MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
HOME FORUMS RESOURCES & TOOLS ARTICLES ONLINE STORE ABOUT US
Computer Support Forums arrow Internet & Network Support arrow Security & Viruses arrow Topic: Another "About:blank"... [for benditup maybe?]
July 18, 2019, 11:58:13 AM
 

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
July 18, 2019, 11:58:13 AM

Login with username, password and session length
 
News
New  Looking for cheap hardware and/or software?
Visit our new Online Store where you will be able to purchase from a reputable vendor by country.
  0 Members and 1 Guest are viewing this topic.
Pages: [1] 2  All Go Down Print
Author Topic: Another "About:blank"... [for benditup maybe?]  (Read 2687 times)
Avant√?¬©ix
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 9


Bookmark and Share

View Profile
« on: August 28, 2004, 06:49:06 PM »

i guess this is a cry for help to benditup...

so i guess this is the typical situation where everytime i start EI, it starts to load my home page, then displays "action cancelled", then "no page to be displayed", and then the website "http://ssearch.biz/?wmid=1010" comes up with "about:blank Trusted Start Page" as the window title...

i run almost every freeware spyware removal tools i could find ("Spyware Blaster", "Ad-Aware SE Personal" and others), and they did clean up quite a bit from my hard drive but that didn't do anything to the "about:blank", so i went searching further and came across this topic here: "About blank hijack"...

so i've done the first 2 steps benditup suggested, downloading "FINDnFix" and running "!LOG!.BAT" (see log is below), but now i'm not too sure what to do next...  should i continue on following benditup's instructions...

---

 
Sat 28 Aug 04  11:28:52
 
 
Logged

 
benditup
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 2105


Bookmark and Share

View Profile
« Reply #1 on: August 28, 2004, 07:09:36 PM »

Delete the FindnFix files and Folder, it will do you no good in your case
This Ssearch can be a little difficult to get rid of

Would you please download Hijackthis---Important---Create a permanent folder hijackthis
EG---- Open MyDocuments----Right click an empty spot and select NEW---Folder----Name the new folder HJT
OR create a folder as C:\HJT---this is where you will want to save Hijackthis too, also, backups will be stored there.
download from
HERE or HERE


Do a SCAN----Scan will change to SAVE LOG----copy and paste the WHOLE contents of the log
here... Don't try and fix anything yet----It is all important
Logged

 
Avant√?¬©ix
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 9


Bookmark and Share

View Profile
« Reply #2 on: August 28, 2004, 07:27:13 PM »

thanks for helping out benditup...

here's the log...

but i've got to be honest here... i had already downloaded HijackThis and run the scan, and then deleted all the IE entries... i put the back-up list at the end...

Logfile of HijackThis v1.97.7
Scan saved at 12:16:08, on 28/Aug/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\TEMP\dtffgbk.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\devldr32.exe
C:\PROGRA~1\NETSCAPE\NETSCAPE\NETSCP.EXE
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\HijackThis\HijackThis.exe

N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.audiworld.com/forum/a4gen2.html"); (C:\Documents and Settings\St
Logged

 
benditup
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 2105


Bookmark and Share

View Profile
« Reply #3 on: August 28, 2004, 07:29:55 PM »

Can you download the newest version of Hijackthis from the link I supplied, save it to a permanent folder
Post a log from hijackthis 1.98.2
Logged

 
Avant√?¬©ix
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 9


Bookmark and Share

View Profile
« Reply #4 on: August 28, 2004, 07:40:45 PM »

should i delete the current one as well as the backups? or should i keep them and save that newest version in a different folder?
Logged

 
Avant√?¬©ix
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 9


Bookmark and Share

View Profile
« Reply #5 on: August 28, 2004, 07:42:46 PM »

here's the log running 1.98.2

Logfile of HijackThis v1.98.2
Scan saved at 12:42:30, on 28/Aug/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\TEMP\dtffgbk.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\devldr32.exe
C:\PROGRA~1\NETSCAPE\NETSCAPE\NETSCP.EXE
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.audiworld.com/forum/a4gen2.html"); (C:\Documents and Settings\St
Logged

 
benditup
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 2105


Bookmark and Share

View Profile
« Reply #6 on: August 28, 2004, 07:43:22 PM »

Nothing in your backups that's important
But do it this way, save hijackthis to that same folder you have 1.97.7 in
It will overwrite it and then post a log
I have to leave for a couple hours, I'll check back later
Logged

 
Avant√?¬©ix
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 9


Bookmark and Share

View Profile
« Reply #7 on: August 28, 2004, 07:44:57 PM »

sounds good...

log posted above... whenever you get a chance to look at it, that would be great!
« Last Edit: August 28, 2004, 07:45:52 PM by Avant » Logged

 
Avant√?¬©ix
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 9


Bookmark and Share

View Profile
« Reply #8 on: August 29, 2004, 02:54:55 AM »

just as an FIY... i managed to installed McFee VirusScan on my desktop.  i've got on my laptop and found a way to install it on the desktop... anyhow...

here's what i'm getting from the scan and i cannot get ride of it...

