Hiya LawStudent69. The thread that you posted too seems to have been corrupted so I can't read your log (the windows.txt one). Could you post it here and we can continue from where we left off? Thanks.
Hi, its even worse now. I thought we'd beaten it. Now, once I log into my email, I cant get to the emails. About:blank takes over the entire page instead of just annoying pop up windows. I cant believe I feel like Im going to cry its so frustrating!
Windows.txt has told me that the name of the changing dll file is res.dll. Now we need to get rid of it. Do not rebooot until we have got rid of this pest.
Are you running XP Home or Pro and is your file system FAT32 or NTFS?
Look in My Computer. Right click the C drive and choose properties to find the File System
Hi, sorry I was away for so long. Ok, I am running NTFS and XP Home edition 2002. Hijack this gets it but it keeps coming back! heres my log. I keep deleting the about blank stuff and it almost immediately returns.
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Its been too long since you last posted so the DLL file may have morphed. I'm going to need a new Windows.txt log (Please attach it). Then I will be able to help you ASAP.
Here you go. I just clicked on the appinit file. Hope that is right. If I already have a windows txt file in my folder, it makes another but calls it windows hiv. Tracy
Windows.txt reveals that the super hidden reinstalling file name is:
C:\WINDOWS\System32\res.dll
.................................................. .................................................. ....
Download the attached zipped file below to your desktop:
Hiving_154.zip created by Mosaic1
Sign off the internet and stay off until all of these steps have been completed.
Extract (unzip) the batch file (hiving.bat) and run it. If you have script blocking enabled you will get a warning. Please allow this to run. The script is just producing a message box.
It is critical that you do not run it from the zipped folder. To extract (unzip) it.... right click the .zip file on your desktop and select *extract all files* Follow the extraction Wizard (keep clicking next) and by default the extracted (unzipped) hiving folder will be placed on your desktop. Open the hiving folder and inside will be a file named hiving.bat.
Double click on hiving.bat to run it and the reboot to safe mode (tap the F8 key at boot to enter safe mode).
After a reboot the super hidden nasty file will no longer be loaded and will be visible. This will end the constant reinstall of about:Blank.
.................................................. .................................................. ......
Follow these instructions then please.
Once in safe mode, Navigate to and right click this file and select properties:
C:\WINDOWS\System32\res.dll <-- file
Use the security tab on the file and take ownership.
Change the 'everyone special' to
'you> with Admin rights-> FULL control
Then try to delete it, if that fails try to rename
it first to different name+ext.
Then if that fails try to rename it again to different name+ext.
Ex: res.dll > baddie.txt
baddie.txt > badfile.111
Few times... Etc.
Once you have successfully deleted C:\WINDOWS\System32\res.dll please do these:
Navigate to:
C:\Documents and Settings\Tracy Henderson\Local Settings\Temp <-- folder...and delete the entire contents of the temp folder (select all files, but not the folder itself)
Then empty the recycle bin.
Reboot normally....
Immediately run AdAware:
Download the latest version of Ad-Aware at http://www.lavasoftusa.com/support/download/
After installing AAW, and before running the program, FIRST update the reference file following these instructions. http://www.lavahelp.com/howto/updref/index.html
Now do the following:
- Under Ad-aware 6 > Settings (Gear at the top) > Tweaks > Scanning Engine:
check: "Unload recognized processes during scanning."
- Under Ad-aware 6 > Settings (Gear at the top) > Tweaks > Cleaning Engine:
Check: "Let Windows remove files in use after reboot."
(More info here... http://www.lavahelp.com/faq/adawaretweak.html )
Press "Scan Now"
- Check option "Use Custom scanning options"
- Check option "Activate In-Depth Scan"
- Press "Select drives\folders to scan"
- Select the active partition which is usually C:
Now press "Next" to let Ad-aware scan your drives...
It will find a number of "bad" files and registry keys.
Right-click in that pane and choose "select all"
Now press "Next" again.
It will ask you whether you'd like to remove all checked items. Click OK.
Finally, close Ad-Aware, and reboot.
then Turn off System Restore.
Right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK. Turn ON System Restore.
Right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.
Hi owen,
I made it through your instructions all the way to where I am supposed to update the reference file at www.lavahelp.com/howto/updref/index.html -
the problem is there are no instructions there. The site is being updated. I am hesitant to continue as you instructed me to update the reference file after I install AAW and before running the program. Please advise.
(By the way, I am still getting hijacked at this point it in the instructions. I tried to start over and the hiving (which only said that not hiving.bat) said no .dll exists. So i have run appinit again and attached the file. )
help!
Last edited by lawstudent69; 03-09-2004 at 05:31 PM.
Reason: need to ad more info
Hi, ok I kept going anyways and did the scans with adaware, cwshredder, the website and windows. Here is hijack this. I think something is still there because that bho noname file is still there. HELP!
Logfile of HijackThis v1.98.2
Scan saved at 12:30:41 PM, on 9/3/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
D-A-L Team Member (UK)
