Hey guys, one of my friends from work, was just on MSN, & was asking me if I knew how to resolve this problem?

Its sort of vague, but should be enough info?

I just copied waht he typed in MSN:

"any tips on getting rid of a hi jack virus that loads ABOUT:BLANK website?

won't even allow me to check hotmail in box etc"

He is using IE & has WinXP Home if that helps?

TIA

any suggestions?

After the usual runs of Spybot S&D, AdAware SE, etc, he should download and run Hijack This (http://www.spychecker.com/program/hijackthis.html), then post the log here!

If the hijack is so bad he can't get out to anywhere else on the net, a registry check / edit is probably called for!

How confident is he with registry tweaking?

:)

Bob

Sounds like a Coolwebsearch variant;
Variant 35: CWS.Aboutblank
Approx date first sighted: March 2, 2004
Log reference: Reconstruction
Symptoms: IE pages changed to about-blank.ws and 213.159.118.226 (1-se.com), hijack returning on system restart
Cleverness: 5/10
Manual removal difficulty: Involves some Registry editing and deleting a randomly named file
This variant does everything in its powers to redirect you to a domain owned by 1-se.com. IE is hijacked to it, the hosts file is replaced to redirect about 100 porn and CWS domains to 1-se.com, and a randomly named stylesheet is dropped that redirects to 1-se.com when certain keywords appear in webpages.Restoring the IE pages by searching the Registry for about-blank.ws, removing the hosts file, the svchost.exe file in the Windows directory (the one in the System32 folder is legit) and the randomly named stylesheet (1079 or 1087 bytes in size) fixed this.
First step would be to run CWShredder (http://www.intermute.com/spysubtract/cwshredder_download.html)
After that I would follow CB's advice and run a Hijack This! check and ask here (http://spywarewarrior.com/index.php) for further advice.

Cool!!! Thanks guys, I'll email him the info, or tell him tommorrow when... Wait he just signed on to MSN

Well I pointed him here, & he read what you guys said, So I got him the links for AdAware SE & Spybot S&D to download, he only had AdAware 6 before, so hopefully tonight or tommorrow he'll run those & then Hijack This!

Thanks for the Help guys!!!:)