Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

about:blank malware


  • Please log in to reply
8 replies to this topic

#1 simaster

simaster

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:15 PM

Posted 21 October 2008 - 02:57 AM

Hi,

As was running Safari, on Leopard, a flashy program popped up on my screen and told me it wanted to do an emergency scan. There was an option cancel the scan, which I stupidly pushed, and a new window popped up saying that Antivirus 2009 was scanning my computer. I quickly quit Safari and hoped that nothing happened. But now when I go the google homepage I am taken to a page that looks exactly like the google page but is titled about:blank in my History. What is this? And how can crush it?

Simaster

BC AdBot (Login to Remove)

 


#2 webrat

webrat

  • Members
  • 138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:02:15 AM

Posted 21 October 2008 - 06:01 AM

As you suggest, about:blank is a browser hijacker. I got it a long while back and had to do a manual registry fix which wasn't funny. There may be a patch available (assuming you are not up to date?) You could also try loading Spybot 'Search and Destroy' which may be able to recover control of your homepage but will not necessarily remove the malware. What Anti-virus/spyware programmes are you running? I'm surprised this has managed to get through without some kind of alert tbh.

EDIT: A 'Hijackthis' scan might fix it but I'm not sure if it runs on your browser set-up.

Edited by webrat, 21 October 2008 - 06:06 AM.


#3 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:07:15 PM

Posted 21 October 2008 - 12:10 PM

Or how about just trying to reset your start page manually? For the record, about:blank is not necessarily malware. It is merely a code that tells the browser to load a blank document, after which a page is loaded.

A 'Hijackthis' scan might fix it but

Please do not suggest to members to run HJT. It is clear that you do not understand the nature of the tool, or the danger in using it in an unsupervised manner. As it is, you could scan your computer with HJT 1000 times, and it will never fix anything. HJT is a primarily an information gathering tool. Using that information incorrectly can destroy the operating system.

But now when I go the google homepage I am taken to a page that looks exactly like the google page but is titled about:blank in my History.

It says the same thing in my history also, and I know for a fact my system is clean, so I am not sure why you would think there is an issue. What is the address on the Google page once it loads?

#4 simaster

simaster
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:15 PM

Posted 21 October 2008 - 01:28 PM

Well, this did not happen prior to the Antivirus 2009 thing. I noticed it because after the google page loads, the browser immediately loads again (almost unnoticeably fast). It only does this on the google site. So, when I noticed it I checked the history and it always says that last page to load is "about:blank." Though the web address shown in the address bar is unchanged.

And every once and while a little ad pops up on my screen. It point to one of my tabs and then disappears. Maybe I'm just paranoid but this all just started yesterday, and it seems weird.

#5 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:07:15 PM

Posted 21 October 2008 - 01:59 PM

When was the last time you updated your anti-virus?

Edit: Let me be clear here, I said the condition that you re describing is not necessarily malware. Given that you are not running a Windows based OS, it would be highly unusual that you would have any malware that shows about:blank as a symptom. Also, it is rather difficult to spoof a URL, and almost completely pointless to spoof Google. URL spoofing is done to send information to a third party, and are usually found in conjunction with spoofed login pages. Finally, as far as I am aware, Antivirus 2009 does not run on non-windows based machines. I don't know of a single instance of any non-Windows Os being affected.

Pop-ups can can be from a variety of things, and by itself means nothing more than someone figured out a way around the pop-up blocker.

There could be a multitude of reasons for the behavior that you are seeing.

#6 simaster

simaster
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:15 PM

Posted 21 October 2008 - 02:13 PM

I don't have an anti-virus. I just downloaded ClamXav, but have not ran it yet.

#7 simaster

simaster
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:15 PM

Posted 21 October 2008 - 02:16 PM

Do I need an anti-virus for OS X? If so, which would you recommend? I don't want something that will bog down my computer.

#8 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:07:15 PM

Posted 21 October 2008 - 03:32 PM

Clam should be fine. That is what I use on my server.

#9 simaster

simaster
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:15 PM

Posted 21 October 2008 - 05:06 PM

Alright. Thanks Groovicus. I guess I was overreacting. I'll keep an eye things and hope that everything is fine.

Simaster




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users