Author Topic: About Blank  (Read 11186 times)

0 Members and 1 Guest are viewing this topic.

rondlac

  • Guest
About Blank
« on: January 25, 2005, 01:40:58 AM »
Problem:  Home page address has been taken over.  Cannot always get to my home page on boot-up or going there from other web sites.  I would find myself on an search engine site with "about blank" in the address block.
Cannot find anyway to get rid of the problem without scrubbing the HDD.  Hopefully, someone knows of a less painful fix.

Thanks,
rondlac

inthewildteam

  • Guest
Re: About Blank
« Reply #1 on: January 25, 2005, 02:08:43 AM »
Welcome to the forum.

If you use the search feature you'll find many threads about this.  If you still have issues after trying the various fixes, post back.

Let us know how you get on.

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31080
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re: About Blank
« Reply #2 on: January 25, 2005, 07:38:43 AM »
Click on the link in my signature and follow the instructions in the malware removal section.

rondlac

  • Guest
Re: About Blank
« Reply #3 on: January 25, 2005, 10:58:36 PM »
I get nothing but a spinning globe and a black screen.  I don't know if it is "about blank" or the hyper link.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re: About Blank
« Reply #4 on: January 26, 2005, 01:56:26 AM »
I get nothing but a spinning globe and a black screen.  I don't know if it is "about blank" or the hyper link.

But did you follow Eddy's instructions?
Can you run SpyBot or Ad-aware?


Are you using Windows XP?
Can you schedule a boot-time scanning?
Start avast! > Right click the skin > Schedule a boot-time scanning
Select for scanning archives.
Boot.
The best things in life are free.

inthewildteam

  • Guest
Re: About Blank
« Reply #5 on: January 26, 2005, 02:37:33 AM »
rondlac,

if you are able, download and install Firefox browser.  using the "vanilla" install use it to browse to to Eddy's links and take your time to run all the suggested programmes.


Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re: About Blank
« Reply #6 on: January 26, 2005, 01:46:57 PM »
If it is truely the about:blank hijack then this gives useful information.

About:Blank Homepage Hijacker Removal Instructions and Help
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

rondlac

  • Guest
Re: About Blank
« Reply #7 on: January 27, 2005, 05:48:38 AM »
Technical,
It's tough for me to keep up with you guys.  I'll try every suggestion and to respond to every post.
1. Yes, I followed Eddy's instructions.  Did a scan with 'spybot s&d' and 'Hijackthis'.  'spybot s&d' gave me all tracking cookies and 'Hijackthis' gave me a list of items that included "=about:blank" in the address line also a .DLL (C:\WINDOWS\SYSTEM\ODMBIB.DLL) that, acouple of days ago, was identified by avast as the bearer of a virus in an alert which I put into quarantine immediately.  The first scan with 'Hijackthis' produced a long list.  I shortened it by removing the domains I recognized as friendlies and did another scan showing the questionables.
2. I am using Win Me.
3. I tried scheduling an avast scan on boot as you directed but the required selection on the avast pop-up was grayed out.  It would not work.
Is it possible for me to get a copy of the 'Hijackthis' scan to someone for interpretation?

rondlac

rondlac

  • Guest
Re: About Blank
« Reply #8 on: January 27, 2005, 06:14:53 AM »
inthewildteam,
1. Yes, I read as many of the 'about:blank' postings as I could handle.
2. Download and install FireFox browser...I guess so...'using the "vanilla install"'...don't know what that is.
3. After trying at least nine times I finally got Eddy's site to come on, but I would like to know what a "vanilla install" is.
4. I ran a couple of the programs listed on Eddy's site (see posting to Technical on this date).
5. The problem I had with Eddy's site is a common occurrence since I had been hit with that trojan, avast addressed it as "Win 32: Start Page-006 [TRJ]" and found it in C:\WINDOWS\SYSTEM\ODMBIB.DLL while I was surfing he internet.  All kinds of problems.
rondlac

rondlac

  • Guest
Re: About Blank
« Reply #9 on: January 27, 2005, 06:23:37 AM »
DavidR,
The hyperlinked site in your post talks to XP & 2000.  I've got Me and even if the recommended actions would work on Me I don't know how to use them.  For me if it ain't 'KISS' I'm 'LOST'.

rondlac

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re: About Blank
« Reply #10 on: January 27, 2005, 02:27:54 PM »
1. Vanilla install is basically using default settings that are built in to the installation routine, you don't have to change anything.

2. Whilst the information on the link may have been a bit over your head, but you will probably have noticed that some of it looks familiar, e.g. the part that looks like a hijackthis log file.

3. Hijackthis is probably the easiest interface for you, although it doesn't offer any help in getting rid of things, it gives lots of useful information that can be analysed both on-line and using Eddy's Hijackthis Log File Analyser. You could also post the contents of the hijackthis log file here for more help.

Eddy's Website click the "HiJackThis Section" and also the "Malware removal instructions and applications" section, and follow the directions there and get back to us if you need more help....

For an on-line scan of your Hijackthis log file try here http://hijackthis.de/index.php or use Eddy's hijackthis log file analyser.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

rondlac

  • Guest
Re: About Blank
« Reply #11 on: January 28, 2005, 01:12:16 AM »
Eddy,
I need help.  I screwed up.  I got button happy with HijackThis and selected what I thought were safe items in the on-line scan and put them into the 'don't scan until values change' department.  I have since found out all that I thought were safe items were not.  I uninstalled HijackThis and re-installed it only to find out all of the registry backups and 'don't scan until values change' lists must be deleted manually.  What I need is a guide to finding the items I need to manually delete so I can redownload HijackThis and do a clean up.

