Internet Explorer question

[qbasicking]

I have IExplorer pop-up blocker enabled.
I have Yahoo! pop-up blocker enabled.
I have About:Blank and other ad sites on my resicted list.
I have AdAware scanner and use it almost every day
I have Yahoo! adware spyware scanner and use it almost
every day

Why is About:Blank and

http://www.ads.clickagent

still popping up?

 

[bcastner]

http://www.majorgeeks.com/download4289.html

Then run at least the CWS "Cool Web Shredder" tool, if not all of the steps listed in FAQ608-4650

 

[qbasicking]

No way, I am looking at a pop up right now. It says:

You computer might be infected with spyware. Then has an advertisement for the tool you just directed me tool. I'm not trusting a spyware remover from a company that sends out spyware. Is there a way to remove it manually? What is the hijacker called?

 

[bcastner]

Usually called "About:Blank"
It should be an easy Google but a difficult manual removal.

From an earlier thread:

amen1973 (Programmer) Oct 1, 2004

More than likely the about:blank hijacker you have, if you are using Windows 2k, XP, or NT with NTFS, is using what is known as Alternate Data Streams.

Download registrar lite here:

http://www.resplendence.com/download

Install it and then launch reglite
Navigate to:
HKey_Local_Machine\Software\Microsoft\Windows NT\CurrentVersion\Windows
You should see a key called Appinit_DLLs there
Double Click on it and if you see a dll in the value this is more than likely your problem. Write down the name of that DLL
It is more than likely invisible in the system32 folder.
To get rid of it you need to boot to the recovery console
To do this insert your Windows XP CD and boot to it
After you get the 3 choices "Install" "Repair" "Exit"
Hit "R" for repair
Then when you are in the recovery console choose "1"
if you have an admin password put it in ... if not just hit enter.
Then you will want to go to system32 folder ... to do this type cd system32 if you see the prompt C:\windows or C:\winnt ... if you dont see either of the prompts type cd windows or winnt depending on what your system root directory is..
When you are in the system32 folder type dir ... the space bar will page down a full page ( this is faster )
If you see the DLL that was in the Appinit_DLLs value hit escape to bring the prompt back
now type "attrib -r nameofthedll.dll" (this being the name of the dll you saw in the value of Appinit_DLLs)
This will remove the read only attribute.
Now you want to delete it.
to do this type "del nameofthedll.dll"
Now reboot to safe mode. To get to safe mode hit F8 a couple times before you see the splash screen
Choose Safe Mode.
Open up reglite again and go to the appinit_DLLs key and double click it and delete the value inside it and hit apply. Now run adaware and spybot. Then run hijackthis and delete the R1 and R0 values if they do not look familiar to you or are not a link to the manufacturer of your computer. Then through the control panel go to internet options and change the home page to what ever you want. When you are finished with these steps reboot your computer to regular mode and the hijacker should be gone
I hope this helps
Art

 

[bcastner]

By the way, CWS is freeware and of impecable reputation. It is not spyware.