Hello Stradus,
Welcome to
MR Forum.
Looks like you have aboutblank infection. First of all, I want you to download and install another browser. For the moment I strongly suggest NOT to use Internet Explorer, because everytime you open it, new malware is getting downloaded.
So, I want you to use Firefox instead to browse the web and download the programs listed below.
When your system is all clean, you can use your IE again.
Here you can find firefox to download:
http://www.mozilla.org/products/firefox/
It may be a good idea to print these instructions so that you'll have access to them at all times, especially when you are in Safe Mode. Please read them carefully and follow them in the order they are presented.
Download
HSfix.zip and unzip it to your desktop.
Do not use it yet.
Download
About:Buster by RubberDucky. Once it is downloaded extract it to
c:\aboutbuster and check for updates.
Do NOT use it yet
Download
CWShredder by TrendMicro, install it, check for updates but again,
don't use it yet.
Please download
Ccleaner and save it to your desktop.
Tutorial for CCleaner
During the installation be sure to UN-check the box for "Ccleaner Yahoo Toolbar" unless you want it
Download and install
Ewido Anti-Malware
During the installation, uncheck the following under
Additional Options:
Install background guard
Install scan via context menu
Check for
updates but
do not run it yet.
===============================================
We'll need to disable the realtime protection programs so that they will not interfere with the fixes:
* Disable the Norton Script Blocking Service:
" To open Services, click Start, point to Settings, and then click Control Panel. Double-click Administrative Tools, and then double-click Services.
" Find ScriptBlocking services, Right-click the service, and then click and then click Properties. On the General tab, under Startup, click Disabled.
" Under Service Status, click Stop button. Click Apply button.
* Disable the Script Blocking In Norton Settings:
" Start Norton Antivirus.
" Click Options. If a menu appears when you click Options, then click Norton Antivirus. The Norton Antivirus Options dialog box appears.
" Click Script Blocking.
" Uncheck Enable Script Blocking (recommended).
" Click OK
MS AntiSpyware (MSAS) Beta
1. Right-click on the Microsoft Anti-Spyware icon in the system tray [it's the one with the red and yellow bulls-eye].
2. Click on "Security Agents Status".
3. Click on "Disable real-time protection".
You can reenable them afterwards when everything is all clean again.
================================================
Ensure hidden files and folders are set to show;
- Click Start.
- Open My Computer.
- Select the Tools menu and click Folder Options.
- Select the View Tab.
- Under the Hidden files and folders heading select Show hidden files and folders.
- Uncheck the Hide protected operating system files (recommended) option.
- Click Yes to confirm.
- Click OK.
=======================
Please disconnect from the Internet and unplug your modem for the duration of this fix. Please make sure that you have
printed the rest of these instructions.
=======================
Reboot your computer into Safe Mode by tapping
F8 while booting up and continue for the rest of the fix in
SAFE MODE
======================
While in safe mode, double click on the
HSfix.reg file you downloaded at the beginning. Grant it permission to add the registry items.
======================
Then Open
CWshredder that you downloaded in the first step.
Close all browser windows and click on the f
ix/next button.
======================
Now run hijackthis and click the scan button, when it has finished scanning put a check against the following.
Make sure that all other windows other than HijackThis are closed and click '
fix checked'
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\fkfdf.dll/sp.html#63796%resultposition.net
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {20104286-DF9D-55B7-3987-0E150B2624FB} - C:\WINDOWS\system32\crbb.dll (file missing)
O23 - Service: Network Security Service (NSS) ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\ntco32.exe" /s (file missing)
Exit HJThis but stay on
Safe Mode.
====================
Try next command via
start > run, type in:
sc delete NSS . Clikc on
ok
=====================
Still in
Safe Mode, go to
Start>Search>All Files and Folders and scrolldown using the scroll bar on the right. Go down to
More advanced options.
Be sure the first three boxes are selected:
Search System folders
Search Hidden Files and folders
Search SubFolders
Type in and search for the following files and
delete them, if found:
C:\WINDOWS\
ntco32.exe" /s
===============================================
From Safe Mode run Ccleaner
Click on
Options, Select
Advanced Now UNCHECK "
Only delete files in Windows Temp folders older than 48 hours"
Make sure the
Cleaner block on the left is selected. (
Do not use the "Issues" block) Choose the
Windows tab.
Check everything
EXCEPT Advanced part of the Menu.
Click on "
Analyze". This process could take a while.
If you don't want to loose your login passwords to certain sites, click on
Options, select
cookies and move the ones you want to keep to the "
cookies to keep" section, by highlighting and using the arrows in the middle.
Choose
Run Cleaner.
When CCleaner shows how much has been removed, cleaning is finished. Click
Exit.
If you have more than one users,
run Ccleaner for every user.
====================
Run about buster:
Now press
Windows key and
E key at the same time to bring up
Windows Explorer and navigate to the
c:\aboutbuster directory and double-click on
AboutBuster.exe. Click
Begin Removal to allow AboutBuster to scan. When it has finished, AboutBuster will open a '
Scan Completed' window. Click
OK. Another information window will open. Click on
Exit. AboutBuster will inform you that a log has been created. Click
OK. I will need you to post that log later.
==========================================================
Run Ewido.
Click on
Scanner
Click on
Complete System Scan and the scan will begin.
While the scan is in progress you will be prompted to clean files, click
OK
When it asks if you want to clean the first file, put a checkmark in the lower left corner of the box that says '
Perform action with all infections' then choose clean and click
OK.
Once the scan has completed, there will be a button located on the bottom of the screen named
Save report - click it.
Save the
report.txt file to your desktop.
Now close ewido security suite.
Warning: While the scan is in progress,
DO NOT open any folders or the Windows Control Panel !!
===============================================
Now reboot in Normal Mode.
===============================================
We need to see if we need to restore some deleted files:
Please check for the following files using the Windows Search Engine:
control.exe
rundll32.exe
wmplayer.exe
msconfig.exe
notepad.exe
shell.dll
SDHelper.dll
If any are missing or not working properly then you can download new copies from
Merijn's Files and follow the instructions at that site to install them where they belong for your OS.
============================================================
Reconnect to the internet. Please download
"
Hoster
" Unzip Hoster.zip
" Open Hoster.exe
" Then click on "Restore Original Hosts"
" Close program when complete.
" Empty Recycle Bin
" Reboot and "copy/paste" a new log file into this thread, after completing any other instructions given
Warning: if you use a customized hosts file to block certain sites then this will overwrite all those entries as well and you will need to re enter them
=============================================================
Finally, run
Panda's ActiveScan and perform a full system scan.
" Once you are on the Panda site click the Scan your PC button.
" A new window will open...click the big Check Now button.
" Enter your Country.
" Enter your State/Province.
" Enter your e-mail address.
" Select either Home User or Company.
" Click the big Scan Now button.
" Allow the ActiveX component to install and download the files required for the scan. This may take a couple of minutes.
" Click on Local Disks to start the scan.
Upon scan completion, if anything malicious is detected, click See Report, then click Save Report and save it to your Desktop.
================================================================
Now reboot and run
hijackthis again and post
a fresh log along with the
about buster log, the
Ewido log and
the Panda report