Thanks,
rondlac

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31080
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re: About Blank
« Reply #12 on: January 28, 2005, 01:54:56 AM »
Restore the items from the backup that HijackThis create and post a log here.

rondlac

  • Guest
Re: About Blank
« Reply #13 on: January 28, 2005, 06:08:27 AM »
Eddy,
Here is a copy of the log.

Logfile of HijackThis v1.99.0
Scan saved at 11:45:44 PM, on 01/27/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\VERIZON ONLINE\WINPOET\WINPPPOVERETHERNET.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\MYWEBSEARCH\BAR\1.BIN\MWSOEMON.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\UTILITY DOWNLOADS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://c:\windows\TEMP\sp.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=2c98&s=search&i=enu
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dslstart.verizon.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=2c98&s=search&i=enu
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=2c98&s=search&i=enu
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://keyword.netscape.com/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {3E50211F-4D05-49E4-AC6A-AC9D46FE8E0B} - C:\WINDOWS\SYSTEM\ODMBIB.DLL (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [a-winpoet-service] "C:\Program Files\Verizon Online\WinPoET\winpppoverethernet.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [MSConfigReminder] C:\WINDOWS\SYSTEM\msconfig.exe /reminder
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Global Startup: Verizon Online Dialer.lnk = C:\Program Files\Common Files\Verizon Online\ConnMgr\Verizon Online.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE (file missing)
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\NPQTPL~1.DLL
O12 - Plugin for .wav: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .au: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .bmp: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
O16 - DPF: {FE67C682-F5EA-11CF-9C2F-0000C0C83ADC} (Jamba Class Library) - http://www.americanracing.com/wheelmatch/Jambalib.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (YBIOCtrl Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/my/yiebio4_0_2_10.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab
O18 - Filter: text/html - {B64DF3FA-BBF8-4655-8EAE-865C954DC5AC} - C:\WINDOWS\SYSTEM\ODMBIB.DLL
O18 - Filter: text/plain - {B64DF3FA-BBF8-4655-8EAE-865C954DC5AC} - C:\WINDOWS\SYSTEM\ODMBIB.DLL


Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31080
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re: About Blank
« Reply #14 on: January 28, 2005, 01:35:28 PM »
This is the result of my HijackThis Log Analyzer:

--------------------------------------------------------------------------------
THESE ARE EITHER HARMFULL OR A SECURITY RISK
WE STRONGLY RECOMMEND TO FIX THEM :
--------------------------------------------------------------------------------
\program files\mywebsearch\bar\1.bin\mwsoemon.exe
r1 - hkcu\software\microsoft\internet explorer\main,search bar = res://c:\windows\temp\sp.dll/sp.html
r1 - hkcu\software\microsoft\internet explorer\search,searchassistant = about:blank
r0 - hklm\software\microsoft\internet explorer\search,searchassistant = about:blank
r1 - hkcu\software\microsoft\internet explorer\main,homeoldsp = about:blank
r1 - hklm\software\microsoft\internet explorer\main,homeoldsp = about:blank
o2 - bho: (no name) - {3e50211f-4d05-49e4-ac6a-ac9d46fe8e0b} - c:\windows\system\odmbib.dll (file missing)
o4 - hklm\..\run: [systemtray] systray.exe
o4 - startup: mywebsearch email plugin.lnk = c:\program files\mywebsearch\bar\1.bin\mwsoemon.exe
o9 - extra button: related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - c:\windows\web\related.htm
o9 - extra 'tools' menuitem: show &related links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - c:\windows\web\related.htm
o9 - extra button: (no name) - {cd67f990-d8e9-11d2-98fe-00c0f0318afe} - (no file)
o9 - extra button: aim - {ac9e2541-2814-11d5-bc6d-00b0d0a1de45} - c:\program files\aim95\aim.exe (file missing)
o16 - dpf: {fe67c682-f5ea-11cf-9c2f-0000c0c83adc} (jamba class library) - http://www.americanracing.com/wheelmatch/jambalib.cab
o16 - dpf: {ef99bd32-c1fb-11d2-892f-0090271d4f88} (ybioctrl class) - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/my/yiebio4_0_2_10.cab
o16 - dpf: {9b03c5f1-f5ab-47ee-937d-a8eda626f876} (anonymizer anti-spyware scanner) - http://download.zonelabs.com/bin/promotions/spywaredetector/webaas.cab
o18 - filter: text/html - {b64df3fa-bbf8-4655-8eae-865c954dc5ac} - c:\windows\system\odmbib.dll
o18 - filter: text/plain - {b64df3fa-bbf8-4655-8eae-865c954dc5ac} - c:\windows\system\odmbib.dll

--------------------------------------------------------------------------------
THE FOLLOWING ITEMS ARE NOT NEEDED TO LOAD
AT BOOTIME FOR THE SYSTEM TO WORK PROPERLY:
--------------------------------------------------------------------------------
o4 - hklm\..\run: [msconfigreminder] c:\windows\system\msconfig.exe /reminder