Google Answers: SpyWare, Hijackers, and Parasite remover from PC

View Question

Q: SpyWare, Hijackers, and Parasite remover from PC ( No Answer, 5 Comments )

Question

Subject: SpyWare, Hijackers, and Parasite remover from PC
Category: Computers
Asked by: lutra-ga
List Price: $50.00

Posted: 17 Apr 2004 15:55 PDT
Expires: 17 May 2004 15:55 PDT
Question ID: 331872

I need a fail proof method of ridding my computer of the "about:blank" parasite. Nothing has worked so far.
Request for Question Clarification by livioflores-ga on 17 Apr 2004 17:30 PDT Hi!! Please use HijackThis software and post a log, with that info I could say you what to do to remove the parasite: http://www.spychecker.com/program/hijackthis.html You can find HijackThis tutorials in the following pages: "HijackThis Quick Start": http://tomcoyote.com/hjt/ "Hijack This Tutorial": http://hjt.wizardsofwebsites.com/ I will wait your feedback.
Request for Question Clarification by pinkfreud-ga on 17 Apr 2004 17:40 PDT I suggest downloading and using ToolbarCop: http://www.mvps.org/sramesh2k/toolbarcop.htm Please keep us posted.
Request for Question Clarification by hummer-ga on 17 Apr 2004 19:23 PDT Hi lutra, I suggest using CWShredder if you haven't yet (update before using): http://www.spychecker.com/program/coolwebshredder.html Variant 33: CWS.Winres - About:blank hacked: Variant 34: CWS.Xmlmimefilter - About:blank hacked v2.0 Variant 35: CWS.Aboutblank - It's just a fad Variant 38: CWS.Searchx - About:blank seems popular lately http://www.spywareinfo.com/~merijn/cwschronicles.html Good luck! hummer
Clarification of Question by lutra-ga on 18 Apr 2004 16:13 PDT Normally I open with explorer to my Google homepage. My homepage has been taken over by URL "about:blank", which opens with a large "Web Site Directory". This seems to be a search page linked to "C:\searchpage.html." I delete all cookies/files/and clear history and have deleted the "searchpage.html" the URL many times, but it always comes back. Also attempted downloading several freeware spyware killers including the links sent to me by the Google researchers trying to answer my question, but all are blocked immediately and will not download, but are replaced with the web directory "searchpage.html". It's as if the "about:blank" is purposely not allowing access to any freeware URL's which could eliminate it (the "about:blank" URL). Also in my internet options, the home page option are all directed to the searchpage.html web directory and refuses to be changed. I appreciate your help.
Request for Question Clarification by scriptor-ga on 18 Apr 2004 16:29 PDT Dear lutra, I have found instructions that have successfully eliminated a problem identical to yours. Please follow the link below, read the instructions carefully and follow them. Please let me know if it worked for you: http://groups.google.de/groups?hl=de&lr=&ie=UTF-8&oe=UTF-8&newwindow=1&selm=utJyXcBJEHA.2452%40TK2MSFTNGP09.phx.gbl Jim Byrd: "Re: PLEASE HELP!!!!! Cannot get address line to accept addresses" Online posting (17 April 2004), <microsoft.public.windows.inetexplorer.ie6.browser> via Google Groups. Regards, Scriptor
Request for Question Clarification by hummer-ga on 18 Apr 2004 18:41 PDT Hi again, lutra, Fingers crossed, I may have found something. First, I still think you should run CWShredder if possible. Try typing the whole URL in the address bar - don't just click on the link and don't leave out the http:// -> type the entire address. If that works for you, download it, reboot to safe mode and run CWShredder (click "Fix"). Let it clean what it finds, reboot and run it again. http://www.spychecker.com/program/coolwebshredder.html Next, run Adaware, again, type in the entire URL: Adaware: http://www.spychecker.com/program/adaware.html >>>>>>>>>>>>>>>>>> Whether you were able to get that to work or not, use one of the following virus scans (do not use Norton or McAfee). HouseCall (very thorough online virus scan): http://housecall.trendmicro.com/ Or if you prefer, download AVG (update before using): http://www.grisoft.com/us/us_index.php Run whichever one you used several times, until it comes back clean. If you weren't able to download CWShredder before, try it again now. >>>>>>>>>>>>>>>> Here is the forum where I found this - there are a few more suggestions you could follow through on, depending on how you make out with the above. Subject: c:\searchpage.html virus http://www.computing.net/security/wwwboard/forum/11182.html Please let us know how you are progressing, hummer
Request for Question Clarification by livioflores-ga on 18 Apr 2004 21:29 PDT Note that you can download HijackThis from a cyber and run it from a diskette!! Try to do all this work in the Safe Mode. (Restart your PC and press F8 while it is booting). Good luck!!

