RE: WARNING Long Reply - Re: IE web browser gets hijacked to "about:bl

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

From: Shorecrest Rick (ShorecrestRick_at_discussions.microsoft.com)
Date: 11/11/04 

Date: Thu, 11 Nov 2004 11:04:02 -0800

Jim,

I was able to find Backdoor.Agent.B on my computer. I deleted it and now the
web browser hijacking has stopped.

Thank you for your time,

Rick

"Jim Byrd" wrote:

> Hi Rick - We've been seeing this a lot lately, and these are very difficult
> CWS parasite variants to remove. Read ALL of this carefully to begin with,
> then:
>
>
> #########IMPORTANT#########
> Before you try to remove spyware using any of the programs below, download
> both a copy of LSPFIX here:
>
> http://www.cexx.org/lspfix.htm
>
> AND a copy of Winsockfix for W95, W98, and ME
> http://www.tacktech.com/pub/winsockfix/WinsockFix.zip
> Directions here: http://www.tacktech.com/display.cfm?ttid=257
>
> or here for Win2k/XP http://files.webattack.com/localdl834/WinsockxpFix.exe
> Info here: http://www.spychecker.com/program/winsockxpfix.html
> Directions here: http://www.iup.edu/house/resnet/winfix.shtm
>
> The process of removing certain malware may kill your internet connection.
> If this should occur, these programs, LSPFIX and WINSOCKFIX, will enable you
> to regain your connection.
>
> NOTE: It is reported that in XP SP2, the Run command netsh winsock reset
> will fix this problem without the need for these programs. (You can also
> try this if you're on XP SP1. There has also been one, as yet unconfirmed,
> report that this also works there.) Also, one MS technician suggested the
> following sequence:
>
> netsh int reset all
> ipconfig /flushdns
>
> See also: http://windowsxp.mvps.org/winsock.htm for additional XPSP2
> info/approaches using the netsh command.
> #########IMPORTANT#########
>
>
> Sometimes the tools below will find files which they are unable to delete
> because they are in use. A program called Copylock, here,
> http://noeld.com/programs.asp?cat=misc#CopyLock can aid in the process of
> "replacing, moving, renaming or deleting one or many files which are
> currently in use (e.g. system files like comctl32.dll, or virus/trojan
> files.)" Another is Killbox, here:
> http://www.downloads.subratam.org/KillBox.zip
>
>
> Download and run Stinger.exe, here:
> http://download.nai.com/products/mcafee-avert/stinger.exe or from the link
> on this page: http://vil.nai.com/vil/stinger/ ME/XP users be sure to read:
> http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
>
> Download sysclean.com , from Trend Micro, here:
> http://www.trendmicro.com/download/dcs.asp along with the latest pattern
> file, here: http://www.trendmicro.com/download/pattern.asp Be sure to read
> the "How-to" info here:
> http://www.trendmicro.com/ftp/products/tsc/readme.txt (You might also want
> to get Art's updater, SYS-UP.Zip, here for future updating of these:
> http://home.epix.net/~artnpeg/). (If you download and use the updater from
> the beginning, it will automatically handle downloading the other files.)
> Place them in a dedicated folder after appropriate unzipping. Show hidden
> and system files (HowTo here:
> http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2002092715262339)
> Disable Restore if you're on XP or ME (directions here:
> http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm), then boot to
> Safe mode (HowTo here:
> http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406)
> Read tscreadme.txt carefully, then do a complete scan of your system
> in Safe mode and clean or delete anything it finds. Reboot to normal mode
> and re-run the scan again.
>
> This scan may take a long time, as Sysclean is VERY extensive and thorough.
> For example, one user reported that Sysclean found 69 hits that an
> immediately prior Norton AV v. 11.0.2.4 run had missed.
>
>
>
> Then, READ CAREFULLY and then apply the four steps exactly using the scripts
> and programs described here:
> http://www.silentrunners.org/sr_cwsremoval.html IMPORTANT - Before you
> start, be sure to clear all TIF and Temp files/folders and log on as an
> Administrator.
>
>
>
> If that doesn't fix it, then try About:Blank Specific and then Basic
> Cleaning, below FIRST and then ONLY IF NECESSARY Approach 1 and/or Approach
> 2 and/or Approach 3 and/or Approach 4 and/or Approach 5. Test after
> applying each fix.
