Jump to content
Washington DC Message Boards


Guest Ez2k3

Recommended Posts

Which DLL file is the about:blank page located in? My friend clicked on ad that said: "You got spyware" (he was so stupid to belive it :angry: ), and now i got some kinda virus, and i want to remove it by my self...I guess i only open the DLL file then go to the directory where the HTML files are located, and then remove the code, and set in the new code i want in...

But if anyone knows where i can find that file please reply.

Link to comment
Share on other sites

  • 5 weeks later...

Programs Needed:


Reglite.exe (available at “ http://www.resplendence.com/download/reglite.exe ”)


Microsoft Recovery Console

(an option available on your Windows CD or root drive) run “X:i386winnt32.exe /cmdcons” where “X” is either CD drive letter or is “C” for your root.



(available at “ http://download.com.com/3000-2144-10227352.html”)




There are two application extensions (.dll) files that Need to be deleted. One is hidden, one is detected with “HiJackThis.exe”


1) With “Reglite.exe” find name of hidden file:


Double Click on “AppInit_DLLs” located in “HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindows” The “value” window reveals the hidden file name. (mine was “hlpl.dll”, yours may be different!) In this example let’s call it “hidden.dll”


2) Rename the hidden file:


Close Windows and reboot using “Windows Recovery Console” Go to “c:Windowssystem32” and do two things. Change file from read only by typing “attrib –r hidden.dll” Then rename it (I don’t know why, but this procedure did not work until I renamed it) type “rename hidden.dll nasty.dll” (and remember that “hidden.dll” is for this explanation only use the name you found earlier) Type “exit” and reboot to Windows.


3) Edit registry to remove hidden file


Run “reglite.exe” again. Double Click on “AppInit_DLLs” located in “HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindows” Delete the file in “value” window, the “size” window changes also. “Apply” changes and exit “reglite.exe”


4) Edit registry to remove the second file


Run “HiJackThis.exe” and scan the registry. Check the boxes to remove the following entries:

“R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = res://C:WINDOWSSystem32jheckb.dll/sp.html (obfuscated)

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = res://C:WINDOWSSystem32jheckb.dll/sp.html (obfuscated)

R1 - HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = res://C:WINDOWSSystem32jheckb.dll/sp.html (obfuscated)

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = res://C:WINDOWSSystem32jheckb.dll/sp.html (obfuscated)

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = res://C:WINDOWSSystem32jheckb.dll/sp.html (obfuscated)

R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = res://C:WINDOWSSystem32jheckb.dll/sp.html (obfuscated)

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,HomeOldSP = about:blank” (as you can see my second .dll was called “jheckb.dll” yours may be different) For this example let’s call it “obvious.dll”.


Finally delete the two .dlls (“hidden.dll” and “obvious.dll”).


You should be running again.


Be careful.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Create New...