problems with "about:blank" hijacker

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by KBTO, Jul 1, 2004.

  1. KBTO

    KBTO Private E-2

    Hi. I write because i´ve been having problems with the "about:blank" homepage hijacker and i don´t know what else to do. I´ve tried scanning the computer with norton antivirus, spybot, ad-aware , but non of these seems to do the job. So i´m trying to follow your advice about running hijackthis and posting the scanning results. I just hope you could help me because this problem is really irritating.
    Here are the results from the scanning with hijackthis:

    Logfile of HijackThis v1.97.7

    Scan saved at 05:52:46 p.m., on 01/07/2004

    Platform: Windows XP SP1 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Archivos de programa\Archivos comunes\Symantec Shared\ccEvtMgr.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE

    C:\Archivos de programa\Norton SystemWorks\Norton AntiVirus\navapsvc.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\System32\hkcmd.exe

    C:\Archivos de programa\Intel\Modem Event Monitor\IntelMEM.exe

    C:\WINDOWS\system32\dla\tfswctrl.exe

    C:\WINDOWS\System32\DSentry.exe

    C:\Archivos de programa\Messenger Plus! 3\MsgPlus.exe

    C:\Archivos de programa\Winamp\winampa.exe

    C:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe

    C:\WINDOWS\System32\ctfmon.exe

    C:\Archivos de programa\Webroot\Spy Sweeper\SpySweeper.exe

    C:\Archivos de programa\WinZip\WZQKPICK.EXE

    C:\Archivos de programa\Microsoft Encarta\Biblioteca de Consulta Encarta 2004\EDICT.EXE

    C:\Archivos de programa\MSN Messenger\msnmsgr.exe

    C:\Archivos de programa\eMule\eMule.exe

    C:\Archivos de programa\Internet Explorer\iexplore.exe

    C:\Documents and Settings\CARLOS ALBERTO\Mis documentos\hijackthis\HijackThis.exe

    C:\Archivos de programa\Internet Explorer\iexplore.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\CARLOS~2\CONFIG~1\Temp\sp.html

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\CARLOS~2\CONFIG~1\Temp\sp.html

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.datafull.com

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com/

    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\CARLOS~2\CONFIG~1\Temp\sp.html

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.datafull.com

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\CARLOS~2\CONFIG~1\Temp\sp.html

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\CARLOS~2\CONFIG~1\Temp\sp.html

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com/

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/es/srchasst/srchcust.htm

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\CARLOS~2\CONFIG~1\Temp\sp.html

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.bigfishgames.com/downloads/gutterball/plus.html

    O2 - BHO: NavErrRedir Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)

    O2 - BHO: PK IE Plugin - {1E1B2879-88FF-11D3-8D96-D7ACAC95951A} - (no file)

    O2 - BHO: (no name) - {2843DAC1-05EF-11D2-95BA-0060083493D6} - C:\Archivos de programa\Dragon Systems\NaturallySpeaking\Program\web_ie.dll

    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll

    O2 - BHO: (no name) - {59C9F027-94E5-445E-8C38-3EC94979F7CC} - C:\WINDOWS\System32\gbbj.dll

    O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Archivos de programa\Norton SystemWorks\Norton AntiVirus\NavShExt.dll

    O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Archivos de programa\Copernic Agent\CopernicAgentExt.dll

    O3 - Toolbar: Barra de Herramientas MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Archivos de programa\MSN Toolbar\01.01.1629.0\es\msntb.dll

    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM32\msdxm.ocx

    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Archivos de programa\Norton SystemWorks\Norton AntiVirus\NavShExt.dll

    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe

    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

    O4 - HKLM\..\Run: [IntelMeM] C:\Archivos de programa\Intel\Modem Event Monitor\IntelMEM.exe

    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

    O4 - HKLM\..\Run: [StorageGuard] "C:\Archivos de programa\Archivos comunes\Sonic\Update Manager\sgtray.exe" /r

    O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe

    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Archivos de programa\Messenger Plus! 3\MsgPlus.exe"

    O4 - HKLM\..\Run: [WinampAgent] C:\Archivos de programa\Winamp\winampa.exe

    O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Archivos de programa\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain

    O4 - HKLM\..\Run: [ccApp] C:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe

    O4 - HKLM\..\Run: [ccRegVfy] C:\Archivos de programa\Archivos comunes\Symantec Shared\ccRegVfy.exe

    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

    O4 - HKCU\..\Run: [SpySweeper] C:\Archivos de programa\Webroot\Spy Sweeper\SpySweeper.exe /0

    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Archivos de programa\Messenger Plus! 3\MsgPlus.exe" /WinStart

    O4 - HKCU\..\Run: [MSMSGS] "C:\Archivos de programa\Messenger\msmsgs.exe" /background

    O4 - HKCU\..\Run: [msnmsgr] "C:\Archivos de programa\MSN Messenger\msnmsgr.exe" /background

    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Archivos de programa\WinZip\WZQKPICK.EXE

    O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

    O8 - Extra context menu item: Realizar la búsqueda utilizando Copernic Agent - C:\Archivos de programa\Copernic Agent\Web\SearchExt.htm

    O9 - Extra 'Tools' menuitem: Consola de Sun Java (HKLM)

    O9 - Extra 'Tools' menuitem: Ejecutar Copernic Agent (HKLM)

    O9 - Extra button: Copernic Agent (HKLM)

    O9 - Extra button: Referencia (HKLM)

    O9 - Extra button: Investigador (HKLM)

    O9 - Extra button: Descargas (HKLM)

    O9 - Extra button: Messenger (HKLM)

    O9 - Extra 'Tools' menuitem: Messenger (HKLM)

    O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} (WTHoster Class) - http://install.wildtangent.com/bgn/partners/nike/nikefz4/install.cab

    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

    Again i really hope you could help me. Thanks for your attention.
     
    KBTO, Jul 1, 2004
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    First download and install the current HijaakThis (Version 1.98): http://www.majorgeeks.com/download3155.html but do not run it yet

    Next make sure you have todays update of Ad-aware's reference list to 01R326 01.07.2004.
    Then download and install the VX2 Cleaner Plug-In for Ad-Aware. 1.0. Get it here: http://www.majorgeeks.com/download4283.html

    Then shut down (not minimize) all applications and run the VX2 plugin (click on Plug-in, select it, and then click run plugin). After that run a FULL scan with Ad-aware. Here is how to set that up: http://www.lavahelp.com/howto/fullscan/index.html

    If that does not fix the problem, repeat the same after booting in safe mode: http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406?OpenDocument&src=sec_doc_nam

    After that reboot normal and make sure ALL applications are closed (you should have read this: http://www.majorgeeks.com/vb/showthread.php?t=35407 before posting).
    Then post a HijaakThis log from version 1.98. Please cut & space properly. Your log should not be double spaced. It makes it harder to read.
     
    chaslang, Jul 1, 2004
    #2

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds