Forum

Free news

FREE blog

Donate

Search

Subscribe

jews/911

Feedback

dna

Gun poll

RCC

AIDS

Home

Fathers

Surveys

Holocaust

IQ

14th Amdt

19th Amdt

Israelites

NWO

Homicide

Blacks

Whites

Signatory

Talmud

Watchman

Gaelic

Traitors

Health?

 

 

 

 

 

ctlabhp.dll 61c00000 61440 c:\winnt\system32\ctlabhp.dll

 

 

March 24, 2004:

 

[Update] If your browser has been hijacked to drxcount.biz, real-yellow-page.com, list2004.com or linklist.cc:
We are working on a fix for this one and drawing near to an automated solution. This is by far the most sophisticated CWS variant seen to date, and it will take some time before CWShredder will be able to remove it.

The following *updated* manual fix should work:

Download this zip: http://www.zerosrealm.com/downloads/pv.zip, unzip it to the desktop.
Be sure to have at least 1 Internet Explorer open, then double click on the runme.bat.
Notepad will open with a log in it Look for a line with this file, size and beginning to it. The filename will always be different:
winajbm.dll 61c00000 61440 c:\windows\system32\winajbm.dll

This part indicates the bad file:
61c00000 61440
It will always start with that header.
Write down the filename behind it.

Now download KillBox:
http://download.broadbandmedic.com/VbStuff/KillBox.zip
Unzip and run it.
Don't click any of the buttons though, instead please click on the Action menu and choose "Delete on Reboot".
On the next screen, click on the File menu and choose "Add File". The file you copied earlier should now show up in the window. If that's successful, choose the Action menu and select "Process and Reboot". You'll be prompted to reboot, do so.
After rebooting, make sure the file is gone.

If this doesn't work, search on the SpywareInfo forums for topics posted by users with the same problem and read those. If none of the solutions you find work, make a new thread and ask for help.

 

 

 

  

  Home

Register

Calendar

Get New

Quick Links



Go Back  dBforums > Usenet Groups > microsoft.public.* > microsoft.public.security > "About Blank" pop-ups-What are they?


Reply

 

Thread Tools Search this Thread Display Modes

  #76  

Old 04-18-04, 15:06

jn25000 jn25000 is offline

Registered User

Join Date: Apr 2004

Location: California

Posts: 2

I had this problem for over a week and happend to find this forum in a desperate search to rid of this piece of crap from my machine.
I don't know much about computers, but I think I may have cleaned my system for it's been a day and a half since the last occurance.
I hope this may help:

First it is very important that when you are not using your online browser when you go thru these steps. I will try to explain as much of the detail that I can so that maybe somebody with actual computer knowledge may be able to get to the main cause of this problem.
As you know by now a new dll file would return within a day of using the shredder program. (first make sure you have the latest ver 1.56.2)
There happened to be another file in my winnt sys32 directory that was named hlp.dll (this may be different for others? approx size 17-20kb)
I was leary of this file and tried to delete it in safe-mode dos prompt,
the problem was that dos did'nt see it in the directory.
Went back to normal win explorer and the file was there. According to the attributes it was a normal file (not hidden)
About the same time that happend, I got lucky and a program called The Killbox http://download.broadbandmedic.com/VbStuff/KillBox.zip
ran the hlp.dll thru killbox & it stated that it was not a file (I never saw that before). I was just about ready to delete the file (you must choose Delete On Reboot option) because I cleaned out my register and knew my temp files had to be empty. Using windows explorer I checked my temp directory Example C:\Documents and Settings\John\Local Settings\Temporary Internet Files the folder was empty showing 0kb
but when I checked the properties it showed 3 files (2 are sys files) & total kb around 900.
Therefore I used the dos prompt & went to the directory. Using the attrib command, I found a file named index.dat hidden there (864kb), went back to the killbox program & added the index.dat file and let her rip. (note: run the CWShredder program first) When windows rebooted it started in safe mode, I just chose the normal process and went straight to the registry to check this entry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\Cu rrentVersion\Windows AppInit_DLLs prior to my removal of the two files along with what the shredder removed, the value of that reg entry was blank, however now it looked like this HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\Cu rrentVersion\Windows AppInit_DLLs = c:\windows\system32\hlp.dll
upon which then I modified it back to the value = blank

Have not had any problems since, (approx 36 hrs) but I have to believe that there may be some other file that was used to enter that value.
Sorry for the long post, I hope this may help to find a permanent solution.

