Jump to content

About Buster - removal tool?


Recommended Posts

I downloaded version 6.07 of AboutBuster from three different sources. When I run it (in safe mode, as directed) the heading says this is not a removal program, but only scans. After the scan is completed, I get an error message that file comctl32.ocx is either missing or not properly registered (or something like that).

That about:blank disease is nasty, and takes over in several different email applications, including Juno. Is there a "removal" version of AboutBuster available, or is there another application that will destroy this evil. I tried Spybot and a-square, but they don't touch this one.

Any suggestions?

--Bill

Link to post
Share on other sites

Welcome to the forum.

AboutBuster is an old tool used to fight the CoolWebSearch Hijackers, I haven't seen those infections around for a long while.

Have you run MBAM? If not please do:

Download TFC to your desktop, it will clean out all the temp files on your system.

Open the file and close any other windows.

It will close all programs itself when run, make sure to let it run uninterrupted.

Click the Start button to begin the process. The program should not take long to finish its job

Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

------------------

Next....

Scan for malware:

Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

Once the program has loaded, select "Perform Quick Scan", then click Scan.

Note: -->Do not run a full scan with MBAM. It is not required or needed.

The scan may take some time to finish,so please be patient.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Copy&Paste the entire report in your next reply.

Note:

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediatly.

Note: Some infections will prevent MBAM from running. If MBAM won't run, try renaming the file mbam-setup.exe to a random name, and then try again.

-----------------------------

Also please post a HJT log of the system:

You can download the HJT installer HERE:

Doubleclick HJTInstall.exe to install it. By default it will install to C:\Program Files\Trend Micro\HijackThis . Click on Install. It will create a HijackThis icon on the desktop. Once installed, it will launch Hijackthis. Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad. Save the log to a convenient location.

Copy and paste it into your post.

MrC

Link to post
Share on other sites

Hi MrCharlie,

Unfortunately the MalwareBytes application did not work. I attach a copy of the log file it generated.

When I ran the MBAM it showed 6 infections and was able to remove them, but the "about:blank" still is there. It only affects email programs. The Juno program is completelly crashed when the email is accessed. Loading of various urls is shown, but all mouse and keyboard functions are gone - except closing and accessing the task manager.

AOL webmail works, but mouse functions are erratic. Verizon webmail functions normally.

This is on a co-workers computer - XP system. Rarely used on the internet.

How does this nuiasance get on?

I also ran the MBAM again - full scan - no infections found.

Should I have run MBAM in safe mode?

Help !

--Bill

mbam_log_2010_07_01__09_45_07_.txt

Link to post
Share on other sites

Thanks for the prompt reply. I shall follow te instructions in that link exactly and let you know. I won't be able to get to that machine until sometime next week.

I have already done the first section (up to the Defogger). We are using AVG version 9 and the Windows firewall.

You'll be hearing from me.

--Bill

Link to post
Share on other sites

OK while you're at it....please run these two scans also:

Download Bootkit remover to your desktop

This is a rar file if you do not have a programme to open it then download and install Peazip

Extract Remover.exe to your desktop

Right click Remover.exe and select Run as Administrator

It will show a Black screen with some data on it

Right click on the screen and select > Select All

Press Control+C

Open a notepad and press Control+V

Post the resultant log here please

--------------------------------------

also:

Download TDSSKiller and save it to your Desktop.

Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.

Click on TDSSKiller.exe to run it.

Once completed it will create a log in your C:\ drive called TDSSKiller_*** (*** denotes version & date)

Please post the content of the TDSSKiller log

Thanks.....MrC

Link to post
Share on other sites

  • 2 weeks later...

Hi MrCharlie,

I've tried Spycatcher, Spybot, AdAware, etc. Nothing touched the "about:blank" disease.

We remembered the approximate date when it appeared on the computer, and used the Restore procedure. We chose a date at least a week before the disease appeared. Presto ! It worked ! All email functions work normally. The only problem was we had to update several applications (AVG anti-virus, and others), and re-install a couple of programs.

The library computer uses a local WiFi system that is not secure, and I suspect that is how we got infected. We'll watch carefully.

Thanks for your suggestions,

--Bill

Link to post
Share on other sites

  • 2 weeks later...
  • Staff

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.