about:blank reset homepage

[fastone]

Home-page automaticly keeps reseting to "about:blank". Found a site called "dbforums.com" that was addressing this problem. All the suggestions were tried three times and never did help resolve the problem.
Decided to look for a program to stop Hijacking, downloaded and installed a program called "Startpage Guard" that would protect my settings. Even though "about:blank" would alter the settings, this program is suposed to protect my settings and restore them. After restarting the machine the next day, IE would not open and an error message would pop up requesting information be sent to Microsoft. But I do not think this is the correct or real place the info would be sent. But it was blocked by my firewall. The firewall program ask if I wanted to let program "jklue" have access to the internet, and I declined.
Reinstalled IE-6 twice and it would not open either time. Next reinstalled "Windows 98", then reinstalled IE-6. Still would not open. Went into the "Add/Delete" programs and deleted the Startpage Guard, and finally opened IE.tting to "about:blank". Help! How do I get rid of this Hijacker?

[ghost2003]

Try adaware and spybot. Update them and remove all they find.
www.lavasoftusa.com
www.safer-networking.org

[Hi Ho]

No need to purchase anything. Spybot and Adaware should get rid of it.

[fastone]

Have tried all the suggested setup options within AdWare, did not fix the problem. Downloaded and ran SpyBot, did not fix the problem, downloaded and ran GoHip uninstall program, did not fix the problem. Downloaded and ran Hijack - results follow but do not know what to do with them (fix, delete, good).
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\SYSTEM\MAJ.DLL/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\SYSTEM\MAJ.DLL/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\SYSTEM\MAJ.DLL/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\SYSTEM\MAJ.DLL/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\SYSTEM\MAJ.DLL/sp.html (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\SYSTEM\MAJ.DLL/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O2 - BHO: (no name) - {18A4A15C-BB02-11D8-A856-0010EEBBC696} - C:\WINDOWS\SYSTEM\MAJ.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHL.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [AtiKey] Atitask.exe
O4 - HKLM\..\Run: [USBMMKBD] usbmmkbd.exe
O4 - HKLM\..\Run: [HPScanPatch] C:\WINDOWS\SYSTEM\HPScanFix.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [VsStatEXE] C:\Program Files\McAfee\McAfee Office\McAfee VirusScan\VSSTAT.EXE /SHOWWARNING
O4 - HKLM\..\Run: [VsEcomrEXE] C:\Program Files\Network Associates\McAfee VirusScan\vsecomr.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\\Program Files\\DirectCD\\DIRECTCD.EXE
O4 - HKLM\..\Run: [LexStart] lexstart.exe
O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\SYSTEM\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [Lexmark X6100 Series] "C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe"
O4 - HKLM\..\Run: [piiserviceOE] "C:\PROGRAM FILES\IHATESPAM OUTLOOK EXPRESS\IHATESPAM OUTLOOK EXPRESS EDITION\piiserviceOE.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [USBMonit.exe] "C:\WINDOWS\SYSTEM\USBMonit.exe"
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [AvconsoleEXE] C:\Program Files\McAfee\McAfee Office\McAfee VirusScan\avconsol.exe /minimize
O4 - HKLM\..\Run: [Oil Change] C:\PROGRA~1\MCAFEE\MCAFEE~1\OILCHA~1\OCTray32.exe Start
O4 - HKLM\..\Run: [OneTouch Monitor] C:\PROGRA~1\VISION~2\OneTouchMon.exe
O4 - HKLM\..\Run: [KodakCCS] c:\windows\System32\Drivers\KodakCCS.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\MCAFEE.COM\VSO\MCMNHDLR.EXE" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "C:\PROGRA~1\MCAFEE.COM\VSO\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\MCAFEE.COM\AGENT\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\MCAFEE.COM\AGENT\MCUPDATE.EXE
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [P2P NETWORKING] C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE /AUTOSTART
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [zSPGuard] c:\program files\pjw\startpageguard\spguard.exe /s /r
O4 - HKLM\..\Run: [Ad-aware] "C:\PROGRAM FILES\LAVASOFT\AD-AWARE 6\AD-AWARE.EXE" +c
O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run
O4 - HKLM\..\RunServices: [Encompass_ENCMONTR] C:\Program Files\Encompass\ENCMONTR.EXE
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [ccEvtMgr] c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O4 - HKLM\..\RunServices: [McVsRte] C:\PROGRA~1\MCAFEE.COM\VSO\mcvsrte.exe /embedding
O4 - HKLM\..\RunServices: [AolAcsDaemon1] "C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [Reminder] C:\Program Files\Microsoft Money\System\reminder.exe
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [PPWebCap] C:\PROGRAM FILES\VISIONEER\PAPERPORT\PPWebCap.exe
O4 - HKCU\..\Run: [EasyMP3] C:\Program Files\South River Technologies\Easy Mp3 To Wav Maker\easymp3.exe -startup
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Real.com (HKLM)
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...AB?38037.16125
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents...r/imloader.cab


