1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Hijacked by About Blank

Discussion in 'Virus & Other Malware Removal' started by john776, Apr 22, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. john776

    john776 Thread Starter

    Joined:
    Apr 15, 2004
    Messages:
    7
    O.K. I can not get rid of this. I have talked with numberous people and it will not go away. Is it possible to just clear off my computer of everthing and start over reinstalling? I'm not sure if even this will clear it up, but it is hiding. Does anyone have a fix or can you help me dump all my stuff and reload?

    Thanks
     
  2. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    John, you have posted Scanlogs a couple of times, neither of them properly. Include the whole log showing version number, Windows version, Browser Version and time of scan.

    http://forums.techguy.org/showthread.php?t=222809

    Get a current download of HijackThis from the site below.

    http://www.spywareinfo.com/~merijn/downloads.html

    Also get the Coolwebshredder, CWShredder.exe and run that and have it fix any problems it finds, then reboot and post a new Scanlog.

    By the way, since you apparently have WinXP and this is the only rogue dll in the Scanlog:

    C:\WINDOWS\System32\jolin.dll

    Try this: Press f8 promptly on startup,

    From the startup menu choose SafeMode Command Prompt. This does not load Explorer (into which some of these dlls are hooked).

    >>> At the command prompt enter:

    del C:\WINDOWS\System32\jolin.dll

    let me know if you get an error message, such as "not found".

    Then reboot and check and fix the Scanlog entries and see if they remain fixed.

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    O2 - BHO: (no name) - {5818B24C-DB0D-43B9-A699-A7FE6AC1A7E8} - C:\WINDOWS\System32\jolin.dll

    There is also a long discussion of the problem on this forum which may be of some help:

    http://www.computercops.biz/postx24263-0-30.html

    And I would recommend you install the latest Security patches from Microsoft.

    http://forums.techguy.org/t195532.html
     
  3. john776

    john776 Thread Starter

    Joined:
    Apr 15, 2004
    Messages:
    7
    Thanks for your help. I was leaving out the very top of my HJK log, didn't think it was needed. Here is my latest after running CWShredder and I removed the about:Blank but didn't have the BHO no name. I also did push f8 on restart, nothing happened? Here is my latest log.

    Logfile of HijackThis v1.97.7
    Scan saved at 9:29:27 PM, on 4/22/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\HPConfig.exe
    C:\Program Files\Microsoft SQL Server\MSSQL$PROPHETSQL\Binn\sqlservr.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\RadioSvr.exe
    C:\WINDOWS\System32\svchost.exe
    C:\windows\system\hpsysdrv.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Owner\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = google.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = google.com
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    O4 - HKCU\..\Run: [PopUpStopperFreeEdition] C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
    O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
    O9 - Extra button: Research (HKLM)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com/info/e-center-p
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - http://www.jeld-wen.com/CFIDE/classes/CFJava.cab
    O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37999.6018634259
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
     
  4. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    Well I don't see the jolin.dll there any more. Did CoolWebShredder find anything?

    Getting the startup menu is a timing thing, usually you will briefly see that screen that prompts you to choose the Windows you want to boot to. If there are no options such as the Recovery Console it passes in a couple of seconds. I'd suggest under the boot.ini tab you increase the "timeout" value which should give you a longer time to press f8 on boot up

    You can also enable Safe Mode by running msconfig and selecting /safe boot from the boot.ini tab. There is also the /nogui option but I'm not sure how you deselect that prior to rebooting. I'll have to check that out. I know you can re-run msconfig in Safe Mode, but I'm not sure about Safe Mode Command Prompt.

    Right now your Scanlog looks normal; but the problem seems to return in the morning for some, so keep us updated.

    In the meantime you might navigate to C:\windows\system32 and do an Advanced search. Select the "modified" search and see what DLLS have been modified within the date range that you have experienced this problem.
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/223030

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice