Tech Support Guy banner
Cancel
Create thread New Forums
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.

Please help with About:Blank hijacker!!!!!

Jump to Latest
2.6K views 23 replies 4 participants last post by  Flrman1  
#2 ·
About:Blank Homepage Hijacker
Removal Instructions and Help


How did my homepage get set to About:Blank?
The About:Blank homepage hijacker is a variation of a more advanced Cool Web Search hijacker. There are several variants of the About:Blank hijacker and all of them are difficult to remove manually. This hijacker is also referred to as the HomeOldSP hijacker because of the changes to the registry that can be seen using HijackThis such as

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

This is very similar in characteristics to the random dll hijacker also known as HomeSearch Hijacker that came out around the same time. The key to the hijack is a hidden dll file that is connected to a BHO (Browser Hijack Object). This hidden dll file shows up in the following registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs

Unfortunately removing this About:Blank hijacker can be difficult. Its a very persistent problem that can return quickly if it is not removed carefully.

How do I Remove the About:Blank homepage hijacker?

There are three basic proven methods that help remove this pesky hijacker, a manual one, one using vbscripts and an automatic one used by a spyware removal program.

MANUAL METHOD

The manual method of removing the About:Blank hijacker is probably the most difficult, since if it is not followed absolutely correctly it can return quickly. There are two programs that are needed to help with this removal. The first is HijackThis and the next is a registry program called Reglite.exe, this particular program for whatever reason seems to be able to find the hidden dll file without the hijacker trying to undo the work and attack the system again.

Once you've downloaded HijackThis and Reglite, open Registrar Lite and navigate to the following entry:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows

Look for the Key named AppInit_DLLs, the value in this key is the hidden dll file that is causing your problems. Write down the name of this file and think of it as the hidden.dll file

Secondly, use the Windows Recovery Console in Windows XP to rename the file.

Restart the computer in Recovery Console mode using the Windows XP or Windows 2000 CD or by the option show below

Type cd \windows\system32 and press Enter

Type the following line to remove the read-only characteristic, replacing hidden.dll with the name of the dll file found with RegLite
ATTRIB -R hidden.dll

Rename the hidden.dll file by typing the following command (replacing the word hidden.dll with the actual filename)
RENAME hidden.dll badfile.dll

Type Exit and press Enter to Reboot Windows
another very good and effective removal tool is Adware Away but this will cost you circa $29.
Good Luck.
Regards Indalo
 
Status
Not open for further replies.
You have insufficient privileges to reply here.
Tech Support Guy
posts
9.9M
members
873K
Since
1998
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!
Full Forum Listing
Explore Our Forums
Hardware Virus & Other Malware Removal Off Topic Lounge Thread Games & Discussion Networking