"The file C:\windows\system32\orux[^a.dll is infected by the StartPage-EH trojan and cannot be cleaned"

i've tried to delete the file via "Windows Explorer" but everytime i tried i got an error window indicating that "it [the file] is being used by another person or program"
Logged

 
Avant√?¬©ix
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 9


Bookmark and Share

View Profile
« Reply #9 on: August 29, 2004, 03:02:35 AM »

here's the description of the trojan on McFee website: StartPage-EH

obviously that's the one that causes all my troubles... now how do i go about getting ride of it?
Logged

 
benditup
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 2105


Bookmark and Share

View Profile
« Reply #10 on: August 29, 2004, 03:02:49 AM »

Set Windows to Show Hidden Files and Folders

RESTART your Computer in SAFE MODE

Do a Search for this file and delete it
wuamgrd.exe
When Searching click More Advanced Options
Ensure that Search in Hidden Files and Folders is checked

Navigate to your Temp folder
C:\WINDOWS\TEMP
Delete this file
C:\WINDOWS\TEMP\dtffgbk.exe <--this file or delete the whole contents
of the temp folder

In safe mode
Do another Scan with Hijackthis and put a check next to these entries
and then FIX CHECKED when ALL other windows are closed

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {62F5916C-D818-4E45-ADD3-A885A43CDBE3} - (no file)

O4 - HKLM\..\Run: [Microsoft Update] wuamgrd.exe
O4 - HKLM\..\Run: [Services] C:\WINDOWS\TEMP\dtffgbk.exe
O4 - HKLM\..\RunServices: [Microsoft Update] wuamgrd.exe

O18 - Protocol: start - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - mshtml.dll (file missing)

RESTART back in Normal mode
Don't open a browser yet, instead access Internet Options via Control
Panel
Under the Programs tab "Reset Web Settings"
Under the General tab---Delete files + offline content---Also Reset home page
Do a Disk Cleanup

I see your not running any Anti-Virus software
You should Install one. Here's a post to anothers thread that has a link too 2 good free ones----You only need ONE
http://www.mytechsupport.ca/index.php?option=com_smf&Itemid=42&topic=4817

With either one update it, RESTART your computer into safe mode
and do A full system scan

Post back with a fresh hijackthis log afterwards
Logged

 
benditup
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 2105


Bookmark and Share

View Profile
« Reply #11 on: August 29, 2004, 03:10:27 AM »

I was posting at the same time as you. I see you installed an Anti-Virus
Good move

Restart in safe mode, access your task manager
(Hold down the CTRL+SHIFT keys and tap the ESC key)
Ensure this process isn't running
dtffgbk.exe

As indicated by McAfee
Make sure your Anti-Virus software is right up to date
Disable system Restore


Restart your computer into safe mode
Find the files I asked above and delete them
Do a full virus scan in safe mode, delete what can't be fixed in safe mode
It may help to know how to take ownership of a file or folder, in case you have a hard time deleting it
Here's a link
http://support.microsoft.com/default.aspx?scid=kb;en-us;308421&sd=tech

Before restarting back in Normal mode, Run Hijackthis and fix those entries

How to disable system restore
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
« Last Edit: August 29, 2004, 03:27:51 AM by benditup » Logged

 
Avant√?¬©ix
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 9


Bookmark and Share

View Profile
« Reply #12 on: August 29, 2004, 04:23:47 PM »

success!

not sure if it was the "proper" way of doing it but it worked...

i did try what you suggested, found a few other viruses and trojans that i was able to either fix using MacAfee or delete, but i was still unable to get ride of that orux[^a.dll file.

everytime i tried i got that same message telling is was being used by another process, so i tried this:
while in safe mode w/ the Windows Task Manager opened, i went to the DOS-Command, and tried to delete the file from there, everytime i was  unsuccessful i ended another process, trying to end the ones that wouldn't shut down the PC first, well after closing a couple of the svchost.exe processes, instead of getting "file used by another process" i only got "access denied", but i also got a warning window indicating that the PC was about to shut down and i had a minute to save my work, so i kept on ending the svchost.exe processes, and finally was able to delete orux[^a.dll file.

so realistically, i'm not exactly sure how i got ride of it, but it's gone...

both my IE and my Windows Explorer applications are now free of grimlins...

thanks a lot for you help benditup!  very much appreciated!

« Last Edit: August 29, 2004, 06:30:21 PM by Avant » Logged

 
benditup
Hero Member
*****

Karma: +2/-0
Offline Offline

Gender: Male
Posts: 2105


Bookmark and Share

View Profile
« Reply #13 on: August 29, 2004, 05:33:29 PM »

Good Work Avanteix, you might want to post an updated hijackthis log
Make sure we didn't miss anything Smiley

Reboot your computer a couple times and browse for a bit before posting back.......

Remembered your system is formatted in fat32
Sometimes just restarting into safe mode and going into the properties
of a file and removing the check from "Read Only" attribute will help, but you seem to have nailed it
« Last Edit: August 29, 2004, 05:35:28 PM by benditup » Logged

 
Avant√?¬©ix
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 9


Bookmark and Share

View Profile
« Reply #14 on: August 29, 2004, 06:32:56 PM »

thanks again benditup!

here's the log i just ran:

Logfile of HijackThis v1.98.2
Scan saved at 11:31:52, on 29/Aug/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\PROGRA~1\NETSCAPE\NETSCAPE\NETSCP.EXE
C:\Program Files\HijackThis\HijackThis.exe

N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.audiworld.com/forum/a4gen2.html"); (C:\Documents and Settings\St
Logged

 
Pages: [1] 2  All Go Up Print 
 
Jump to:  

Powered by MySQL Powered by PHP

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS!

Disclaimer
This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
Back to Top
Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
Back to Top
Google visited last this page September 02, 2017, 08:19:26 AM