After using the adaware spyware removal tool my home page has now reverted to an advertising page with the annotation 'about:blank' in the title bar. I have treid to return it to its original http://www.flyer.co.uk but everytime I open a browser window Im being told that my PC may be infected with spyware and no matter how many times I change my homepage it always reverts to 'about:blank' Im using Windows XP pro and IE 6 .... any ideas, as Im gettin mighty p8888d off :rolleyes:

Oh yeah I also have the google toolbar installed, would this trigger the spyware warning ?

Thanks in advance

It's probably hinting you should set PPRuNe as your home page. ;)

Hi Whiz,

It's CWS.. but a very nasty one. There are new variants daily now, and it's difficult to keep up with the fixes. I'll try to help from here, but you may have to go over to Computer Cops or Techguy forum. Let's try...

please do this:
Copy the contents of the bold text to Notepad.
Name the file Appinit.bat
Save as type All Files
Save on the Desktop.

Reg save "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows" windows1.hiv
ren windows1.hiv windows.txt

Double click on Appinit.bat
This will create a file on the desktop named windows.txt
Please copy and paste the contents of the Windows.txt file into your next reply. It will look strange but please paste it anyway.

Then could you tell me if you are using NTFS or FAT32. (My Computer right click C:\ drive and look in properties.)

As I say, no guarantees.. there are just too many variants out now. I've been offline for two days and it will probably take me all weekend to catch up.. :(

Cheers

Liam

E-Liam,

First of all many thanks for taking the time and effort to help :ok:

Pasted below is the content of Appinit

regf




Pugf hbin  ¨ÿÿÿnk, œò_WìÄ
ÿÿÿÿ ÿÿÿÿÿÿÿÿ ø x ÿÿÿÿ 0  ‘%¯á WindowsáÈþÿÿsk x x


”

  ì
  
  !
 €
  !   
  #
 €
  #  ? 
  
 
    ? 


 

  ? 
  
 


  

 Øÿÿÿvk  €

fùAppInit_DLLsÖ?æG °
Ðÿÿÿvk  

ÀUDeviceNotSelectedTimeoutðÿÿÿ1 5  ð ðÿÿÿ9 0  àN Ðÿÿÿvk  €' 
zGDIProcessHandleQuota"þàÿÿÿvk  €

°ºSpooler2ðÿÿÿy e s
Ñ_å °
à
0 ` ¨ àÿÿÿvk  €

5swapdiskÐÿÿÿvk  

. TransmissionRetryTimeoutàÿÿÿ°
à
0 ` ¨ È  Ðÿÿÿvk  €' 
?áUSERProcessHandleQuotaƒá¸




Im using NTFS

cheers
Whiz

Hi Whiz,

Sorry, you've got one of the latest variants, or a very old one. What I was looking for in the above strings was a file name just after fùAppInit_DLLsÖ. This doesn't show. We may be very lucky and it is one of the older variants, so here's the fix for the old one...( C&P.. ) :)

Please go here (http://www.thepykiller.co.uk) and download, unzip and then open CoolWebShredder. Then click on the Updates button and follow the prompts. Next, run the program by clicking on the Fix-> button.

CWS installs via the byte verifier exploit in M$ JavaVM so just surfing a page with an infected applet can install it with no user participation. So once you’ve run the above, it is vital that you go here (http://v4.windowsupdate.microsoft.com/en/default.asp), click Scan for updates in the main frame, and download and install all CRITICAL updates recommended.

If that doesn't work, there's no practical way to fix it here, and you'll need to go to one of the security forums. At the moment, all the latest development work for fixing this is being done behind the scenes over at ComputerCops (http://computercops.biz/forum67.html). The link takes you straight to the right board, and it's free to register and use.

Cheers

Liam

E-Liam,
Yer a genius !!!!!! cheers !!

Whiz

regf




Pugf hbin  ¨ÿÿÿnk, œò_WìÄ
ÿÿÿÿ ÿÿÿÿÿÿÿÿ ø x ÿÿÿÿ 0  ‘%¯á WindowsáÈþÿÿsk x x


”

  ì
  
  !
 €
  !   
  #
 €
  #  ? 
  
 
    ? 


 

  ? 
  
 


  

 Øÿÿÿvk  €

fùAppInit_DLLsÖ?æG °
Ðÿÿÿvk  

ÀUDeviceNotSelectedTimeoutðÿÿÿ1 5  ð ðÿÿÿ9 0  àN Ðÿÿÿvk  €' 
zGDIProcessHandleQuota"þàÿÿÿvk  €

°ºSpooler2ðÿÿÿy e s
Ñ_å °
à
0 ` ¨ àÿÿÿvk  €

5swapdiskÐÿÿÿvk  

. TransmissionRetryTimeoutàÿÿÿ°
à
0 ` ¨ È  Ðÿÿÿvk  €' 
?áUSERProcessHandleQuotaƒá¸