Jump to content
DC Message Boards
Sign in to follow this  
Guest Ez2k3

About:blank!!!

Recommended Posts

Guest Ez2k3

Which DLL file is the about:blank page located in? My friend clicked on ad that said: "You got spyware" (he was so stupid to belive it :angry: ), and now i got some kinda virus, and i want to remove it by my self...I guess i only open the DLL file then go to the directory where the HTML files are located, and then remove the code, and set in the new code i want in...

But if anyone knows where i can find that file please reply.

Share this post


Link to post
Share on other sites

Programs Needed:

 

Reglite.exe (available at “ http://www.resplendence.com/download/reglite.exe ”)

 

Microsoft Recovery Console

(an option available on your Windows CD or root drive) run “X:i386winnt32.exe /cmdcons” where “X” is either CD drive letter or is “C” for your root.

 

HiJackThis.exe

(available at “ http://download.com.com/3000-2144-10227352.html”)

 

 

 

There are two application extensions (.dll) files that Need to be deleted. One is hidden, one is detected with “HiJackThis.exe”

 

1) With “Reglite.exe” find name of hidden file:

 

Double Click on “AppInit_DLLs” located in “HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindows” The “value” window reveals the hidden file name. (mine was “hlpl.dll”, yours may be different!) In this example let’s call it “hidden.dll”

 

2) Rename the hidden file:

 

Close Windows and reboot using “Windows Recovery Console” Go to “c:Windowssystem32” and do two things. Change file from read only by typing “attrib –r hidden.dll” Then rename it (I don’t know why, but this procedure did not work until I renamed it) type “rename hidden.dll nasty.dll” (and remember that “hidden.dll” is for this explanation only use the name you found earlier) Type “exit” and reboot to Windows.

 

3) Edit registry to remove hidden file

 

Run “reglite.exe” again. Double Click on “AppInit_DLLs” located in “HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindows” Delete the file in “value” window, the “size” window changes also. “Apply” changes and exit “reglite.exe”

 

4) Edit registry to remove the second file

 

Run “HiJackThis.exe” and scan the registry. Check the boxes to remove the following entries:

“R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = res://C:WINDOWSSystem32jheckb.dll/sp.html (obfuscated)

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = res://C:WINDOWSSystem32jheckb.dll/sp.html (obfuscated)

R1 - HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = res://C:WINDOWSSystem32jheckb.dll/sp.html (obfuscated)

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = res://C:WINDOWSSystem32jheckb.dll/sp.html (obfuscated)

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = res://C:WINDOWSSystem32jheckb.dll/sp.html (obfuscated)

R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = res://C:WINDOWSSystem32jheckb.dll/sp.html (obfuscated)

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,HomeOldSP = about:blank” (as you can see my second .dll was called “jheckb.dll” yours may be different) For this example let’s call it “obvious.dll”.

 

Finally delete the two .dlls (“hidden.dll” and “obvious.dll”).

 

You should be running again.

 

Be careful.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this  

×