Problem: Adware/spyware is taking over my computer. My homepage keeps changing to something new.

Answer: Try using the following free anti-adware programs. They will help clean your computer of the offending programs:

• Ad-Aware
• Spybot - Search & Destroy
• HijackThis (also CWShredder on that same page)
• Spywareblaster (alternate link)

The Tech Support Guys forum is filled with helpful people who can walk you through some of your recovery. Specifically, check the security forum for help with the HijackThis program.

Problem: My browser's start page kept being changed, and I took care of the adware/spyware, but now the problem is back.

Answer: SpyMagician had this problem on a computer with XP, and posted this solution:

I know we had some posts regarding Spyware/Browser Hijacks and fixes recently, and it got me digging on my machine, and I found some ugly stuff AND finally dealt with most of it.

This is mainly for win98 users (as that's what I'm running and what I researched) but the problem is there for XP/NT users too.

It involves a browser hijack that changes your IE startpage to a fake about:blank search page.

HijackThis will find the .dlls, but there is a trojan that will mutate and rewrite them so it returns periodically, and even if you clear that up, there is a secondary problem.

It prevents Spywareblaster from running.

So if you had a browser hijack you THINK is cleaned, download and try to run spywareblaster (http://www.javacoolsoftware.com/spywareblaster.html)

If you get a message saying, "This program has been damaged, possibly by a bad sector of the hard drive or a virus. Please reinstall it," -- then the trojan is still there!

But the solution for win98 is to use this cleaner: http://www.rokop-security.de/main/article.php?sid=746

The page is in German, but the cleaner is in English and after you run it, spywareblaster should run.

If you need to check a solution for an XP/NT machine, this thread has some good ones (depending on your computer skills :)

http://www.wilderssecurity.com/showthread.php?t=26534&page=1&pp=25

Hope this helps! God knows I spent a good week on dealing with this problem!

SpyMagician

Additional Answer: Paul also had the same problem, and posted this about an updated version of the "about:blank" virus:

First some tech specs: I have a Pentium III that uses Windows 98. I finally got hit with this pain in the keester last night. If you don't know what it is, it re-sets your Microsoft Explorer's browser homepage to "about:blank" and prevents you from shutting off the computer, etc. After I got it, I immediately started getting pop-ups offering to fix it for a $35 dollar charge! Gave up trying to get rid of it then and took the afternoon off to work on it. Here's what to do if you have the NEW version of the virus (which is very sneaky because it gets rid of any "name" markers such as "Robert" or "Louis"). Whatever you do, DO NOT PAY MONEY to fix this. You can do it for free and here's how.

First:

- Install Adaware and scan your system: Adaware is free and is an excellent way to get rid of spyware and other junk (especially anything put out by the GAIN or GATOR company).

- Next, download HijackThis. This program will allow you to examine your system and see where the virus is and defeat it.

- If your system tells you you are missing a "msvbvm60.DLL" file, go to Microsoft's homepage, do a search on the DLL file name and download the bundle that contains the DLL file. Again, you do not have to pay money for this and do not be deceived into giving money to DLL sites that have free downloads, but charge you for a "recommended" zip-file reader.

- Next, try to download the program SpyMagician recommended at Rokop Security or at Trojaner-Info.de. It didn't work for me, but if it works for you, you are home free. If it doesn't work....

- Using HijackThis, delete the following lines:
All "R1 HKCU"s ending in sp.html (should be 3 of them)
All "R1 or R0 HKLM"s ending in sp.html (should be 3 or them)
All lines ending in "about:blank" (should be 1)
Finally, the 02-BHO (no name) file (1 file)

DO NOT delete anything pertaining to Adobe. If you want to be extra cautious, do a screen capture and post it on adaware's help site. It may take them a couple days, but they will respond and tell you which lines to delete.

- Reboot

- Do a second scan with adaware just to be sure.

Another Update from Paul: "Finally Getting Rid of the "about:blank" Virus FOREVER!"

