Wow, this one's a real b*tch!  It appears to also be known as the
"about:blank" hijacker (since that is what the browser forces you to when
you try to navigate).  My son offered to help a schoolmate with a problem
with his XP Home box, and it has turned into a major project.  Neither
SpyBot nor AdAware can fix the problem, although they recognize it and offer
to fix it, the net result is that the hijacker returns.  The hijacker also
has the nasty habit of throwing up a popup window warning that malware has
been detected and "click here to remove".  I can only imagine that my son's
friend already tried this "solution".

Googled on this, and got some interesting hits.  It appears to also be known
as the "about:blank" hijacker (since that is what the browser forces you to
when you try to navigate).  Is HijackThis legit?  It appears that this group
uses the HijackThis analysis to determine how to manually delete this
baddie.  Also found references to a few other downloads that attempt to
delete it.  From my reading, it appears that this hijacker mutates, with
file name changes that make it (near-) impossible to automatically delete.
The manual instructions I found for someone else who posted in their forum
says that boot into safe mode to run a special program that deletes certain
files at next boot.

My son's friend has already indicated that he'd be willing to do an
install-from-scratch to solve the problem.  Only thing is, is that he was
unable to quickly locate the install CD that they should have gotten when
they bought their Dell a few years ago.  Does Dell keep an install image in
a hidden partition?  If so, anyone know how to reload from that?

Any other advice or suggestions welcomed.  Note: I have already installed
SP2 and downloaded Firefox.  But IE is needed to do Windows Update.  Is
there a link to Windows Update that is accessable from outside of IE?  Maybe
this would be a way to defeat the hijacker?

tia,
db


As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.