need further advice on about:blank

Well, I went through the sticky thread (god that takes FOREVER, lol). Thought I had it all cleaned up, but then a half hour afterwards my husband calls out "IT'S BACK!!!"

Where to go from here?

 

I got real confused with the post about HJT so I just attached the log to this post. Please note that I had Webroot Spy Sweeper running to stop about:blank from changing my homepage. It prompts me every few minutes about do I want to change my homepage and I have to keep telling it no. If you have any questions about something in the log that you're not sure of I will look them up to see what they are. This computer is on a wireless network (D-Link) also. Windows 2000 Professional. Thanks, I really appreciate it! I was late responding to the post as I had started a new full time job and was in a 2 week training course so my husband has just been putting up with about:blank until I had time to sit down at his computer.

 

NOTE: If running Windows XP or Windows ME please make sure safe mode is disabled temporarily

Ok, Before fixing any problems with Hijack this please move your Hijack This.exe into C:\Program Files\HJT

After you have completed this, run Hijack This again and have it fix these found problems:

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {7A00ACC8-B230-AA1B-D77F-5369C0D791F6} - C:\WINNT\system32\winip32.dll
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: (HKLM)
O23 - Service: ZESOFT - Unknown - C:\WINNT\zeta.exe (file missing)
O23 - Service: Remote Procedure Call (RPC) Helper - Unknown - C:\WINNT\system32\winuw32.exe

After you do this, please reboot and download About:Buster 4.0 now run this tool. After this is complete reboot.



If you are still having problems, Download Adware Away 2.2.7

1)Install Adware Away 2.2.7
2)Open program, select "Online Update" (download updates if avail.)
3)CLOSE PROGRAM & RE-OPEN (You must close program for updates to be applies)
4)Under "Specialized Remover" click on "Remove Hijackers"
5)Click "SCAN ALL" if it finds anything it will show you at the end of the scan (Totally Found [0] Malware Objects!)
6)If it finds anything select "Remove"
7)After this, select "Remove Trojan & Worms"
8)Click "Scan All", if anything is found click "Remove"
9)REBOOT

Please advise if problem continues! Thanks!

 

My bad, Ive been helping so many that I got confused sorry about that. I cant belive I did that.

 

Well, the Adware Away picked up things that the other programs weren't but it could not remove one of the things under aboutblank variant 5. It took several goes to make it remove everything else that it found, but one of the variant 5's are still there and when I click to see the results so that maybe I can manually remove it the results don't come up? So, about:blank is still on the computer even after all that! I appreciate the time you've spent so far helping me!

 

Did you remove selected items from HiJack This?


Ok, If it will not remove it. Boot into "Safe Mode" and do the scans all over again. This should let you delete what its finding because it shouldnt be in use. This also should remove it permanently as Adware Away is claiming its the only anti spyware program that will clean and remove about:blank.

If it will not remove this, try to run the specialized remover by selecting "about:blank hijacker variant 5" and click "Scan One" when it detects it select remove. This should remove it if your in safe mode.


If AdwareAway will NOT remove about:blank please see this sticky thread:

When all else fails - Generic Solution to HSA (Only the Best) & About:Blank hijack

 

Even in safe mode I could not get it cleaned. There was still one stubborn key there so I noted it down and went into the registry and exported the key as backup and then deleted it out of the registry. Now it seems as though he is clear. Thanks for all the help! How long should I wait before I delete the backup registry key that I created?

 

Personally, I would always keep a backup of my registry just in case something happens you have a backup. If everything is working fine for you and it seems to be cleared I would go ahead and delete it.

Please see this thread and you should be ok How to Protect yourself from malware!

Browse Safely!