Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

about:blank


  • This topic is locked This topic is locked
2 replies to this topic

#1 sweetpeas

sweetpeas

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:25 AM

Posted 25 May 2005 - 08:13 AM

I think this might be a coolwebsearch engine but it gives no discription have tried changing home page but on return i am back at about:blank again, also when i try to click on certain web pages it redirects me to surprise about blank this is the log file can anybody see anything that shouldn't be there or that looks odd.



Logfile of HijackThis v1.99.1
Scan saved at 14:04:09, on 25/05/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Panasonic\Panasonic-DMS\MFP Utilities\MfpDtMng.exe
C:\WINDOWS\system32\drivers\Icon.exe
C:\Program Files\Panasonic\Panasonic-DMS\Port Controller\MgcsLoad.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Apps\Powercinema\PCMService.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0P1.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Sophos\AutoUpdate\almon.exe
C:\WINDOWS\DvzCommon\DvzMsgr.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Palm\HOTSYNC.EXE
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\microsoft office\office10\EXCEL.EXE
C:\WINDOWS\msagent\AgentSvr.exe
C:\WINDOWS\System32\WISPTIS.EXE
C:\Program Files\Sophos\Sophos Anti-Virus\SWEEPSRV.SYS
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Rob\Local Settings\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=192.168.1.1:1080
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Icon] C:\WINDOWS\system32\drivers\Icon.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [EPSON PictureMate] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0P1.EXE /P17 "EPSON PictureMate" /O5 "LPT1:" /M "PictureMate"
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [MSN Messenger] C:\WINDOWS\System32\msmsgs.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
O4 - Global Startup: DataViz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\microsoft office\office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{C3EA5594-5478-4C7F-92AC-1912737C49E9}: NameServer = 192.168.1.1
O23 - Service: Sophos AutoUpdate Service (ActiveLinkClient) - Unknown owner - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MFP Data Manage - Matsubleepa Graphic Communication Systems, Inc. - C:\Program Files\Panasonic\Panasonic-DMS\MFP Utilities\MfpDtMng.exe
O23 - Service: Port Controller - Unknown owner - C:\Program Files\Panasonic\Panasonic-DMS\Port Controller\MgcsLoad.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Sophos Anti-Virus (SWEEPSRV.SYS) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SWEEPSRV.SYS


Sorry forgot to say am running XP and dont know if it means anything but all searches on the about:blank page lead to findtop.net

Edited by sweetpeas, 25 May 2005 - 09:20 AM.


BC AdBot (Login to Remove)

 


#2 ddeerrff

ddeerrff

    Retired


  • Malware Response Team
  • 2,735 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Upper Midwest, US
  • Local time:10:25 AM

Posted 26 May 2005 - 01:19 PM

Helo Sweetpeas and welcome to BleepingComputer.

Nothing in your log jumps out as an about:blank infection, but there certainly could be something that is not making itself obvious.


First, I would like you to have a file scanned for me. Go to the Jotti's malware scan site and submit the following files for a malware scan:

- C:\WINDOWS\system32\drivers\Icon.exe

Post the results of the scans in your next reply.


Download and install the trial version of Ewido Security Suite.
  • Launch Ewido, there should be an icon on your desktop double-click it.
  • The program will prompt you to update; click the OK button.
  • The program will now go to the main screen.
  • On the left hand side of the main screen click update.
  • Click on Start.
The update will start and a progress bar will show the updates being installed.
Once the updates are installed, close Ewido.


Download http://www.bleepingcomputer.com/files/pfind.php
- Create a folder C:\pfind and extract pfind.zip into it.


Reboot your computer into Safe Mode

Run Ewido:
  • Click on scanner.
  • Make sure the following boxes are checked before scanning:
    • Binder
    • Crypter
    • Archives
  • Click on Start Scan.
  • Let the program scan the machine.
While the scan is in progress you will be prompted to clean files, click OK.

Once the scan has completed, there will be a button located on the bottom of the screen named Save report.
  • Click Save report.
  • Save the report to your desktop.
Then open c:\pfind and double-click on pfind.bat. When it has completed, reboot normally.


Post back with the results of:
- The Jotti scan
- The Ewido report
- The contents of the file C:\pfind.txt
- A fresh HJT log.
Derfram
~~~~~~

#3 ddeerrff

ddeerrff

    Retired


  • Malware Response Team
  • 2,735 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Upper Midwest, US
  • Local time:10:25 AM

Posted 09 June 2005 - 11:50 AM

Due to inactivity, this thread will now be closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
Derfram
~~~~~~




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users