about:blank in IE

Status
Not open for further replies.
K

kitty500cat

Posts: 1,391   +6
Sometimes in IE, when I close a window, it will say about:blank in the title; I did a screen shot as it was doing that.

Sometimes, I think, it will not even have anything in the window. It will close eventually, or maybe sometimes it will lock up (just that session of IE). As far as I know, my computer has no viruses, but maybe. :(
any help appreciated; if you help, thanks in advance.
 
That may be caused by a virus/spyware infection.

Go and read this thread HERE.

Post a HJT log as a .txt attachment into this thread and I`ll take a look and see what I can find, if anything.

Regards Howard :)
 
Amongst other things, you have the Sony drm rootkit.

Go HERE and download and run the Windows malicious software removal tool.

download and run LSPFix from http://cexx.org/lspfix.htm

Use these instructions to remove the bad DLL:
1. Run LSPFix.
2. Check 'I know what I'm doing'.
3. Select inetcntrl.dll
4. Click the right-pointing arrow (moves it to the "remove" page).
5. Click 'Finished'.

6. Restart your computer in "Safe Mode" (F5 or F8 when starting Windows).
7. Delete the file: inetcntrl.dll Do NOT delete ANY other files!
8. Restart your computer and bring it up in normal mode.

Then follow the rest of these instructions.

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Boot into safe mode, under your normal user name. See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html

Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html

Go to add remove programmes in your control panel and uninstall anything to do with(if there).

AccuWeatherDesktopAlerts

Close control panel.

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

AccuWeatherDesktopAlerts.exe
ALCXMNTR.EXE

Close task manager.

Run HJT with no other programmes open(except notepad).Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=presario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"

N4 - Mozilla: user_pref("browser.startup.homepage", "file:///C:/documents%20and%20settings/compaq_owner/my%20documents/html/tmr/index.html"); (C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Profiles\default\k2r9cm3t.slt\prefs.js)
N4 - Mozilla: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5Cmozilla.org%5CSeaMonkey%5Csearchplugins%5Cgoogle.src"); (C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Profiles\default\k2r9cm3t.slt\prefs.js)


O1 - Hosts: comments (such as these) may be inserted on individual
O1 - Hosts: 216.19.0.250 idenupdate.motorola.com

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

O4 - HKCU\..\Run: [AccuWeatherDesktopAlerts] C:\Program Files\AccuWeatherDesktopAlerts\AccuWeatherDesktopAlerts.exe

O10 - Broken Internet access because of LSP provider 'inetcntrl.dll' missing

O16 - DPF: {00C0A1F2-D492-4DBA-A8E2-76CB1B791724} (TNPLDownloader Control) - https://dtwx2.accuweather.com/tnpl_awda/client/download/TNPLDownloader.cab

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSe tup1.0.0.15.cab

O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/FujifilmUploadClient.cab

O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} (SimCityX Control) - http://simcity.ea.com/play/classic/SimCityX.cab

O16 - DPF: {D3D83E08-54D1-4E9D-8EAF-9F979D139294} (MaxisSimCityScapeTeleX Control) - http://simcity.ea.com/scape/teleport/MaxisSimCityScapeTeleX.cab

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or directories(if there).

C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\AccuWeatherDesktopAlerts

Reboot into normal mode and turn system restore back on.

Post a fresh HJT log.

Regards Howard :)

This thread is for the use of kitty500cat only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Not to be argumentative, but I thought inetcntrl.exe was for the Bsafe internet filter on my computer (it actually belongs to my parents; I don't want to mess anything up). Is the dll different than the exe? I just don't want to cause the filter to stop working. Will it stop the filter or mess it up?
Thanks
 
The reason you need to run the lsp fix, is because of this entry in your HJT log.

O10 - Broken Internet access because of LSP provider 'inetcntrl.dll' missing

Regards Howard :)
 
See, I [dumbly] had LSP-fix do an auto fix before I followed your instructions. So then inetcntrl doesn't show up anymore. Or did it do automatically what I would have done manually? (sorry to drag this out so long).
edit: never mind, I am ready now to keep following instructions.
 
It seems to have worked. At first there were a couple problems, like Norton Antivirus had some trouble, and I couldn't get onto internet, but now, I think, those problems are worked out. Here is my HJT log.
Thanks
kitty500cat

Now I have a problem. The internet filter that my parents have (American Family Filter) will not work. Did the file inetcntrl.dll get deleted? Because if it did, I think it was part of the filter.
 
The sony rootkit is still on your system.

Download and follow the instructions for this tool HERE.

As for the American Family Filter problem, just reinstall it.