  #77  

Old 04-18-04, 23:05

Guevara Guevara is offline

Registered User

Join Date: Apr 2004

Posts: 1

Gone to far !!

horizontal rule

Hey there

I came across this page while searching Google for some
help with this " About Blank " browser hijacking.

I have tried many different things to get rid of it and it only
comes right back. Now i may not be going through the right
process totally , but like i said i have tried different methods.
At this point i have the reached the limit of my Patience and
am very FRUSTRATED !!

This kind of stuff really pisses people off.
I don't care what you want me to Buy ! don't Hijack my
machine and alter my everyday internet surfing.

Here is a Link on the topic from McAfee :
http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=101094


Also i have taken the time to Track down the parties responsible
in this matter. The page i get on my Browser start page is set to
http://66.117.38.91 ( which is http://findemnow.com )

I did the Whois lookup on the domain and here is the info :

Registered through: GoDaddy.com (http://www.godaddy.com)
Domain Name: FINDEMNOW.COM
Created on: 31-Jul-03
Expires on: 31-Jul-04
Last Updated on: 01-Mar-04

Administrative Contact:
Smirnoff, Alex mail@ddress.com
Immortality Corp.
34-20 Calle 34
Panama 5
Panama
13602376444 Fax -- 13602376444
Domain servers in listed order:
NS1.MYDOMAIN.COM
NS2.MYDOMAIN.COM
NS3.MYDOMAIN.COM

I searched Immortality Corp in Google and it gave these 2 sites that
are Affiliated with Immortality Corp :

http://www.monline.org.ua
http://www.immortality.ru

info@immortality.ru


The Russian domain Registry has Info for the site http://www.immortality.ru as :

domain: IMMORTALITY.RU
type: CORPORATE
nserver: ns.orbita.ru.
nserver: ns2.orbita.ru.
state: REGISTERED, DELEGATED
org: Immortality Corp.
phone: +1 36 02376444
fax-no: +1 36 02376444
e-mail: mail@ddress.com
registrar: RUCENTER-REG-RIPN
created: 2002.02.04
paid-till: 2005.02.04


I have since sent an email to all email addy's i could find
and mentioning that i will contact not only the FTC but also
all of the Affliates / Partners that they are linking to.
The threat of losing potential income should get them thinking.


I'll keep ya posted !

  #78  

Old 04-19-04, 21:25

jb5446 jb5446 is offline

Registered User

Join Date: Apr 2004

Posts: 3

Quote:

[SIZE=1]Originally posted by jn25000
Have not had any problems since, (approx 36 hrs) but I have to believe that there may be some other file that was used to enter that value.
Sorry for the long post, I hope this may help to find a permanent solution. [SIZE=1]

Had the same problem as you did -- kept using CWS shredder and HiJack to find and kill this about:blank homepage but it kept coming back within a day or so. During this time I noticed a file called sqlaaia.dll in my system32 directory about which I could find zero info anywhere on the Internet. It was not a MS file but I couldnt delete in Windows and when I booted to safe mode the file could not be found by DOS at all. Furthermore, IE was hooking this file every time it started yet there was no reference to it in the registry.

I knew this file was doing evil but couldn't figure out how to get rid of it til I came across this page:

http://www.spywareinfo.com/~merijn/...#realyellowpage

This Merjin dude has an excellent site devoted to all the variants of the Cool Web Shredder bug with explicit descriptions and removal instructions. Merlin, whomever the hell you are, thank you very much and keep up the good work!!