>
> ******** Please post back with your results in detail if possible - what
> you tried, what happened, how you ended up - so that we'll know better what
> to advise others. ********
>
>
>
> Approach 1 - If your hijacker is Home Search Assistant or one of these:
>
> - Only The Best
> - Home Search Extender
> - Shopping Wizard
> - res://****.dll/index.html#***** (or simply res .dll)
>
> first see here:
> http://www.short-media.com/forum/showthread.php?p=172774#post172774, and
> here: http://www.pchell.com/support/onlythebest.shtml. Then you can try AT
> YOUR OWN RISK, HSRemove, free, here: http://www.hsremove.com/. "A few
> days ago I got hijacked - Nothing new in that, except this time it was a
> real [censored] to get rid of. - There were simply no tools available to
> remove this "Home Search" thing. Finally I ended up creating my own tool for
> it. USE IT AT YOUR OWN RISK. And if you find it helpful, then please do not
> hesitate to make a contribution." Or, you can try AboutBuster, here, which
> is also designed to remove Home Search Assistant:
> http://www.malwarebytes.biz/
>
>
> Approach 2 - You can try this AT YOUR OWN RISK. I normally wouldn't advise
> using a malware provider's uninstall, but this particular approach has been
> reported to work ONLY IF you have the about:blank CWS variant (there appear
> to be at least three or four currently) which leads you to a Search page.
> Paste the following IP into your browser:
>
> 195.190.118.131
>
> On the screen you arrive at, you see a "Search For" window, and below it a
> red "Uninstall Software". Download their uninstaller, uninstall.exe. At this
> point I would either use TotalUninstall or make a complete backup/Restore
> Point of my system for safety's sake (on the basis of "at least keep what
> you've got"). Total Uninstall, http://www.geocities.com/ggmartau/tu.html or
> direct dwnld here: http://files.webattack.com/localdl834/tun234.zip
>
> Run this uninstall program that you downloaded from the malware site, then
> UPDATE them and go to Safe mode to run UPDATED versions CWShredder, AdAware
> and SpyBot per the directions in Basic, below.
>
>
>
> Approach 3 - Courtesy of "Win" (Win J. Moore) in 24hoursupport.helpdesk
>
> "I had a variant of this CWS.SearchX sucker for about 3 weeks, and I FINALLY
> seem to be rid of it for good! It is aka Troj_StartPage.sp and
> BackDoor.Agent.BA. This is what I did:
>
>
> 1. Run Regedit, and DELETE the following key:
>
> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
> NT\CurrentVersion\Windows\AppInit_DLLs
>
> The value of this key may look blank for you, but it is not. They hide the
> value so you can't see it. This registry key tells Windows to load the
> Trojan DLL every time ANY application is run giving it complete control to
> do whatever it wants. So you need to remove it so that the Trojan DLL cannot
> load and keep re-infecting your PC. The way to remove the registry key is
> not obvious. If you just delete it from RegEdit, since the Trojan DLL is
> loaded, it will re-add it right back. (Try it. Delete the AppInit_DLLs
> registry key and hit F5. Notice that it's added right back by the Trojan).
>
> So what you have to do is the following which worked for me (many thanks to
> "acomputerpro" at the SpywareInfo.com forums!)
>
> 2. Rename the HLM\Software\Microsoft\Windows NT\CurrentVersion\Windows
> folder to Windows2.
>
> 3. Now delete the AppInit_DLLs key under the Windows2 folder.
>
> 4. Hit F5 and notice that AppInit_DLLs doesn't come back.
>
> 5. Rename the Windows2 folder back to Windows. Now that AppInit_DLLs is
> gone, run the latest AdAware 6 to remove the Trojan for good.
>
> 6. Reboot your machine, and check the registry and make sure AppInit_DLLs is
> still gone.
>
> Your computer should be free of this for good now. Hope it works for you...
> It seemed to do the trick for me!"
>
>
> Approach 4 - If you've already tried CWShredder to get rid of this parasite
> (See below, v.159.0.1 or better and fully updated before use), then take a
> look at this thread about manual removal of this parasite:
>
> http://www.akadia.com/services/about_blank_virus.html
> and this one: http://www.daniweb.com/techtalkforums/thread5531.html
> and this one: http://computercops.biz/article-5199-nested-0-0.html
> Some nice clean removal directions here:
> http://www.securiteam.com/securityreviews/5RP0L0UD5U.html
>
> Approach 5 - I don't usually recommend anything but freeware that I've
> confidence in, but AT YOUR OWN RISK, not free ($29.95), Adware Away, here:
> http://www.adwareaway.com/ claims to fix it automatically, and several users
> now have reported success using it. I would backup my system before using
> it, however - always try to "keep what you've got".
>
>
> ___________________________________
>
>
> About:Blank Specific fixes. Do the Basic Cleaning steps also after
> finding one of these that works AND if none do:
>
>
> Then try in order:
>
> 1) See the procedures here:
> http://www.pchell.com/support/onlythebest.shtml
> and especially here:
> http://www.pestpatrol.com/pestinfo/c/cws_aboutblank.asp and here:
> http://www.securiteam.com/securityreviews/5RP0L0UD5U.html
> Pest Patrol (free) claims to remove at least some of the about:blank
> variants
>
> 2) Download AboutBuster, here: http://www.malwarebytes.biz/AboutBuster.zip
> or here: http://www.majorgeeks.com/download4289.html Then, "First unzip all
> files from the zip folder to a folder or your desktop. Start it and hit ok.
> Then hit update. A new screen should popup. On that screen hit Check for
> Updates. If it says it found an update hit Download Updates. If it doesnt it
> will automatically tell you and exit. Now for the scanning part. Hit start
> and then Ok. The program should start scanning. Then hit exit and reboot.
>
> Once rebooted run About:Buster once more to make sure everything is ok.
> The database will be updated very frequently so check your versions once a
> day."
>
> 3) Download dllfix.exe and CWShredder from here:
>
> http://www.renonce.com/pub/utils/dllfix.exe
>
> and http://209.133.47.200/~merijn/files/CWShredder.exe
> or http://www.zerosrealm.com/downloads/CWShredder.zip
> or http://downloads.subratam.org/CWShredder.exe
>
> Unzip or install dllfix.exe to its own folder, run it and do options 1 and
> 2.
>
> Now proceed with the Basic Cleaning steps, below.
>
> 4) It has been reported that the evaluation version of Panda Software's
> Titanium Antivirus 2004, here:
> http://www.pandasoftware.com/register.asp?CodigoProducto=13&TipoLead=2&TipoUsuario=1&Tipo=1&Ref=WW-TIT4-DES&Idioma=2&Country=Us&sec=down
> will completely remove about:blank. I have not been able to independently
> verify this yet, however, so this is AT YOUR OWN RISK. You'll have to give
> them some information, and I expect you may want to uncheck some of the
> "opt-in" boxes at the bottom just above and below the send button.
>
>
> Basic Cleaning - Note that this symptom often indicates the possibility of
> other malware. You might want go to this page at Jim Eshelman's site, here:
> http://aumha.org/a/noads.htm or here:
> http://inetexplorer.mvps.org/parasite.htm and wait a little bit (be
> patient), while an analysis of a number of possible parasites on your
> machine will be made to help you identify and remove them. NOTE: You will
> need to disable Ad Blocking in Zone Alarm 3.x, if present or any other Ad
> Blocking software which interferes with Java Scripting for this scan to
> work. You should get a message between the two lines of **** giving the
> results of the scan.
>
>
> For the general hijack case, the best way to start is to get Ad-Aware SE
> Personal Edition, here: http://www.lavasoftusa.com/support/download/.
> UPDATE, set it up in accordance with this:
> http://forum.aumha.org/viewtopic.php?t=5877 or the directions immediately
> below and run this regularly to get rid of most "spyware/hijackware" on your
> machine. If it has to fix things, be sure to re-boot and rerun AdAware
> again and repeat this cycle until you get a clean scan. The reason is that
> it may have to remove things which are currently "in use" before it can then
> clean up others. Configure Ad-aware for a customized scan, and let it
> remove any bad files found.....
>
> <Begin Setup Directions>
> Then, courtesy of NonSuch at Lockergnome, open Ad-aware then click the gear
> wheel at the top and check these options to configure Ad-aware for a
> customized scan:
>
> General> activate these: "Automatically save log-file" and "Automatically
> quarantine objects prior to removal"
>
> Scanning > activate these: "Scan within archives", "Scan active processes",
> "Scan registry", "Deep scan registry," "Scan my IE Favorites for banned
> sites," and "Scan my Hosts file"
>
> Tweaks > Scanning Engine> activate this: "Unload recognized processes during
> scanning."
>
> Tweaks > Cleaning Engine: activate these: "Automatically try to unregister
> objects prior to deletion" and "Let Windows remove files in use after
> reboot."
>
> Click "Proceed" to save your settings, then click "Start." Make sure
> "Activate in-depth scan" is ticked green, then scan your system. When the
> scan is finished, the screen will tell you if anything has been found, click
> "Next." The bad files will be listed. Right click the pane and click "Select
> all objects" - This will put a check mark in the box at the side, click
> "Next" again and click "OK" at the prompt "# objects will be removed.
> Continue?"
> <End Setup Directions>
>
> Courtesy of http://www.nondisputandum.com/html/anti_spyware.html: HINT: If
> Ad Aware is automatically shut-down by a malicious software, first run
> AWCloak.exe, http://www.lavasoftnews.com/downloads/AAWCloak.exe, before
> opening Ad Aware. When AAWCloak is open, click “Activate Cloak”. Than open
> Ad Aware and scan your system.
>
> Another excellent program for this purpose is SpyBot Search and Destroy
> available here: http://security.kolla.de/ SpyBot Support Forum here:
> http://www.net-integration.net/cgi-bin/forums/ikonboard.cgi. I recommend
> using both normally. After UPDATING and fixing ONLY RED things with SpyBot
> S&D, be sure to re-boot and rerun SpyBot again and repeat this cycle until
> you get a clean "no red" scan. The reason is that SpyBot sometimes has to
> remove things which are currently "in use" before it can then clean up
> others.
>
> Note that sometimes you need to make a judgment call about what these
> programs report as spyware. See here, for example:
> http://www.imilly.com/alexa.htm
>
>
> A currently common parasite is some malware called CoolWebSearch. Do the
> following:
>
> Download, UPDATE before running, and run:
> http://www.intermute.com/spysubtract/cwshredder_download.html (The new v.2
> which will automatically install in C:\Program
> Files\InterMute\SpySubtract\CWShredder.exe and put a shortcut on the
> Desktop. Run the program from this install location or the shortcut after
> installation. This recommendation for CWShredder is NOT automatically a
> recommendation for the other programs adverstised by Intermute in
> conjunction with this install.) or
> http://209.133.47.200/~merijn/files/CWShredder.exe or here:
> http://hem.bredband.net/b157129/f/cwshredder.zip or here:
> http://www.softpedia.com/public/scripts/downloadhero/10-17-150/ or here:
> http://www.zerosrealm.com/downloads/CWShredder.zip
> to remove the parasite. Try to run from Safe mode or a Clean Boot and be
> sure to close ALL other programs to the extent possible, expecially ALL
> instances of IE and OE.
>
>
> There's a good tutorial about CWS and using CWShredder here:
> http://www.bleepingcomputer.com/forums/index.php?showtutorial=47#domain See
> also: http://cwshredder.net/cwshredder/cwschronicles.html
>
> BE SURE that you get v.1.59.0.1 or later or the new v.2! Note that
> CWShredder may make deletions/changes to your HOSTS file (sometimes as false
> positives), and that after cleanup you may need to restore it with a fresh
> copy of any local DNS and/or blocking entries or disable it before running
> CWShredder.
>
>
> You will need to show Hidden files first and then at the end clear the
> malware garbage from your System Restore backups after you've cleaned up.
> It's best to perform CWShredder (and most other malware fixers too) from
> Safe mode and then reboot. AFTER cleaning things up, then you can disable
> and then re-enable System Restore. See ******** below.
>
> The following links give instructions on how to do these various functions:
>
>
> HOW TO Restart in Safe Mode
> http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406
>
> HOW TO Enable Hidden Files
> http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2002092715262339
>
> HOW TO Disable/Flush System Restore (do this at the end AFTER cleaning or
> use the suggested procedure for XP at the ******'s)
> http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001111912274039
> (WinXP)
> http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001012513122239
> (WinME)
>
>
>
> Then download and run:
> http://www.kellys-korner-xp.com/regs_edits/iegentabs.reg to restore your
> tabs and remove any restrictions that the parasite has put in place.
>
> Now download and run:
> http://www.kellys-korner-xp.com/regs_edits/RestoreSearch2.REG to restore
> your search functions if they've been affected (as they probably will have
> been).