Post a fresh HJT log after doing the above.

Regards Howard.

This thread is for the use of kitty500cat only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
rootkit remover, HJT log

The sony rootkit remover did not find anything, but here is my HJT log.
thanks a lot, as I would have no idea what to do otherwise
kitty500cat
 
Download, install, update and run the Microsoft Windows defender programme. This is supposed to get rid of the Sony drm rootkit, which is still in your HJT log.

You can get it HERE.

Post a fresh HJT log after doing the above.

Regards Howard :)
 
Windows Defender run, HJT log

I ran Windows Defender, but as far as I know, it didn't find anything. For some reason it can't renew the definitions. Here is my HiJackThis log.
thanks
kitty500cat
 
The drm rootkit is still there according to your HJT log.

Go HERE and follow the instructions exactly for manual removal.

Post a fresh HJT log after doing the above.

Regards Howard :)
 
There is no aries.sys in the folder that it said. However, there is the file $sys$drmserver with whatever extension. Does $sys$drmserver.exe need to be deleted?
thanks
P.S. HJT log attached
 
You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Boot into safe mode, under your normal user name. See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html

Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html

Click start/run and type services.msc into the run box and press the enter key.

When the window appears, maximise it. Double click on the following services(if there) and select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.

XCP CD Proxy (CD_Proxy)
$sys$DRMServer

Close the services window.

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

$sys$DRMServer.exe
CDProxyServ.exe

Close task manager.

Run HJT with no other programmes open(except notepad).Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSe tup1.0.0.15.cab

O23 - Service: Plug and Play Device Manager ($sys$DRMServer) - First 4 Internet Ltd - C:\WINDOWS\system32\$sys$filesystem\$sys$DRMServer.exe

O23 - Service: XCP CD Proxy (CD_Proxy) - Unknown owner - C:\WINDOWS\CDProxyServ.exe

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or directories(if there).

C:\WINDOWS\CDProxyServ.exe
C:\WINDOWS\system32\$sys$filesystem\$sys$DRMServer.exe

Reboot into normal mode and turn system restore back on.

Post a fresh HJT log and let me know how your system is running.

You might as well uninstall the Windows defender programme.

Regards Howard :)
 
Have HJT fix this entry.

O23 - Service: Plug and Play Device Manager ($sys$DRMServer) - Unknown owner - C:\WINDOWS\system32\$sys$filesystem\$sys$DRMServer.exe (file missing)

Other than that, your HJT log is clean.

Phew, that was hard work lol.

If you have any further virus/spyware problems, please post in this thread.

Regards Howard :)

This thread is for the use of kitty500cat only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
I fixed that entry w/HijackThis. That took awhile, but now I think it's all straightened out. thanks for your help
kitty500cat
 
explorer.exe targeting Norton file?

For some reason, Norton says in the Log Viewer that it blocked C:\Windows\explorer.exe from unauthorized access. The target was C:\Program Files\Common Files\Symantec Shared\Symdlbrg.dll. I assume that C:\Windows\explorer.exe is the same explorer that displays all your icons and your taskbar. So can explorer.exe act up as a security risk, or is Norton just being picky?
thanks
kitty500cat
 
Symdlbrg.dll is part of your Symantec/Norton crapware.

The best advice I can give you is to get rid of Symantec altogether and get the free AVG antivirus and either the free Zonealarm or the free Kerio firewall programmes. You can get them HERE, HERE and HERE.

Once you`ve downloaded those, disconnect from the net and uninstall Symantec/Norton from add remove programmes in your control panel. You will probably need to uninstall in several pieces, rebooting your system inbetween. Once Symantec/Norton is completely uninstalled, install whichever firewall you chose, followed by AVG. Reboot your system the required number of times and reconnect to the net. Run the AVG updates.

Boot into safe mode and run a full system scan with AVG. Delete whatever it finds and reboot into normal mode.

You will probably see a performance boost to your system.

Regards Howard :)
 
Yeah, when I get my computer I will probably run AVG, but this is my dad's. I just wasn't sure if explorer.exe would do anything bad, like if it would get modified by some malware to do something people wouldn't expect that exe to do. Thanks
kitty500cat
 
Status
Not open for further replies.

Similar threads

C
Differences in Internet Providers?
Replies
1
Views
297
Nelson28
N
E
I have been taken over by a software called Astanda using XML to Log everything and roaming to an SQL server.
Replies
0
Views
480
eriksnyman1
E
AnilD
Instagram is not loading on any desktop browser - here's a fix
Replies
0
Views
2K
AnilD
AnilD

Latest posts

Back