I had this problem for over a week and happend to find this forum in a desperate search to rid of this piece of crap from my machine.
I don't know much about computers, but I think I may have cleaned my system for it's been a day and a half since the last occurance.
I hope this may help:

First it is very important that when you are not using your online browser when you go thru these steps. I will try to explain as much of the detail that I can so that maybe somebody with actual computer knowledge may be able to get to the main cause of this problem.
As you know by now a new dll file would return within a day of using the shredder program. (first make sure you have the latest ver 1.56.2)
There happened to be another file in my winnt sys32 directory that was named hlp.dll (this may be different for others? approx size 17-20kb)
I was leary of this file and tried to delete it in safe-mode dos prompt,
the problem was that dos did'nt see it in the directory.
Went back to normal win explorer and the file was there. According to the attributes it was a normal file (not hidden)
About the same time that happend, I got lucky and a program called The Killbox http://download.broadbandmedic.com/VbStuff/KillBox.zip
ran the hlp.dll thru killbox & it stated that it was not a file (I never saw that before). I was just about ready to delete the file (you must choose Delete On Reboot option) because I cleaned out my register and knew my temp files had to be empty. Using windows explorer I checked my temp directory Example C:\Documents and Settings\John\Local Settings\Temporary Internet Files the folder was empty showing 0kb
but when I checked the properties it showed 3 files (2 are sys files) & total kb around 900.
Therefore I used the dos prompt & went to the directory. Using the attrib command, I found a file named index.dat hidden there (864kb), went back to the killbox program & added the index.dat file and let her rip. (note: run the CWShredder program first) When windows rebooted it started in safe mode, I just chose the normal process and went straight to the registry to check this entry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\Cu rrentVersion\Windows AppInit_DLLs prior to my removal of the two files along with what the shredder removed, the value of that reg entry was blank, however now it looked like this HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\Cu rrentVersion\Windows AppInit_DLLs = c:\windows\system32\hlp.dll
upon which then I modified it back to the value = blank

Have not had any problems since, (approx 36 hrs) but I have to believe that there may be some other file that was used to enter that value.
Sorry for the long post, I hope this may help to find a permanent solution.

Hey there

I came across this page while searching Google for some
help with this " About Blank " browser hijacking.

I have tried many different things to get rid of it and it only
comes right back. Now i may not be going through the right
process totally , but like i said i have tried different methods.
At this point i have the reached the limit of my Patience and
am very FRUSTRATED !!

This kind of stuff really pisses people off.
I don't care what you want me to Buy ! don't Hijack my
machine and alter my everyday internet surfing.

Here is a Link on the topic from McAfee :
http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=101094


Also i have taken the time to Track down the parties responsible
in this matter. The page i get on my Browser start page is set to
http://66.117.38.91 ( which is http://findemnow.com )

I did the Whois lookup on the domain and here is the info :

Registered through: GoDaddy.com (http://www.godaddy.com)
Domain Name: FINDEMNOW.COM
Created on: 31-Jul-03
Expires on: 31-Jul-04
Last Updated on: 01-Mar-04

Administrative Contact:
Smirnoff, Alex mail@ddress.com
Immortality Corp.
34-20 Calle 34
Panama 5
Panama
13602376444 Fax -- 13602376444
Domain servers in listed order:
NS1.MYDOMAIN.COM
NS2.MYDOMAIN.COM
NS3.MYDOMAIN.COM

I searched Immortality Corp in Google and it gave these 2 sites that
are Affiliated with Immortality Corp :

http://www.monline.org.ua
http://www.immortality.ru

info@immortality.ru


The Russian domain Registry has Info for the site http://www.immortality.ru as :

domain: IMMORTALITY.RU
type: CORPORATE
nserver: ns.orbita.ru.
nserver: ns2.orbita.ru.
state: REGISTERED, DELEGATED
org: Immortality Corp.
phone: +1 36 02376444
fax-no: +1 36 02376444
e-mail: mail@ddress.com
registrar: RUCENTER-REG-RIPN
created: 2002.02.04
paid-till: 2005.02.04


I have since sent an email to all email addy's i could find
and mentioning that i will contact not only the FTC but also
all of the Affliates / Partners that they are linking to.
The threat of losing potential income should get them thinking.


