WinXP or WinMe, make sure you have system restore disabled (per the tutorial).
    For all OS types, make sure viewing of hidden files is enabled (per the tutorial).


    Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.netzero.net/s/search?r=minisearch
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.ebay.com/ws/eBayISAPI.dll...me=h:h:mebay:US
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.netzero.net/s/search?r=minisearch
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.netzero.net/s/search?r=minisearch
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=minisearch
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.mcafee.com;64.136.29.30;64.136.21.30;64.136.29.34;mcafee.com;searchap.untd.com;127.0.0.1;localhost;*windowsupdate.microsoft.com;*windowsupdate.com;*wustat.windows.com;*.pogo.com;*test-speed.com;liveupdate.symantecliveupdate.com;*symantec.com;*.nai.com;*.networkassociates.com;<local>
    O4 - HKLM\..\Run: [KAZAA] "C:\Program Files\Kazaa Lite K++\kpp.exe" "C:\Program Files\Kazaa Lite K++\Kazaa.kpp" /SYSTRAY

    After clicking Fix, exit HJT.

    Boot into safe mode and use Windows Explorer to delete (if found):
    C:\Program Files\Kazaa Lite K++

    Now we need to Reset Web Settings:
    1) If you have an Internet Explorer icon on your Desktop, goto step 2. If not, skip to step 3.
    2) Now right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com (or use what you prefer). Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK. Then skip step 3.
    3) If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com (or use what you prefer) . Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

    Now reboot in normal mode and post a new HJT log. And tell us how things are working.
     
    chaslang, Jul 16, 2005
    #13
  14. jerky

    jerky Private E-2

    Hello, here is my new HJT log file as requested in an e-mail I received from chaslang.
     

    Attached Files:

    jerky, Jul 19, 2005
    #14
  15. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Did you decide not to fix the Kazaa entry for some reason?

    Also the below two lines can be fixed:
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
     
    chaslang, Jul 19, 2005
    #15
  16. jerky

    jerky Private E-2

    I followed your instructions exactly. They stated that I should "Boot into safe mode and use Windows Explorer to delete (if found):
    C:\Program Files\Kazaa Lite K++"
    There is no Kazaa programs on my hard drive. Should I run HJT again and "Fix" it?

    Thanks again.
     
    jerky, Jul 19, 2005
    #16
  17. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Message number 13 said to fix the below:
    O4 - HKLM\..\Run: [KAZAA] "C:\Program Files\Kazaa Lite K++\kpp.exe" "C:\Program Files\Kazaa Lite K++\Kazaa.kpp" /SYSTRAY
     
    chaslang, Jul 19, 2005
    #17

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds