Re: about:blank Spyware + SBS2000

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

From: ye110wbeard (ye110wbeard_at_sympatico.ca)
Date: 12/01/04 

Date: Tue, 30 Nov 2004 23:09:41 -0500

Sounds like the CoolWeb or one of its variants. You'll actually be past
SpyBot and Adaware with that one.

Try www.majorgeeks.com and Check the spyware cleaning list there. I've
found typically it will be a combination of

Hijackthis
Kazaabegone
Spybot (With TeaTimer and Silent Internet Blocking on)
AdAware Personal Edition
Kill2Me
About Buster.

You also might want to check and see if the little pests added certain web
sites into the trusted cookies, trusted internet zone or just flat out
lowered the internet security to nil.

Generally I'll try to download the goodies on a clean machine, burn them to
disk with the available updates and clean them offline. How they're getting
in would be depending on whether you're behind a firewall or not.

What I have seen is a bad pc with weak antivirus hits a site, the code walks
right in, reboot and BOOM. It will start to try worming its way in. Nice
eh?

Best case scenario, try to have all the client PC's on XP with Service Pack
2 (the new security kills a pile of holes the spyware weenies use. Spybot
1.3 with the TeaTimer can at least halt the automatic homepage change. I
personally have tested VirusScan 8.0 from Network Associates. You can
REALLY crank it's settings up. You can even tell it to go after Kazaa,
Shareaza and other P2P troublemakers by adding their executables in a
"forbidden" list.

ISA might help in that instance as well if you have a list of "trusted" web
sites staff can use.

"Mike E." <mre@pidesign.co.uk> wrote in message
news:OBd3tPw1EHA.3236@TK2MSFTNGP15.phx.gbl...
> Has anyone had problems with about:blank spyware on SBS Client computers ?
>
> I have 2x Clients infected with this nasty piece of work - I have tried
> removing with the latest Spybot + Adaware
> but it keeps coming back.
>
> I have blocked the port on ISA Server that it uses to get through to stop
> any other infection.
>
> Can anyone help.
>
>
> Regards
>
>
> Mike
>
>
>

Relevant Pages

  • Re: Windows XP starts slow.
    ... When I start windows I open the ... probably legitimately accessing the internet. ... You also might benefit from a virus and spyware check. ... Spybot S&D analyse your startup apps lists. ...
    (microsoft.public.windowsxp.perform_maintain)
  • RE: Anti-spyware Beta from Microsoft available
    ... Running the default scan in Spybot and Adaware runs in the context of the ... Running the full scan, at least in Adaware, does not check current running ... Anti-spyware Beta from Microsoft available ... different spyware products. ...
    (Focus-Microsoft)
  • Re: usb hardware group?
    ... unplug the internet:P ... spybot s&d ... adaware some claim this IS spyware, ...
    (microsoft.public.vb.general.discussion)
  • Re: spyware stormer
    ... You did update AdAware and Spybot before running, ... Next, close all Internet Explorer and Outlook windows, and run CWShredder. ... Spyware Warrior: ...
    (microsoft.public.windowsxp.network_web)
  • Re: Windows Xp Home retail is taking ten minutes to load.
    ... CWshredder,Windows defender, Stinger Virus, Spybot serch and destroy, Adaware ... I am going through the process of doing all virus scans and spyware scans. ... DO NOT REBOOT unless told. ... Run Spybot Search & Destroy ...
    (microsoft.public.windowsxp.general)