>
>
> Be sure that you also download and install hotfix Q816093, here:
>
> http://support.microsoft.com/?kbid=816093
>
> which blocks the exploit upon which this parasite family depends.
>
>
> There are extensive, detailed instructions for manual removal of CWS
> variants here: http://www.pestpatrol.com/PestInfo/c/cws.asp You may want
> to check these to be sure everything's been cleaned up.
>
> When done, go to Start|Run and enter one line at a time (or even easier,
> open a DOS box and copy the following in its entirety and then paste it into
> the box):
>
> regsvr32 /i browseui.dll
> regsvr32 /i shdocvw.dll
> regsvr32 /i mshtml.dll
> regsvr32 mshtmled.dll
> regsvr32 actxprxy.dll
> regsvr32 /i urlmon.dll
> regsvr32 scrrun.dll
> regsvr32 comcat.dll
> regsvr32 Oleaut32.dll
> regsvr32 /i Shell32.dll
> regsvr32 Msoeacct.dll
> regsvr32 "C:\Program Files\Outlook Express\Msoe.dll"
> regsvr32 msjava.dll
> regsvr32 jscript.dll
> regsvr32 Olepro32.dll
> regsvr32 Hlink.dll
> regsvr32 Asctrls.ocx
> regsvr32 Inetcpl.cpl /i
> regsvr32 Dxtrans.dll
> regsvr32 Dxtmsft.dll
> regsvr32 Imgutil.dll
> regsvr32 Msxml.dll
> regsvr32 Msjava.dll
> regsvr32 Jscript.dll
> regsvr32 Softpub.dll
> regsvr32 Wintrust.dll
> regsvr32 Initpki.dll
> regsvr32 Dssenh.dll
> regsvr32 Rsaenh.dll
> regsvr32 Gpkcsp.dll
> regsvr32 Slbcsp.dll
> regsvr32 Cryptdlg.dll
> regsvr32 Msjet40.dll
> regsvr32 pdm32.dll
> regsvr32 Msjtor40.dll
> regsvr32 Dao360.dll
> regsvr32 Sccbase.dll
>
>
> with a Return after each .dll. You'll get a message about successful
> completion of the re-registration process after each one, then enter the
> next (with the DOS box they'll be continuous except for the last one).
>
> If you use Win98x and get an error on Shell32.dll, ignore it. Only the ME,
> Win2k and XP versions of windows have shell32 as an object that needs
> registering. (For these earlier operating systems, run "regsvr32
> shdoc401.dll " instead of "regsvr32 Shell32.dll".) Depending on your
> system, you may also get "not found" error messages on some or all of the
> last five - if so, ignore them.
>
> Re-start your computer when you've finished.
>
>
> If they don't fix it then start here:
>
> Download HijackThis, free, here:
> http://209.133.47.200/~merijn/files/HijackThis.exe (Always download a new
> fresh copy of HijackThis [and CWShredder also] - It's UPDATED frequently.)
> You may also get it here if that link is blocked:
> http://www.majorgeeks.com/downloadget.php?id=3155&file=3&evp=3304750663b552982a8baee6434cfc13
>
> There's a good "How-to-Use" tutorial here:
> http://computercops.biz/HijackThis.html
>
> In Windows Explorer, click on Tools|Folder Options|View and check "Show
> hidden files and folders" and uncheck "Hide protected operating system
> files". (You may want to restore these when you're all finished with
> HijackThis.)
>
> Place HijackThis.exe or unzip HijackThis.zip into its own dedicated folder
> at the root level such as C:\HijackThis (NOT in a Temp folder or on your
> Desktop), reboot to Safe mode, start HT then press Scan. Click on SaveLog
> when it's finished which will create hijackthis.log. Now click the Config
> button, then Misc Tools and click on Generate StartupList.log which will
> create Startuplist.txt
>
>
> Then go to one of the following forums:
>
> Spyware and Hijackware Removal Support, here:
> http://216.180.233.162/~swicom/forums/
>
> or Net-Integration here:
> http://www.net-integration.net/cgi-bin/forum/ikonboard.cgi?s=d3c2c886d536d57b5f65b6e40c55365e;act=ST;f=27;t=6949
>
> or Tom Coyote here: http://forums.tomcoyote.org/index.php?act=idx
>
> Register if necessary, then sign in and READ THE DIRECTIONS at the beginning
> of the particular site's HiJackThis forum, then copy and paste both files
> into a message asking for assistance, Someone will answer with detailed
> instructions for the removal of your parasite(s). Be sure you include at
> the beginning of your post a description of "What specific
> problem(s)/symptoms you're trying to solve" and "What steps you've already
> taken."
