Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

How to remove about:blank se.dll


  • This topic is locked This topic is locked
2 replies to this topic

#1 Guest_goose_*

Guest_goose_*

  • Guests
  • OFFLINE
  •  

Posted 18 July 2005 - 02:26 AM

Hi,
I new on here, I hope someone can help me remove this very frustrating about:blank browser hijacker.

When I open Internet Explorer my browser is redirected to a page called About:Blank and also I get pop ups appearing every so often with advertisements to remove spyware etc..

All attempts to remove the registry entries and the se.dll have had no effect and it keeps coming back everytime I reopen IE.

I have tried the method to remove it as posted by Grinler, but it hasn't worked. I did have problems doing the online virus scans, so maybe that's where I went wrong.

Here's what I'm running, Win XP, Mcfee Virus Scan, IE6. I also have dameware, VNC and Microsoft Antispyware running.

Here's the HTL

Logfile of HijackThis v1.97.7
Scan saved at 08:19:55, on 18/07/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\DameWare Development\DameWare Mini Remote Control\DWRCS.exe
C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
C:\ePOAgent\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINNT\system32\r_server.exe
c:\winnt\system32\SUSS.EXE
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\WINNT\System32\vmnat.exe
C:\program files\ORL\vnc\winvnc.exe
C:\WINNT\System32\Fast.exe
C:\WINNT\System32\vmnetdhcp.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\hkcmd.exe
C:\ePOAgent\UpdaterUI.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Messenger Plus! 2\MsgPlus.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINNT\System32\outpostupdate.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINNT\System32\rundll32.exe
C:\Program Files\MSN Toolbar Suite\DS\02.00.0000.1180\en-us\bin\msnlAdmin.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\MSN Toolbar Suite\DS\02.00.0000.1180\en-us\bin\msnindex.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\nick data\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\man198\LOCALS~1\Temp\se.dll/space.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\man198\LOCALS~1\Temp\se.dll/space.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://173.16.1.112/proxy/proxy.pac
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = wmplayer.exe //ICWLaunch
O1 - Hosts: 173.16.1.1 TDG1
O1 - Hosts: 173.16.1.14 TDG14
O1 - Hosts: 173.16.1.1 TDG1
O1 - Hosts: 173.16.1.14 TDG14
O1 - Hosts: 173.18.42.11 KNOWHOW
O1 - Hosts: 173.18.42.3 BEARS
O1 - Hosts: 173.16.1.19 TDGDOM1
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {07D25833-0890-4AF0-81B4-2B38D8473D5A} - C:\WINNT\System32\iaoc.dll
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\WS_FTP Pro\wsbho2k0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\ePOAgent\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe"
O4 - HKLM\..\Run: [Client Access Help Update] "C:\Program Files\IBM\Client Access\cwbinhlp.exe"
O4 - HKLM\..\Run: [Client Access Check Version] "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN
O4 - HKLM\..\Run: [Client Access Express Welcome] "C:\Program Files\IBM\Client Access\cwbwlwiz.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [WinVNC] "C:\program files\ORL\vnc\winvnc.exe" -servicehelper
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [FastUser] C:\WINNT\System32\fast.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [outpostupdate] C:\WINNT\System32\outpostupdate.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\man198\LOCALS~1\Temp\se.dll,DllInstall
O4 - HKLM\..\RunServices: [WinVNC] "C:\Program Files\ORL\VNC\winvnc.exe" -servicehelper
O4 - HKLM\..\RunServices: [outpostupdate] C:\WINNT\System32\outpostupdate.exe
O4 - HKCU\..\Run: [outpostupdate] C:\WINNT\System32\outpostupdate.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: MSN Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.00.0000.1180\en-us\bin\msnlAdmin.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Research (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1120636311953
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get/shock...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AD280C3A-8C20-46FD-ABA6-E37BC48CD15A}: NameServer = 173.16.1.61,204.70.127.127,204.70.127.128
O17 - HKLM\System\CCS\Services\Tcpip\..\{D1429BC1-0358-4FEA-94CF-FFEB55BA2749}: NameServer = 204.70.127.127,204.70.127.128
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 173.16.1.65,204.70.127.127,204.70.127.128
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 173.16.1.61,204.70.127.127,204.70.127.128
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 173.16.1.61,204.70.127.127,204.70.127.128
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 173.16.1.61,204.70.127.127,204.70.127.128

Thanks in advance

Goose

BC AdBot (Login to Remove)

 


m

#2 Guest_goose_*

Guest_goose_*

  • Guests
  • OFFLINE
  •  

Posted 19 July 2005 - 02:21 AM

I have managed to solve this one myself. I booted into safe mode and removed all references in the registry to se.dll and about:blank. I also found I had a program called search assistant installed which I think was part of the problem. I removed this and any references to it in the registry (iaoc.dll).

I also deleted se.dll from my temp directory and iaoc.dll from c:\winnt\system32

Following a reboot everything was back to normal.

Hope this helps other poeple with the same issue.

#3 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the "Logic Free Zone", in Md, USA

Posted 19 July 2005 - 01:00 PM

Thanks for telling us what you did to fix up your system.

I'm closing this topic. Should you have a need to reopen this subject,
PM any moderator.

regards,
Koan
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users