Check this site out and if you are one of those who run all the fixes like HIjack and CWS but still have the about:blnk pages come back, pay special attention to the RealyellowPage section. I ran the pv utility and sure enough, the offending file is the said sqlaaia.dll. I'm getting ready to download the Killbox utility now and git rid of this sucker once and for all.

Thanks again Merjin, I really appreciate your efforts!

  #79  

Old 04-20-04, 21:04

willaffectyou willaffectyou is offline

Registered User

Join Date: Apr 2004

Posts: 1

about:blank

horizontal rule

this may only help some of you's... i am no expert...but here how i got rid of it...i first ran my virus scan and got rid of a trojan...had to quarenteen.. then go back and delete after rebooting...then.. i have hijack this on my computer... i did make a copy of my list when my computer was running fine.. it helps to compare before just fixing and deleteing... scan and see at the top under.. "R1" files related to about blank... check them and fix...it will ask to save or back up... click yes...next, if you know the day..about:blank was created... when it affected your computer do a search under start... select search- files and folders- ...look for search options... check date box and set dates for the date you were affected.. in the drop down box ...select "files created" this will display all the files created that day... your culprit is in there... under .dll... maybe different names for different bugs... but if you have the right day... there may only be one in there... locate the file by highlighting it and see where it is..."find it thru my computer"... (ex--C/WINNT/SYSTEM32) change the name and the extension.. i usually put delete in front of the name and change the ext to .txt...(ex msxplxx.dll would change to deletemsxplxx.txt that way if my guess was wrong... i just edit out the "delete" and change the ext back to dll...move the file to a familar place like your personal file under my documents..so you can find it easy... one good clue for me is if i try to delete it right away and if it won't let me.. it means its up and running.. probably the culprit.... i reboot..."my logic" is: if it can't find it... then it can't run it... i then go to where i put it and delete it... i ve done this with many of the search-bloodsucker with good success... the key is knowing what to delete in hijack and knowing the day of infection and searching... for files created that day... the only thing i have under R1 in hijack is HKCU\SOFTWARE\MICROSOFT\INTERNETEXPLORER\MAIN,SEAR CHASSISTANT= CAUTION... THAT MAY OR MAY NOT HELP YOU...IN THE FIX FOR HIJACK... if you choose wrong you can go to the saved stuff and restore...good luck...stay on top of the files being created in your computer... it will help... if you didn't create them and there not a note pad or temp file... they probably don't belong there...my guess... eric

  #80  

Old 04-21-04, 10:12

Bonesaw Bonesaw is offline

Registered User

Join Date: Apr 2004

Posts: 3

Well guys..I feel your pain as I too am infected with this damn about.blank highjacker.

Here are some thoughts.

Since my discovery of the problem I have searched mutiple forums for answers. I have noticed that the amount of users that have seeked out help on these forums have grown at an alarming rate. It seems like this problem is spreading quickly.

I have tried most of the listed solutions including CW Shredder, Adware, HighjackThis, and so on....nothing has kept it away for longer then a few hours.

My plan is to attempt a few more things listed earlier in this thread with the dll files and such but I don't expect it to help.

Sadly, since I am by no means a computer expert, and am scared to dig too deep into my system while deleting files that may or may not be affected, I think my last resort may be my only real option. And that is to do a complete clean and sweep of my harddrive and reload windows from scratch. This is depressing because I just had to do this same thing a few months ago due to this type of problem. Granted at that time I had no virus protection software, but now this time around I have Trend Micro's software and I still was infected.

I guess if anybody has any concrete solution, it would be greatly appreciated if they would repost it as sort of a "refresher course" for this thread with step by step instructions for those of us who aren't experts. Hell, if it actually works I'd send a checkfor twenty bucks in the mail to whoever was the savior. It would be a hellova lot better then nuking my whole system and starting from scratch again. One things for sure, I have learned my lesson when it comes to surfing around "questionable" waters.

Grimly, Bonesaw.

horizontal rule

Last edited by Bonesaw : 04-21-04 at 10:17.

