TechSpot

about:blank in IE

By kitty500cat
Aug 2, 2006
  1. Sometimes in IE, when I close a window, it will say about:blank in the title; I did a screen shot as it was doing that.
    [​IMG]
    Sometimes, I think, it will not even have anything in the window. It will close eventually, or maybe sometimes it will lock up (just that session of IE). As far as I know, my computer has no viruses, but maybe. :(
    any help appreciated; if you help, thanks in advance.
     
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    That may be caused by a virus/spyware infection.

    Go and read this thread HERE.

    Post a HJT log as a .txt attachment into this thread and I`ll take a look and see what I can find, if anything.

    Regards Howard :)
     
  3. kitty500cat

    kitty500cat TS Evangelist Topic Starter Posts: 2,154   +6

    HJT log cuz of possible about:blank

    Here is my HJT log.
    Thanks Howard
    kitty500cat
     
  4. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Amongst other things, you have the Sony drm rootkit.

    Go HERE and download and run the Windows malicious software removal tool.

    download and run LSPFix from http://cexx.org/lspfix.htm

    Use these instructions to remove the bad DLL:
    1. Run LSPFix.
    2. Check 'I know what I'm doing'.
    3. Select inetcntrl.dll
    4. Click the right-pointing arrow (moves it to the "remove" page).
    5. Click 'Finished'.

    6. Restart your computer in "Safe Mode" (F5 or F8 when starting Windows).
    7. Delete the file: inetcntrl.dll Do NOT delete ANY other files!
    8. Restart your computer and bring it up in normal mode.

    Then follow the rest of these instructions.

    You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

    Boot into safe mode, under your normal user name. See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html

    Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html

    Go to add remove programmes in your control panel and uninstall anything to do with(if there).

    AccuWeatherDesktopAlerts

    Close control panel.

    Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

    Click on the processes tab and end process for(if there).

    AccuWeatherDesktopAlerts.exe
    ALCXMNTR.EXE

    Close task manager.

    Run HJT with no other programmes open(except notepad).Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=presario&pf=desktop
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"

    N4 - Mozilla: user_pref("browser.startup.homepage", "file:///C:/documents%20and%20settings/compaq_owner/my%20documents/html/tmr/index.html"); (C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Profiles\default\k2r9cm3t.slt\prefs.js)
    N4 - Mozilla: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5Cmozilla.org%5CSeaMonkey%5Csearchplugins%5Cgoogle.src"); (C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Profiles\default\k2r9cm3t.slt\prefs.js)


    O1 - Hosts: comments (such as these) may be inserted on individual
    O1 - Hosts: 216.19.0.250 idenupdate.motorola.com

    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

    O4 - HKCU\..\Run: [AccuWeatherDesktopAlerts] C:\Program Files\AccuWeatherDesktopAlerts\AccuWeatherDesktopAlerts.exe

    O10 - Broken Internet access because of LSP provider 'inetcntrl.dll' missing

    O16 - DPF: {00C0A1F2-D492-4DBA-A8E2-76CB1B791724} (TNPLDownloader Control) - https://dtwx2.accuweather.com/tnpl_awda/client/download/TNPLDownloader.cab

    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSe tup1.0.0.15.cab

    O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/FujifilmUploadClient.cab

    O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} (SimCityX Control) - http://simcity.ea.com/play/classic/SimCityX.cab

    O16 - DPF: {D3D83E08-54D1-4E9D-8EAF-9F979D139294} (MaxisSimCityScapeTeleX Control) - http://simcity.ea.com/scape/teleport/MaxisSimCityScapeTeleX.cab

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files and/or directories(if there).

    C:\WINDOWS\ALCXMNTR.EXE
    C:\Program Files\AccuWeatherDesktopAlerts

    Reboot into normal mode and turn system restore back on.

    Post a fresh HJT log.

    Regards Howard :)

    This thread is for the use of kitty500cat only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  5. kitty500cat

    kitty500cat TS Evangelist Topic Starter Posts: 2,154   +6

    Not to be argumentative, but I thought inetcntrl.exe was for the Bsafe internet filter on my computer (it actually belongs to my parents; I don't want to mess anything up). Is the dll different than the exe? I just don't want to cause the filter to stop working. Will it stop the filter or mess it up?
    Thanks
     
  6. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    The reason you need to run the lsp fix, is because of this entry in your HJT log.

    O10 - Broken Internet access because of LSP provider 'inetcntrl.dll' missing

    Regards Howard :)
     
  7. kitty500cat

    kitty500cat TS Evangelist Topic Starter Posts: 2,154   +6

    See, I [dumbly] had LSP-fix do an auto fix before I followed your instructions. So then inetcntrl doesn't show up anymore. Or did it do automatically what I would have done manually? (sorry to drag this out so long).
    edit: never mind, I am ready now to keep following instructions.
     
  8. kitty500cat

    kitty500cat TS Evangelist Topic Starter Posts: 2,154   +6

    It seems to have worked. At first there were a couple problems, like Norton Antivirus had some trouble, and I couldn't get onto internet, but now, I think, those problems are worked out. Here is my HJT log.
    Thanks
    kitty500cat

    Now I have a problem. The internet filter that my parents have (American Family Filter) will not work. Did the file inetcntrl.dll get deleted? Because if it did, I think it was part of the filter.
     
