Post your fixes. This bastard is running rampant through our clients because they are not that bright. I don't mind though because it means I have a job.
So far I have tried Find N Fix. I need something that is a bit more user friendly because sometimes I can't connect to the client's computer and I often get these 12:00 flashers.
About:Blank
-
Bubba Grizz
- Super Poster!
- Posts: 6121
- Joined: July 3, 2002, 12:52 pm
- Gender: Male
- Location: Green Bay, Wisconsin
-
XunilTlatoani
- Star Farmer
- Posts: 379
- Joined: September 6, 2002, 2:37 pm
- Location: Lakemoor, IL
-
Bubba Grizz
- Super Poster!
- Posts: 6121
- Joined: July 3, 2002, 12:52 pm
- Gender: Male
- Location: Green Bay, Wisconsin
The very same. This particular beast will not let you go to any other sites like Google, MSN, or Yahoo either. Any other search engine gets shut down.
After some searching I found that About:Blank is a front for CoolWWWSearch. I used CWShredder after I used the Find N Fix and it didn't find anything. Which is good actually. I am curious though if this will work on its own.
After some searching I found that About:Blank is a front for CoolWWWSearch. I used CWShredder after I used the Find N Fix and it didn't find anything. Which is good actually. I am curious though if this will work on its own.
-
XunilTlatoani
- Star Farmer
- Posts: 379
- Joined: September 6, 2002, 2:37 pm
- Location: Lakemoor, IL
My parent's had this about 6 months ago, and at the time I didn't know of any automatic fixes for it.
Basically what I did to fix it was to remove the value from this key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
The only catch is that regedit won't see a value for this key. I needed to download Registrar Lite from http://www.resplendence.com. Using that program, I was able to see a pathname to a dll in that same registry key. but when you go look for the file, it isn't there, even with "show hidden files" turned on (ok, so there's two catches). I had to start up Windows with the XP recovery CD and attrib/delete it from the recovery console. When I rebooted Windows, I deleted that value from the key with reglite (I suppose you could have deleted it before...just make sure you get the name because it will be different on every computer), then ran adaware which detected all the home page/search page changes. That was pretty much it.
Sounds like you need an automatic fix though, but I'm not sure if one exists.
Basically what I did to fix it was to remove the value from this key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
The only catch is that regedit won't see a value for this key. I needed to download Registrar Lite from http://www.resplendence.com. Using that program, I was able to see a pathname to a dll in that same registry key. but when you go look for the file, it isn't there, even with "show hidden files" turned on (ok, so there's two catches). I had to start up Windows with the XP recovery CD and attrib/delete it from the recovery console. When I rebooted Windows, I deleted that value from the key with reglite (I suppose you could have deleted it before...just make sure you get the name because it will be different on every computer), then ran adaware which detected all the home page/search page changes. That was pretty much it.
Sounds like you need an automatic fix though, but I'm not sure if one exists.
Xunil Tlatoani - Gnome Arch Lich (Retired)
Keepers of the Elements
Tlatoani - Gnome Warlock
Light of Dawn (Lightbringer Server)
Keepers of the Elements
Tlatoani - Gnome Warlock
Light of Dawn (Lightbringer Server)
-
Bubba Grizz
- Super Poster!
- Posts: 6121
- Joined: July 3, 2002, 12:52 pm
- Gender: Male
- Location: Green Bay, Wisconsin
I actually found something that mentions what you said.
http://www.securiteam.com/securityrevie ... 0UD5U.html
The computer I cleaned this morning got the thing back after we did a shutdown and came back up. Persistent lil fucker I tell you. I am going to follow the steps described in the article when I get a chance.
http://www.securiteam.com/securityrevie ... 0UD5U.html
The computer I cleaned this morning got the thing back after we did a shutdown and came back up. Persistent lil fucker I tell you. I am going to follow the steps described in the article when I get a chance.
-
Arborealus
- Way too much time!
- Posts: 3417
- Joined: September 21, 2002, 5:36 am
- Contact:
-
Adelrune Argenti
- Almost 1337
- Posts: 831
- Joined: July 9, 2002, 4:22 pm
- Location: San Diego, CA