  #81  

Old 04-21-04, 13:53

Arrk Arrk is offline

Registered User

Join Date: Apr 2004

Posts: 1

Add me to the list of those experiencing this problem.

I do not know if it matters, but it seems like the initial startup page is not an actual web page. For example, it allows me to navigate away from the page, but I cannot click my Back button (IE6SP1).

I have tried finding and deleting files added but cannot find anything that does not get readded, nor anything consistent.

  #82  

Old 04-21-04, 17:36

ras99 ras99 is offline

Registered User

Join Date: Apr 2004

Posts: 3

Actually this about:blank is the homepage for internet optimizer and runs in conjunction with yoogee search engine.In my case it automatically puts online pharmacy and lendingtree on my desktop. All spyware blockers have failed to remove this from my pc. they only slow it down! I have 2 new folders related: internet optimizer and VVsn. Both are in my program files and can not be remover or opened. For the last 3 days I nhave tried every forum, deleted all suggested dll files, changed registry.I am ready to take an ax to my pc.u

  #83  

Old 04-21-04, 17:57

Bonesaw Bonesaw is offline

Registered User

Join Date: Apr 2004

Posts: 3

its looking more and more like the only solution is to wipe the harddrive and start over...

  #84  

Old 04-21-04, 18:00

ras99 ras99 is offline

Registered User

Join Date: Apr 2004

Posts: 3

I also went back to older forums about this problem! This program uses multiple dll files. The internet optimizer advertising outfit keeps changing and modifying the dll files while your computer is infected. I have an older laptop I use for virus-file tracking. So far this is not a security threat. The thing was set up as a marketing tool to track your site habit.So far I have removed 23dll files from my pc. All were related to the same outfit.This thing actually masks itself as a server. For instance: Zone Alarm can not remove it.Neither can the other mayor spywares! I contacted them and they have no solution! I needed to flush my system due to an unrelated matter. after a couple of weeks it was back.Internet optimizer is imbedded into a variety of websites. When you go online, you take your chances!!!!!!r

  #85  

Old 04-21-04, 18:48

jn25000 jn25000 is offline

Registered User

Join Date: Apr 2004

Location: California

Posts: 2

[QUOTE][SIZE=1]Originally posted by ras99
I also went back to older forums about this problem! This program uses multiple dll files.

I posted last sunday about getting rid of this headache.
So far I have had no problem since.
Don't know much about computing, but I'm certain that my use of two programs in conjuction has taken care of the proplem.

The first is: http://209.133.47.200/~merijn/files/CWShredder.exe

and then follow up with this program: http://download.broadbandmedic.com/VbStuff/KillBox.zip

The shredder program will temporary delete the dll file that commands the trojan, but there will be another file in your winnt\system32 directory that needs to be eliminated. On my computer, the file was called hlp.dll (the size was about 17 to 20 kb),
I don't know the technical term, but this was not an actual file, and was not seen in the directory thru dos mode (the attributes were not hidden)
Anyway you must find this file and eliminate it with the Kill Box program
immediately after using the shredder program.
The option you must use is Delete On Reboot.
Make sure that you are offline when all of this occurs.

After your computer reboots, go immediately to your registry and check this: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\Cu rrentVersion\Windows AppInit_DLLs

This value may have file name that you have just killed, if so edit this and make sure that this value is blank.

Again it is important to remind you, don't have your internet explorer on, and use both programs together, because if you don't get rid of the phantom dll file right after the shredder program, you will have the problem reoccur.
That was my success and have been ok for almost a week now.
hope this works for others. Good luck

  #86  

Old 04-21-04, 19:49

Bonesaw Bonesaw is offline

Registered User

Join Date: Apr 2004

Posts: 3

Can someone please detail how to figure out which dll files are the targets for KillBox?

I sorted by size and I have quite a few...and I don't know how to identify the infected ones.

