If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
About Blank or HOMEOldSP Trojan
I have this trojan that continually turns my home page to
about blank which points to a garbage search page. I also get pop-ups telling me my computer has spyware and I need to download softwre to fix it. (This is referred to as extortion where I come from). This installs application or application extension fills that keep reinstalling themselves after you run popular spyware programs. The fix associated with this tells you to gor into the registry. However, In my computer, some of these folders don't exist. I am thinking that it is becasue I run ME and it is configured somewhat different. Has anyone had this problem and how did you fix it running ME? |
#3
|
|||
|
|||
About Blank or HOMEOldSP Trojan
Mike,
Thanks for the suggestion, but I've already run all that you suggest and a few more to boot, including spysweeper and hijack this. I've used killbox too. What this thing does is put an app extention (.dll) file into your Windows\System\ file that continually reinserts itself. Manual registry clean ups are done, only to see it all come back. I have seen fixes for XP users, but I don't have the same registry paths on my ME. Tha tis why I came here, to see if ME users could help with an exact fix. This is particularly nasty, and unless the extensions (I beleive there are two) are not cleaned out, it just keeps coming back. Thanks for your suggestions, I appreciate your offer of help. -----Original Message----- You've been hijacked, quite possibly by a variant of the CoolWebSearch parasite. Probably by the CWS.Aboutblank variant (http://www.spywareinfo.com/~merijn/c...cles.html#abou tblank) Download and run CWShredder (http://www.zerosrealm.com/downloads/CWShredder.zip or http://www.spywareinfo.com/~merijn/files/cwshredder.zip) which is the best way of getting rid of the many forms of the CoolWebSearch hijacker details of which can be found at http://www.spywareinfo.com/~merijn/cwschronicles.html and also http://www.pestpatrol.com/pestinfo/c/cws.asp.. This would be a good time to download yourself a copy of the free Ad-Aware 6.0 from Lavasoft (http://www.lavasoftusa.com/software/adaware/) and also SpyBot Search & Destroy (http://www.safer-networking.org/) and use them to check your system for other commercial parasites remembering that they are only as good as when you last updated their reference files. I also use a program called BHODemon (http://www.definitivesolutions.com/bhodemon.htm that checks for unwanted Browser Help Objects and SpywareBlaster (http://www.wilderssecurity.net/spywareblaster.html) which can help prevent many parasites getting a grip on your PC. -- Mike Maltby MS-MVP MomboMan wrote: I have this trojan that continually turns my home page to about blank which points to a garbage search page. I also get pop-ups telling me my computer has spyware and I need to download softwre to fix it. (This is referred to as extortion where I come from). This installs application or application extension fills that keep reinstalling themselves after you run popular spyware programs. The fix associated with this tells you to gor into the registry. However, In my computer, some of these folders don't exist. I am thinking that it is becasue I run ME and it is configured somewhat different. Has anyone had this problem and how did you fix it running ME? . |
#4
|
|||
|
|||
About Blank or HOMEOldSP Trojan
What registry paths don't you have? I think you'll find the same keys are
going to be used regardless of the OS so if yours are different then this would suggest you might have a different strain of the parasite. Incidentally it would probably have helped and saved me and perhaps others from wasting their time if you had included all relevant details in your original post such as the fix that doesn't work and the anti spyware tools you have already tried (you said you had run popular spyware programs which could have meant Gator, Kazaa, etc. for all I knew rather than programs to help detect and remove spyware g). Unfortunately there are a number of recent parasites that morph in the way you are seeing including not only CWS but also another called Safeguard. -- Mike Maltby MS-MVP MomboMan wrote: Mike, Thanks for the suggestion, but I've already run all that you suggest and a few more to boot, including spysweeper and hijack this. I've used killbox too. What this thing does is put an app extention (.dll) file into your Windows\System\ file that continually reinserts itself. Manual registry clean ups are done, only to see it all come back. I have seen fixes for XP users, but I don't have the same registry paths on my ME. Tha tis why I came here, to see if ME users could help with an exact fix. This is particularly nasty, and unless the extensions (I beleive there are two) are not cleaned out, it just keeps coming back. Thanks for your suggestions, I appreciate your offer of help. |
#5
|
|||
|
|||
About Blank or HOMEOldSP Trojan
HKLM\Software\Microsoft\Windows\CurrentVersion\Win dows\AppI
nt_DLLs. As I open my registry I am fine up to CurrentVersion. After that, There is not a Windows folder. THere are three others. I also run find in the registry and cannot find AppInt. As I see the fix published on other help sites, the victim's HighJack This log usually indicate that they are running XP. THat's why i'm here... I figured that the registry is slightly different in ME and the trojan is somewhere else. THe trick is where. -----Original Message----- What registry paths don't you have? I think you'll find the same keys are going to be used regardless of the OS so if yours are different then this would suggest you might have a different strain of the parasite. Incidentally it would probably have helped and saved me and perhaps others from wasting their time if you had included all relevant details in your original post such as the fix that doesn't work and the anti spyware tools you have already tried (you said you had run popular spyware programs which could have meant Gator, Kazaa, etc. for all I knew rather than programs to help detect and remove spyware g). Unfortunately there are a number of recent parasites that morph in the way you are seeing including not only CWS but also another called Safeguard. -- Mike Maltby MS-MVP MomboMan wrote: Mike, Thanks for the suggestion, but I've already run all that you suggest and a few more to boot, including spysweeper and hijack this. I've used killbox too. What this thing does is put an app extention (.dll) file into your Windows\System\ file that continually reinserts itself. Manual registry clean ups are done, only to see it all come back. I have seen fixes for XP users, but I don't have the same registry paths on my ME. Tha tis why I came here, to see if ME users could help with an exact fix. This is particularly nasty, and unless the extensions (I beleive there are two) are not cleaned out, it just keeps coming back. Thanks for your suggestions, I appreciate your offer of help. . |
#6
|
|||
|
|||
About Blank or HOMEOldSP Trojan
Since you appear unwilling to provide the information requested such as a link
to the fix that doesn't work I feel I have now leave this thread to others to respond. Incidentally XP has no key HKLM\Software\Microsoft\Windows\CurrentVersion\Win dows\AppInt_DLLs nor does it have HKLM\Software\Microsoft\Windows\CurrentVersion\Win dows It does however have the key HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows which contains the value AppInit_DLLs and yes, you are correct, such a key is not part of the Win Me registry. Why not post your HijackThis logs to the HijackThis forum where you will get the help you require? With so little information provided in this thread I doubt that anyone here is going to be able to help you. Regards, -- Mike Maltby MS-MVP MomboMan wrote: HKLM\Software\Microsoft\Windows\CurrentVersion\Win dows\AppI nt_DLLs. As I open my registry I am fine up to CurrentVersion. After that, There is not a Windows folder. THere are three others. I also run find in the registry and cannot find AppInt. As I see the fix published on other help sites, the victim's HighJack This log usually indicate that they are running XP. THat's why i'm here... I figured that the registry is slightly different in ME and the trojan is somewhere else. THe trick is where. |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
No Info in Cofig.sys or Autoexec. | Ralph Jaggi | General | 84 | July 19th 04 09:44 PM |
Trojan Horse Viruses | Wendy | General | 33 | July 12th 04 08:15 PM |
Internet Options, About Blank and MSN. | Ben B | Setup & Installation | 20 | July 10th 04 11:38 PM |
Blank Web Page | jt3 | General | 5 | July 1st 04 11:48 PM |
Trojan Horse leading to "Explorer caused problem in GDI.EXE" | Templeton Peck | General | 10 | June 22nd 04 01:29 PM |