Re: "about:blank or Use Default redirecting"

From: Kelly (kelly_at_mvps.org)
Date: 06/17/04 

Date: Thu, 17 Jun 2004 03:47:11 -0500

Yes, Jason mentioned that, but only good if the user isn't using Mozilla!
<w> 

-- 
All the Best,
Kelly
Microsoft-MVP Windows® XP
2004 Windows MVP "Winny" Award
Troubleshooting Windows XP
http://www.kellys-korner-xp.com
Taskbar Repair Tool Plus!
http://www.kellys-korner-xp.com/taskbarplus!.htm
"Alex Nichol" <alexn.mvpdts@ntlworld.delete.com> wrote in message 
news:t541d0tqm4sbiqksffpju9tmsosmb4emh3@4ax.com...
> Sohail wrote:
>
>>My symptoms are that going into "(Microsof)internet
>>explorer 6", the page will default to About:Blank or Use
>>Defualt, but I am being redirected
>>to  "http://206.161.207.99/sextracker.html"
>
> You have been Hijacked, by one that is troublesome.  Before anything
> else, go to Control Panel (not IE) Internet Options and edit the
> about:blank to about:mozilla
> Also edit the windows\system32\drivers\etc\hosts file with NotePad, and
> put a 'comment out' # before all lines but the
> 127.0.0.1 localhost
> one
>
> Here is a full repair instruction from MVP Mike Burgess on the one it
> probably is:  a bit out of date by now, but hopefully will help, and
> best of luck!
>
>
> Download: "RepairAppInit.reg"
> http://www.mvps.org/winhelp2002/RepairAppInit.reg
> Do not do anything with this file yet, it will be needed later.
>
> Download: CWShredder
> http://www.spywareinfo.com/~merijn/files/hijackthis.zip
> Unzip, but do not run it yet, it will be needed later.
>
> Download: Ad-Aware
> http://www.lavasoft.de/software/adaware/
> Install, but do not run it yet, it will be needed later.
>
> Download: Find-All.zip
> http://www10.brinkster.com/expl0iter/freeatlast/pvtool.htm
> Unzip, but do not run it yet, it will be needed later.
>
> Download: WINFILE.zip
> http://www10.brinkster.com/expl0iter/freeatlast/WINFILE.zip
> Unzip, but do not run it yet, it will be needed later.
>
> Download: Registrar Lite [freeware]
> http://www.resplendence.com/download
> Install, but do not run it yet, it will be needed later.
>
> [Step1]
>
> Double-click the included "Find-All.bat" file from Find-All.zip.
> Generates: "output.txt"
> Note: if infected you will see:
>
> Locked file(s) found...
> C:\WINDOWS\System32\<filename> +++ File read error
> Where "<filename>" is the hidden invisable installer.
> Note: "+++ File read error" is not an error, this just identifies the
> culprit.
>
> [Step2]
>
> Run "Registrar Lite" and navigate to:
> [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
> NT\CurrentVersion\Windows]
> Double click on "AppInit_DLLs" entry (right pane)
> The size will likely be something other than "1" (if infected)
> IMPORTANT: Make a note of the filename and location (folder)
>
> [Step3]
>
> Rename the highlighted "Windows" key (left pane)
> To rename: Right-click and select: Rename
> (type) NoWindows
>
>
> Double-click "AppInit_DLLs" again (right pane)
> Clear (delete) the "Value" containing the .dll and click Ok.
>
>
> IMPORTANT: Rename the "NoWindows" key (left pane)
> To rename: Right-click and select: Rename
> (type) "Windows" (no quotes) and close RegLite.
>
> [Step 4]
>
> Using Windows Explorer go to your root drive: (typically) "C:\"
> Click File (up top) select: New > Folder
> (type) "Junk" (no quotes)
>
> Open Winfile
>
> Navigate to System32 folder.
> Click File (up top) select: Move
>
> Copy and paste this into the 'From' box:
> C:\WINDOWS\System32\<filename>.dll
> Copy and paste this into the 'To' box: C:\Junk\<filename>.dll
>
> Note: where "<filename>" = culprit dll from "output.txt"
>
> Click OK. Close Winfile
> Open Windows Explorer and check in C:\Junk for the "<filename>.dll"
> file.
>
> At this point see if you can rename the "<filename>.dll"
> Do this several time, changing the name and extension each time.
> Then see if you can "Move" to "A:\" (floppy)
>
> [Step 5]
>
> Locate: "RepairAppInit.reg" right-click and select: Merge
> Ok the prompt
>
> [Step 6]
>
> Open Regedit (Start | Run (type) "regedit" (no quotes)
> Use the Search function for the <filename>.dll
> Click: Edit (up top) select: Find
> (type) <filename>.dll, click: Find Next
>
> Note: where "<filename>" = culprit dll from "output.txt"
>
> Remove all instances found.Press "F3" to continue searching
> until you see the "Completed" message.
>
> Next repeat the above steps, subsitute the "secondary dll"
> From: "text/html" as seen in the "output.txt"
>
> [Step 7]
>
> Run CWShredder and reboot.
>
> [Step 8]
> Run Ad-Aware
>
>
> -- 
> Alex Nichol MS MVP (Windows Technologies)
> Bournemouth, U.K.  Alexn@mvps.D8E8L.org (remove the D8 bit)

Relevant Pages

  • Re: Home Page and cwshredder
    ... Download: CWShredder ... To rename: Right-click and select: Rename ... "Windows" and close RegLite. ... New> Folder ...
    (microsoft.public.windowsxp.general)
  • Re: the coolweb search file causding IE to revert to the about:blank page
    ... Download: CWShredder ... To rename: Right-click and select: Rename ... "Windows" and close RegLite. ... New> Folder ...
    (microsoft.public.windows.inetexplorer.ie6.browser)
  • Re: Computer Infection - Frozen
    ... *he* and most certainly is NOT an MS MVP. ... MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002 ... Download it here http://pcbutts1.com/downloads/tools/tools.htm ... Download, install, update, and run a full scan with Avast Anti-virus ...
    (microsoft.public.windowsxp.general)
  • Re: "about:blank or Use Default redirecting"
    ... Download: CWShredder ... To rename: Right-click and select: Rename ... "Windows" and close RegLite. ... New> Folder ...
    (microsoft.public.windowsxp.general)
  • Re: CWS searchx strain wont go away
    ... I can't find "Find-All.bat" within the Find-All.zip download. ... >> Rename the highlighted "Windows" key ... >> To rename: Right-click and select: Rename ... >> Click File select: New> Folder ...
    (microsoft.public.security)
Loading