  #87  

Old 04-21-04, 20:38

paul t. paul t. is offline

Registered User

Join Date: Apr 2004

Posts: 2

about:blank hijacked browsers

horizontal rule

to change your browser open spybot ( download if you don't have it) click on the tools button, it's to the left , then click the browser button, to the right you will see some browser addresses, highlight the about:blank then click change, it's right aboveyour browser links, click the dropdown and pick a browser you want to use then ok. I don't know if this will work for every one but it worked for me. this also doesn't delete it from your system.

  #88  

Old 04-22-04, 02:50

kaimen kaimen is offline

Registered User

Join Date: Apr 2004

Posts: 1

Follow Mysticav's Instructions...they're right!

horizontal rule

If you want to get rid of this pest, just follow Mysticav's instructions on page 5 (Subject: The final Solution for "about:blank"... )

i was trying to get rid of this about:blank for weeks now and have spent way too much time on it. if you're looking for the right solution then follow Mysticav's instructions and you will be rid of that annoying pest.

it turns out the randomly generating dll file was "reskj.dll" in my system32..i could not find it, or delete it even in safe mode dos command. the only was to do it was the killbox delete on reboot and that did the trick. the weird thing was, after i ran cwshredder and then taskinfo i found the suspicious reskj.dll file and taskinfo said it was about 61kb in size. killbox found the file but said it was really 21kb, and not a file. haven't ahd any problems yet, i hope this helps!

ps, i wouldn't have posted this, but it took so long to get rid of this problem and when i finally just followed Mysticav's instructions, it was really easy. so do yourself a favor and just do it!

ps: make sure you do the regedit when you reboot and remove the offending dll file from the windows app init dlls. sure enough it was there!

thanks al ot Mysticav!

  #89  

Old 04-22-04, 23:47

Hardcor4x4 Hardcor4x4 is offline

Registered User

Join Date: Apr 2004

Location: Denver

Posts: 7

Re: Follow Mysticav's Instructions...they're right!

horizontal rule

Quote:

[SIZE=1]Originally posted by kaimen
it turns out the randomly generating dll file was "reskj.dll" in my system32..i could not find it, or delete it even in safe mode dos command. the only was to do it was the killbox delete on reboot and that did the trick. the weird thing was, after i ran cwshredder and then taskinfo i found the suspicious reskj.dll file and taskinfo said it was about 61kb in size. killbox found the file but said it was really 21kb, and not a file. haven't ahd any problems yet, i hope this helps! [SIZE=1]

My problem is that even Killbox doesn't see the file thats generating my random .dll files. I know the name of my file thats causing this. "msapg.dll" but even following Mysticav's instructions, killbox does not see this file. can't delete it if it doesn't see it.

Reply

� Previous Thread | Next Thread �



 

 

 

 

 

Posting Rules

You may not post new threads

You may not post replies

You may not post attachments

You may not edit your posts

horizontal rule

vB code is On

Smilies are Off

[IMG] code is Off

HTML code is Off

Forum Jump



All times are GMT -3. The time now is 19:50.

Home

|

Register

|

Archive

|

Get New

|

FAQ's

  
  

 

TRAITOR McCain

jewn McCain

ASSASSIN of JFK, Patton, many other Whites

killed 264 MILLION Christians in WWII

killed 64 million Christians in Russia

holocaust denier extraordinaire--denying the Armenian holocaust

millions dead in the Middle East

tens of millions of dead Christians

LOST $1.2 TRILLION in Pentagon
spearheaded torture & sodomy of all non-jews
millions dead in Iraq

42 dead, mass murderer Goldman LOVED by jews

serial killer of 13 Christians

the REAL terrorists--not a single one is an Arab

serial killers are all jews

framed Christians for anti-semitism, got caught
left 350 firemen behind to die in WTC

legally insane debarred lawyer CENSORED free speech

mother of all fnazis, certified mentally ill

10,000 Whites DEAD from one jew LIE

moser HATED by jews: he followed the law

f.ck Jesus--from a "news" person!!

1000 fold the child of perdition

 

Hit Counter

 

Modified Saturday, March 11, 2017

Copyright @ 2007 by Fathers' Manifesto & Christian Party