Re: Is about:blank Loading Spyware?

From: Martin Ireland (znegva.verynaq_at_tbi.no.pn)
Date: 07/22/04

  • Next message: Peter: "Re: Norton Antivirus 2003 and Ports 110, 25" 
    Date: Thu, 22 Jul 2004 19:23:50 +0000 (UTC)

    [posted and mailed]

    dmckeon@ameritas.com (Dan McKeon) wrote in
    news:61ad99f6.0407220650.5b810bbb@posting.google.com:

    > I have been having a problem on Windows XP using Internet Explorer 6.0
    > where my home page keeps getting reset to about:blank, but it loads a
    > search engine called "Search for.." When I view the source, it is
    > redirecting to a hex string that I translated to a dll on
    > c:\windows\system32. I scanned the registry and removed the entries
    > for that dll (there were 2 in HKEY_CLASSES_ROOT). I then booted to a
    > DOS window to delete the dll as it was being called by explorer.dll!
    >
    > Then, after a few hours, the problem reappears with a different dll
    > name. The name seems to be random, but some examples are:
    >
    > c:\windows\system32\jjbejd.dll
    > c:\windows\system32\jigkoe.dll
    >
    > I ran both Spybot - Search and Destroy and Ad-Aware. They found and
    > removed spyware, but it keeps coming back. I am running a virus scan
    > now (Norton), and so far it hasn't found anything.
    >
    > Does anybody know what's going on? Is there a way to clear this
    > problem up? Am I or is my computer at serious risk as a result of
    > spyware?
    >
    > Any help you can provide will be greatly appreciated.
    >
    > TIA,
    > Dan
    >

    Get the info from your AV company on disabling the System Restore feature
    of Windows XP. Once disabled, repeat the removal of the Dlls. Then re-
    enable System Restore. 

    -- 
Martin
Email address is ROT13 encoded to slow down spammers
  • Next message: Peter: "Re: Norton Antivirus 2003 and Ports 110, 25"

    Relevant Pages

    • Re: Is about:blank Loading Spyware?
      ... >> DOS window to delete the dll as it was being called by explorer.dll! ... > Get the info from your AV company on disabling the System Restore feature ...
      (comp.security.misc)
    • Re: Is about:blank Loading Spyware?
      ... >> Get the info from your AV company on disabling the System Restore ... best if your AV does all this removal work. ...
      (comp.security.misc)
    • Re: Send to Word Woes
      ... you can leave the Norton Office plug-in DLL disabled. ... >> disabling through NAV really does disable it. ...
      (microsoft.public.powerpoint)
    • System Restore tab gives error
      ... Cannot access System Restore from the Properties tab ... a "Run a DLL as an App" dialog box ... System Restore until after new drive in use. ...
      (microsoft.public.windowsxp.help_and_support)
    • Re: Compiler directive for win98?
      ... If Not Assigned(SRSETRESTOREPOINTA) Then ... poke around in the DLL with a Hex editor, ... Implemented as SRSetRestorePointW (Unicode) and SRSetRestorePointA ... fails if System Restore has been disabled ...
      (alt.comp.lang.borland-delphi)