Solved: MY BROWSER HAS BEEN HIJACKED(about blank)

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

kjscpc1

Thread Starter
Joined
May 27, 2004
Messages
41
My browser has been hijacked, It keeps changing itself to "about blank". I can completely clear my hijack this log and it imediatly reinstalls itself. Spy-bot doesn't touch it nor does ad-aware I also tried cw schredder.
 
Joined
Jul 26, 2002
Messages
46,349
Please do this:

First create a permanent folder somewhere like in My Documents and name it Hijack This.

Now Click here to download Hijack This. Download it and click "Save". Save it to the Hijack This folder you just created.

Click on Hijackthis.exe to launch the program. Click on the Do a system scan and save a logfile button. It will scan and then ask you to save the log. Click "Save" to save the log file and then the log will open in notepad.

Click on "Edit > Select All" then click on "Edit > Copy" then Paste the log back here in a reply.

DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
 

kjscpc1

Thread Starter
Joined
May 27, 2004
Messages
41
Logfile of HijackThis v1.99.0
Scan saved at 7:10:55 AM, on 2/1/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\Explorer.EXE
C:\Artios\ArtiosCAD5.20en\Program\artioscad.exe
C:\Documents and Settings\jdullum\My Documents\HIJACK\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\jdullum\LOCALS~1\Temp\sp.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\jdullum\LOCALS~1\Temp\sp.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {6D351F24-8913-47C3-B1D6-4AB5ACC2811C} - C:\WINNT\system32\ekpp.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O18 - Filter: text/html - {EA3BAE41-9EEA-4BB8-A161-F814AE78EA2F} - C:\WINNT\system32\ekpp.dll
O18 - Filter: text/plain - {EA3BAE41-9EEA-4BB8-A161-F814AE78EA2F} - C:\WINNT\system32\ekpp.dll
O23 - Service: Logical Disk Manager Administrative Service - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: WinTools for IE service - Unknown - C:\Program Files\Common files\WinTools\WToolsS.exe (file missing)
 
Joined
Aug 5, 2004
Messages
1,137
It doesn't look like you posted the full log. You only have 3 running processes?

I would run HijackThis again and post it back on this thread. (y)
 
Joined
Jul 26, 2002
Messages
46,349
Go here and download Adaware SE. Install the program then in the main window look in the bottom right corner and click on Check for updates now then click Connect and download the latest reference files. but don't run it.

Also click here to download CWSinstall.exe. CWSinstall.exe file and it will install CWShredder, but don't run it yet either.

Set your folder options to show hidden files like so:

Click on My Computer then click Tools > Folder Options. In Folder options click on the View tab. Under Files and Folders tick "Show hidden files and folders" then uncheck "Hide file extensions for known file types" and uncheck "Hide protected operating system files (recommended)". Now click "Like current folder" then "Apply" and "OK"


Now copy these instructions to notepad and save them to a convenient location like your desktop. You will need them to refer to in safe mode.

Restart into Safe mode.

How to start your computer in safe mode

Do all of the following in safe mode:


Run Hijack This and put a check by all of the following entries then click the "Fix Checked" button.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\jdullum\LOCALS~1\Temp\sp.dll/sp.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\jdullum\LOCALS~1\Temp\sp.dll/sp.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

O2 - BHO: (no name) - {6D351F24-8913-47C3-B1D6-4AB5ACC2811C} - C:\WINNT\system32\ekpp.dll

O18 - Filter: text/html - {EA3BAE41-9EEA-4BB8-A161-F814AE78EA2F} - C:\WINNT\system32\ekpp.dll

O18 - Filter: text/plain - {EA3BAE41-9EEA-4BB8-A161-F814AE78EA2F} - C:\WINNT\system32\ekpp.dll

O23 - Service: WinTools for IE service - Unknown - C:\Program Files\Common files\WinTools\WToolsS.exe (file missing)[/b]

Find and delete this file:

C:\WINNT\system32\ekpp.dll

Also in safe mode navigate to the C:\WINNT\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

Go to Start > Run and type %temp% in the Run box. The Temp folder will open. Click Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

Finally go to Control Panel > Internet Options. On the General tab under "Temporary Internet Files" Click "Delete Files". Put a check by "Delete Offline Content" and click OK. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK.


Empty the Recycle Bin


Run CWShredder Click on the cwshredder.exe then click "Fix" (Not "Scan only") and let it do it's thing.

Next run Adaware according to these insrructions:

From main window :Click Start then under Select a scan Mode tick Perform full system scan.

Next deselect Search for negligible risk entries.

Now to scan just click the Next button.

When the scan is finished mark everything for removal and get rid of it.(Right-click the window and choose select all from the drop down menu and click Next)

Restart your computer.
 

kjscpc1

Thread Starter
Joined
May 27, 2004
Messages
41
I did everything you said. It seemed to clear it up. I found out the computer didnt have any antivirous on it so I installed AVG. It picked up 18 trojan hoarse installers. It got rid of 17 ot them but wont get rid of, c:\winnt\system32\sql.dll. I have done everything I can but cant find that file on the computer to delete. Do you have any sugestions.
 
Joined
Feb 19, 2003
Messages
8,812
Hit start/run, type "cmd"
Type cd \windows\system32 and press Enter

Type the following line to remove the read-only characteristic
ATTRIB -R -h sql.dll
and press Enter
Then type
Rename sql.dll badfile.dll
and press Enter

Then reboot, and search for badfile.dll and delete. If you still can't find it, then apparently one of the tools must'ave removed it.
 

kjscpc1

Thread Starter
Joined
May 27, 2004
Messages
41
I fixed it with hijack this. Then searched for it. This time it showed up and I was able to delete it. Ill check the computer tomorrow and see if it shows up again.
Thanks
 

kjscpc1

Thread Starter
Joined
May 27, 2004
Messages
41
Seems to be done. You can close this thread.
Once again thank you very much.
 
Joined
Jul 26, 2002
Messages
46,349
Glad we were able to help! :)

I'm closing this thread. If you need it reopened please PM me or one of the other mods.

Anyone else with a similar problem please start a "New Thread".
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top