HELP!

[glc]

This is a tough one.

http://forum.pcmech.com/showthread.php?&threadid=100767

Check the thread that Lobos has provided a link to.

[Panama Red]

That's the rotten thing I'm referring to in this thread

http://forum.pcmech.com/showthread.p...hreadid=100830

Here's a link to the only way I found to get it gone. No software will remove it. It must be done manually and you'll need to be sharp with the Recovery Console and Registry Editing.

http://www.computercops.biz/postt43426.html

[akrytus]

That wont work either! I had the exact problem with mine! I sat and removed every single place that stupid thing could be found in the registry and it just comes back once you run iexplorer.exe. The about:blank page is found in at least 4 spots. Deleting them wont help. There is something else that accompanies it, cant remember what it is off hand, found all those locations and deleted them. Didnt work. That hijacker is all over the registry with several different names. I spent hours in the registry researching and learning it. I even reimaged mine, and still cant get rid of it. This requires a partition deletion, format and a re-install if you ask me! Hope I am wrong. Let me know if you ever fix it and how you did it.

[tarawalsh_lfc]

I had this for ages on my old computer..I tried everything to get rid of it..CWS, Ad Aware, HiJack This etc...they fixed the problem temporarily but it always came back. I think if I remember correctly I updated AVG and scanned and it was actually a virus called Startpage.AO, this removed it. But even then I'd get notices from AVG telling me that it had come back under a different filename.

[Panama Red]

Quote:

Originally posted by akrytus That wont work either! I had the exact problem with mine! I sat and removed every single place that stupid thing could be found in the registry and it just comes back once you run iexplorer.exe. The about:blank page is found in at least 4 spots. Deleting them wont help. There is something else that accompanies it, cant remember what it is off hand, found all those locations and deleted them. Didnt work. That hijacker is all over the registry with several different names. I spent hours in the registry researching and learning it. I even reimaged mine, and still cant get rid of it. This requires a partition deletion, format and a re-install if you ask me! Hope I am wrong. Let me know if you ever fix it and how you did it.

Ok, your hope is granted, you are wrong! Using the method I posted above it has not come back. I've been testing it all day and that method works. The difference is finding the key registry item using Reglite.exe. The native XP registry editor will not reveal the hidden culprit. All the programs mentioned only remove the entries that are not hidden.

[Lobos]

this one is possible to fix the other one that GLC pointed out they are still trying to fix i haven't seen a successful fix yet.
one fix gets made and two or three more varients come out

[glc]

All this crap is just making me more and more glad that I don't use IE.

[Panama Red]

Quote:

Originally posted by glc All this crap is just making me more and more glad that I don't use IE.

I'm getting real close to using something else myself so I can recommend it to customers. The scary part is that most folks have no idea where they get these infections.

[glc]

I've installed Firefox on a few customers' machines lately.