  9. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    The sony rootkit is still on your system.

    Download and follow the instructions for this tool HERE.

    As for the American Family Filter problem, just reinstall it.

    Post a fresh HJT log after doing the above.

    Regards Howard.

    This thread is for the use of kitty500cat only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  10. kitty500cat

    kitty500cat TS Evangelist Topic Starter Posts: 2,154   +6

    rootkit remover, HJT log

    The sony rootkit remover did not find anything, but here is my HJT log.
    thanks a lot, as I would have no idea what to do otherwise
    kitty500cat
     
  11. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Download, install, update and run the Microsoft Windows defender programme. This is supposed to get rid of the Sony drm rootkit, which is still in your HJT log.

    You can get it HERE.

    Post a fresh HJT log after doing the above.

    Regards Howard :)
     
  12. kitty500cat

    kitty500cat TS Evangelist Topic Starter Posts: 2,154   +6

    Windows Defender run, HJT log

    I ran Windows Defender, but as far as I know, it didn't find anything. For some reason it can't renew the definitions. Here is my HiJackThis log.
    thanks
    kitty500cat
     
  13. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    The drm rootkit is still there according to your HJT log.

    Go HERE and follow the instructions exactly for manual removal.

    Post a fresh HJT log after doing the above.

    Regards Howard :)
     
  14. kitty500cat

    kitty500cat TS Evangelist Topic Starter Posts: 2,154   +6

    There is no aries.sys in the folder that it said. However, there is the file $sys$drmserver with whatever extension. Does $sys$drmserver.exe need to be deleted?
    thanks
    P.S. HJT log attached
     
  15. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

    Boot into safe mode, under your normal user name. See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html

    Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html

    Click start/run and type services.msc into the run box and press the enter key.

    When the window appears, maximise it. Double click on the following services(if there) and select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.

    XCP CD Proxy (CD_Proxy)
    $sys$DRMServer

    Close the services window.

    Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

    Click on the processes tab and end process for(if there).

    $sys$DRMServer.exe
    CDProxyServ.exe

    Close task manager.

    Run HJT with no other programmes open(except notepad).Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSe tup1.0.0.15.cab

    O23 - Service: Plug and Play Device Manager ($sys$DRMServer) - First 4 Internet Ltd - C:\WINDOWS\system32\$sys$filesystem\$sys$DRMServer.exe

    O23 - Service: XCP CD Proxy (CD_Proxy) - Unknown owner - C:\WINDOWS\CDProxyServ.exe

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files and/or directories(if there).

    C:\WINDOWS\CDProxyServ.exe
    C:\WINDOWS\system32\$sys$filesystem\$sys$DRMServer.exe

    Reboot into normal mode and turn system restore back on.

    Post a fresh HJT log and let me know how your system is running.

    You might as well uninstall the Windows defender programme.

    Regards Howard :)
     
  16. kitty500cat

    kitty500cat TS Evangelist Topic Starter Posts: 2,154   +6

    I did what you said, here is my HJT log.
    thanks
    kitty500cat
     
  17. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Have HJT fix this entry.

    O23 - Service: Plug and Play Device Manager ($sys$DRMServer) - Unknown owner - C:\WINDOWS\system32\$sys$filesystem\$sys$DRMServer.exe (file missing)

    Other than that, your HJT log is clean.

    Phew, that was hard work lol.

    If you have any further virus/spyware problems, please post in this thread.

    Regards Howard :)

    This thread is for the use of kitty500cat only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  18. kitty500cat

    kitty500cat TS Evangelist Topic Starter Posts: 2,154   +6

    I fixed that entry w/HijackThis. That took awhile, but now I think it's all straightened out. thanks for your help
    kitty500cat
     
  19. kitty500cat

    kitty500cat TS Evangelist Topic Starter Posts: 2,154   +6

    explorer.exe targeting Norton file?

    For some reason, Norton says in the Log Viewer that it blocked C:\Windows\explorer.exe from unauthorized access. The target was C:\Program Files\Common Files\Symantec Shared\Symdlbrg.dll. I assume that C:\Windows\explorer.exe is the same explorer that displays all your icons and your taskbar. So can explorer.exe act up as a security risk, or is Norton just being picky?
    thanks
    kitty500cat
     
  20. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Symdlbrg.dll is part of your Symantec/Norton crapware.

    The best advice I can give you is to get rid of Symantec altogether and get the free AVG antivirus and either the free Zonealarm or the free Kerio firewall programmes. You can get them HERE, HERE and HERE.

    Once you`ve downloaded those, disconnect from the net and uninstall Symantec/Norton from add remove programmes in your control panel. You will probably need to uninstall in several pieces, rebooting your system inbetween. Once Symantec/Norton is completely uninstalled, install whichever firewall you chose, followed by AVG. Reboot your system the required number of times and reconnect to the net. Run the AVG updates.

    Boot into safe mode and run a full system scan with AVG. Delete whatever it finds and reboot into normal mode.

    You will probably see a performance boost to your system.

    Regards Howard :)
     
  21. kitty500cat

    kitty500cat TS Evangelist Topic Starter Posts: 2,154   +6

    Yeah, when I get my computer I will probably run AVG, but this is my dad's. I just wasn't sure if explorer.exe would do anything bad, like if it would get modified by some malware to do something people wouldn't expect that exe to do. Thanks
    kitty500cat
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...