Just a word of warning, when you delete the 'dhcpcsvc.dll' file, you will need to replace it by downloading a copy of it from Microsoft's website. None of my systems were affected, but yours may need it for various applications.

You can try this (It worked for me & is not as hard as it looks.) (You might want to copy and paste this, or print it.)

1. Download and install Spybot - Search & Destroy.
2. Run the program.
3. GoTo Mode -> Advanced Mode, click 'Yes' at the warning.
4. Click 'Tools'.
5. Select 'BHOs'.
6. Select the bold registry entry.
7. To the right you will see a file (something.dll) ('something' can be any file name) at C:\Windows\System this is the file that regenerates everytime.
8. Select the registry entry and click 'Remove'.
9. Click 'Yes' at the confirmation.
10. Close all open windows and find C:Windows\System\something.dll
11. Right click it select 'Properties' and see that it is 30kb (30,720 bytes) and has only 'General' properties and no 'Version' properties.
12. Delete it. (Try as long as it takes it will eventully go)
13. Now if the main (.dll) file is the same on all computers you may find a file called 'dhcpcsvc.dll' at C:Windows\System\ (Or your equivalent 'System' Folder) it is about 24KB. Right it select 'Properties' and again it should have only 'General' Properties no 'Version' Properties AND you will see that the 'Modified' date is earlier (somewhere in 1999) than the 'Created' date.
14. This is the file that regenerates the other dll file. (we shall call it 'anything.dll')
15. Delete it. (You can't... mostly)
16. If you have found the culprit and reached step 15 skip ahead to step 26.
17. If you don't find the file read on.
18. First make sure 'Hide hidden files' is off.
19. To do this open Explorer -> View -> Folder Options -> View. Make sure 'Show all files' is selected. Start from step 13
20. If you still havn't found the file it means the main dll file's name is different on different computers. Don't worry.
21. Open your Internet Explorer. (You don't need to be connected).
22. Open Spybot - Search & Destroy.
22. In the tools click 'Process List'.
23. Select 'IEXPLORER.EXE'
24. See whichever dlls are being used, open 'Explorer' and check their 'Properties'.
25. Here you will find the dll mentioned in step 13 (it may or may not be named 'dhcpcsvc.dll') follow the instructions from step 13.
26. The damn file is being used by Windows isn't it.
27. If you have two operating systems you can delete one's dll files from one operating system and then vice verca. (NOTE: The dll is stored in two or three places 'Search' for them all and delete ALL of them).
28. If you have a single operating system 'Restart in MS-DOS Mode'.
29. When it restarts type 'cd \windows\system' (without the quotes)
30. When the directory changes type 'ren anything.dll anything.123'
31. Type 'exit' and restart windows.
32. Open Explorer and 'C:Windows\System' delete 'anything.123'
33. Almost done, now using 'AdAware' or something like it see if it finds a registry value with something like "HomeOldSP".
34. Delete this registry entry.
35. Open your 'Search' or 'Find' program from the Start menu.
36. Search for the two dlls you painstakingly deleted.
37. Don't worry if you find them they are dormant copies and should give you no trouble in deleting them.
38. Make sure you delete all the files even from your 'Recycle Bin'.
39. If you have Microsoft 'RegClean' use it if not don't bother.
40. DONE.

Best of luck and anyone is free to use this for any purposes, or copy it to any board where others may receive help.

Problem: This all sounds entirely too complicated. My computer is clean for right now, but how can I prevent this kind of thing from happening?

Answer: Many of these horrid programs are helped along by bugs in Internet Explorer. Using an "alternate" browser such as Mozilla Firefox should help cut down your risk. (Firefox has a companion program for email, Thunderbird.)

Thank you to DC Biased, Unleashed!, Waiting4MLPDX, Antonio, SpyMagician, TRDouble, APW, and Paul for their helpful questions and suggestions on the forum.