>
> *******
> ONLY IF you've successfully eliminated the malware, you can now make a new,
> clean Restore Point and delete any previously saved (possibly infected)
> ones. The following suggested approach is courtesy of Gary Woodruff: For XP
> you can run a Disk Cleanup cycle and then look in the More Options tab. The
> System Restore option removes all but the latest Restore Point. If there
> hasn't been one made since the system was cleaned you should manually create
> one before dumping the old possibly infected ones.
> *******
>
>
> Once you get this cleaned up, you might want to consider installing Eric
> Howes' IESpyAds, SpywareBlaster and SpywareGuard here to help prevent this
> kind of thing from happening in the future:
>
> IESpyads - https://netfiles.uiuc.edu/ehowes/www/resource.htm "IE-SPYAD adds
> a long list of sites and domains associated with known advertisers,
> marketers, and crapware pushers to the Restricted sites zone of Internet
> Explorer. Once you merge this list of sites and domains into the Registry,
> the web sites for these companies will not be able to use cookies, ActiveX
> controls, Java applets, or scripting to compromise your privacy or your PC
> while you surf the Net. Nor will they be able to use your browser to push
> unwanted pop-ups, cookies, or auto-installing programs on your PC." Read
> carefully.
>
> http://www.javacoolsoftware.com/spywareblaster.html (Prevents malware Active
> X installs) (BTW, SpyWareBlaster is not memory resident ... no CPU or memory
> load - but keep it UPDATED) The latest version as of this writing will
> prevent installation or prevent the malware from running if it is already
> installed, and it provides information and fixit-links for a variety of
> parasites.
>
> http://www.javacoolsoftware.com/spywareguard.html (Monitors for attempts to
> install malware) Keep it UPDATED. All three Very Highly Recommended
>
> SpywareBlaster is probably the best preventive tool currently available,
> expecially if supplemented by using the Immunize function in SpyBot S&D and
> a good HOSTS file (see next). IMPORTANT NOTE: A good additional source of
> preventive blocking for ActiveX components is the Blocking List available
> here: http://www.spywareguide.com/blockfile.php While smaller than the
> SpywareBlaster list, it contains some different malware CLSIDs and appears
> to be updated with new threats more frequently. Recommended as a supplement
> to SpywareBlaster. Read all of the instructions in the Expert package
> download carefully. You might want to consider using:
> http://www.changedetection.com/monitor.html to monitor and notify you of
> changes/updates to this (or others, for that matter) list.
>
>
> Next, install and keep updated a good HOSTS file. It can help you avoid
> most adware/malware. See here: http://www.mvps.org/winhelp2002/hosts.htm
> (Be sure it's named/renamed HOSTS - all caps, no extension) Additional
> tutorials here:
> http://www.bleepingcomputer.com/forums/index.php?s=14f3f9225081133297a8acdd11137c5b&showtutorial=51
> (detailed) and here: http://www.spywarewarrior.com/viewtopic.php?t=410
> (overview)
>
>
> Finally, be sure that you have a good hardware or software firewall and an
> AntiVirus installed, and bring your OS up-to-date with ALL Critical updates
> from Windows Update.
>
>
> --
> Please respond in the same thread.
> Regards, Jim Byrd, MS-MVP
>
>
>
> In news:033A3A79-9801-45A0-89BA-7769C2B99002@microsoft.com,
> Shorecrest Rick <ShorecrestRick@discussions.microsoft.com> typed:
> > I am using OS Windows 2000. I have the latest subscription to Norton
> > Antivirus, Ad-ware Professional and Ad-Watch. I am unable to get the
> > latest Windows update. My web browser gets hijacked while the
> > Microsoft web page is scanning my computer. The web browser gets
> > hijacked to: address "about:blank". I have had a mobile PC tech try
> > to fix this problem. After an hour the tech gave up and I still had
> > to pay. How can I fix this problem other than to reload the OS again?
> >
> > Thanks Rick
>
>

Quantcast