Answer

There is no answer at this time.

Comments

Subject: Re: SpyWare, Hijackers, and Parasite remover from PC
From: bidhata-ga on 19 Apr 2004 13:32 PDT

Use Ad-aware

http://www.lavasoftusa.com/software/adaware/

Simple , Free and Award Wining method to get rid of those Ad Wares.

Subject: Re: SpyWare, Hijackers, and Parasite remover from PC
From: mlbstud-ga on 19 Apr 2004 17:09 PDT

I would recommend Ad-Aware as well because it relieves your computer
of unwanted data miners that are always making their way into your
systems registry.

Regards

Subject: Accessing merijn.org from an infected computer...
From: theswallowtail-ga on 30 Apr 2004 17:12 PDT

Merign.org has a notice at the tope of its index page telling users to
use the link http://209.133.47.200/~merijn/index.html if they are
unable to get in using http://www.merijn.org/ (feel free to verify
this).

Seems that several CWS variants are "aware" of the site and do
everything they can to block access to it from an infected machine.
Anyone know why interpol hasn't closed these clowns down yet?

Subject: Re: SpyWare, Hijackers, and Parasite remover from PC
From: observer-ga on 02 May 2004 17:25 PDT

Hi.

Hoppoing that you have a firewall, adware/spyware mining program and
are running Internet explorer.

1. Check the settings of the firewall and block suspicious programs.
2. Reboot the computer.
3. Run your adware removing program - delete the culprits.
4. Right click on the Internet Explorer Icon for properties.
5. Reset the homepage to default, delete cookies, delete Temporary Internet Files.
6. Close your eyes and statt the Internet Explorer.

If this does not help, delete all files in the 'temp' derectory and
repeat the process.

Subject: Re: SpyWare, Hijackers, and Parasite remover from PC
From: dcobian-ga on 03 May 2004 09:06 PDT

Hey Everyone!

I've researched several forums, nothing seemed to work, after a few
days I will get the virus again.
Finally I found the proper way to get rid of this virus.
The key is to find the hidden DLL, since there are two, one will be
modifying your internet explorer pages and resetting them to about:
blank, the other is hidden and loaded at all times, first you need
this program:

http://www.resplendence.com/download/reglite.exe

Open reglite and paste this value in the address bar:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Windows\\AppInit_DLLs

Then double click:
AppInit_DLLs 

You should be able to see a file with this address:

C:\Windows\System32\"Hidden".dll

Clean your system with all the previous anti-virus programs.
 
Then in to the windows console (Windows set up option) go to
C:\Windows\System32, there modify the file by using the Attrib
command, otherwise you won't be able to erase it, another way you
could, is to change the name of the file.
Reboot your system and open reglite again, go back to the same key:
AppInit_DLLs, 
Now delete the value.

That should do the trick

Important Disclaimer: Answers and comments provided on Google Answers are general information, and are not intended to substitute for informed professional medical, psychiatric, psychological, tax, legal, investment, accounting, or other professional advice. Google does not endorse, and expressly disclaims liability for any product, manufacturer, distributor, service or service provider mentioned or any opinion expressed in answers or comments. Please read carefully the Google Answers Terms of Service.

If you feel that you have found inappropriate content, please let us know by emailing us at answers-support@google.com with the question ID listed above. Thank you.

Search Google Answers for

Google Home - Answers FAQ - Terms of Service - Privacy Policy