I'll keep ya posted !

this may only help some of you's... i am no expert...but here how i got rid of it...i first ran my virus scan and got rid of a trojan...had to quarenteen.. then go back and delete after rebooting...then.. i have hijack this on my computer... i did make a copy of my list when my computer was running fine.. it helps to compare before just fixing and deleteing... scan and see at the top under.. "R1" files related to about blank... check them and fix...it will ask to save or back up... click yes...next, if you know the day..about:blank was created... when it affected your computer do a search under start... select search- files and folders- ...look for search options... check date box and set dates for the date you were affected.. in the drop down box ...select "files created" this will display all the files created that day... your culprit is in there... under .dll... maybe different names for different bugs... but if you have the right day... there may only be one in there... locate the file by highlighting it and see where it is..."find it thru my computer"... (ex--C/WINNT/SYSTEM32) change the name and the extension.. i usually put delete in front of the name and change the ext to .txt...(ex msxplxx.dll would change to deletemsxplxx.txt that way if my guess was wrong... i just edit out the "delete" and change the ext back to dll...move the file to a familar place like your personal file under my documents..so you can find it easy... one good clue for me is if i try to delete it right away and if it won't let me.. it means its up and running.. probably the culprit.... i reboot..."my logic" is: if it can't find it... then it can't run it... i then go to where i put it and delete it... i ve done this with many of the search-bloodsucker with good success... the key is knowing what to delete in hijack and knowing the day of infection and searching... for files created that day... the only thing i have under R1 in hijack is HKCU\SOFTWARE\MICROSOFT\INTERNETEXPLORER\MAIN,SEAR CHASSISTANT= CAUTION... THAT MAY OR MAY NOT HELP YOU...IN THE FIX FOR HIJACK... if you choose wrong you can go to the saved stuff and restore...good luck...stay on top of the files being created in your computer... it will help... if you didn't create them and there not a note pad or temp file... they probably don't belong there...my guess... eric

Well guys..I feel your pain as I too am infected with this damn about.blank highjacker.

Here are some thoughts.

Since my discovery of the problem I have searched mutiple forums for answers. I have noticed that the amount of users that have seeked out help on these forums have grown at an alarming rate. It seems like this problem is spreading quickly.

I have tried most of the listed solutions including CW Shredder, Adware, HighjackThis, and so on....nothing has kept it away for longer then a few hours.

My plan is to attempt a few more things listed earlier in this thread with the dll files and such but I don't expect it to help.

Sadly, since I am by no means a computer expert, and am scared to dig too deep into my system while deleting files that may or may not be affected, I think my last resort may be my only real option. And that is to do a complete clean and sweep of my harddrive and reload windows from scratch. This is depressing because I just had to do this same thing a few months ago due to this type of problem. Granted at that time I had no virus protection software, but now this time around I have Trend Micro's software and I still was infected.

I guess if anybody has any concrete solution, it would be greatly appreciated if they would repost it as sort of a "refresher course" for this thread with step by step instructions for those of us who aren't experts. Hell, if it actually works I'd send a checkfor twenty bucks in the mail to whoever was the savior. It would be a hellova lot better then nuking my whole system and starting from scratch again. One things for sure, I have learned my lesson when it comes to surfing around "questionable" waters.

Grimly, Bonesaw.

Add me to the list of those experiencing this problem.

I do not know if it matters, but it seems like the initial startup page is not an actual web page. For example, it allows me to navigate away from the page, but I cannot click my Back button (IE6SP1).

I have tried finding and deleting files added but cannot find anything that does not get readded, nor anything consistent.

Actually this about:blank is the homepage for internet optimizer and runs in conjunction with yoogee search engine.In my case it automatically puts online pharmacy and lendingtree on my desktop. All spyware blockers have failed to remove this from my pc. they only slow it down! I have 2 new folders related: internet optimizer and VVsn. Both are in my program files and can not be remover or opened. For the last 3 days I nhave tried every forum, deleted all suggested dll files, changed registry.I am ready to take an ax to my pc.u

its looking more and more like the only solution is to wipe the harddrive and start over...

I also went back to older forums about this problem! This program uses multiple dll files. The internet optimizer advertising outfit keeps changing and modifying the dll files while your computer is infected. I have an older laptop I use for virus-file tracking. So far this is not a security threat. The thing was set up as a marketing tool to track your site habit.So far I have removed 23dll files from my pc. All were related to the same outfit.This thing actually masks itself as a server. For instance: Zone Alarm can not remove it.Neither can the other mayor spywares! I contacted them and they have no solution! I needed to flush my system due to an unrelated matter. after a couple of weeks it was back.Internet optimizer is imbedded into a variety of websites. When you go online, you take your chances!!!!!!r

[QUOTE][SIZE=1]Originally posted by ras99
I also went back to older forums about this problem! This program uses multiple dll files.

I posted last sunday about getting rid of this headache.
So far I have had no problem since.
Don't know much about computing, but I'm certain that my use of two programs in conjuction has taken care of the proplem.

The first is: http://209.133.47.200/~merijn/files/CWShredder.exe

and then follow up with this program: http://download.broadbandmedic.com/VbStuff/KillBox.zip

The shredder program will temporary delete the dll file that commands the trojan, but there will be another file in your winnt\system32 directory that needs to be eliminated. On my computer, the file was called hlp.dll (the size was about 17 to 20 kb),
I don't know the technical term, but this was not an actual file, and was not seen in the directory thru dos mode (the attributes were not hidden)
Anyway you must find this file and eliminate it with the Kill Box program
immediately after using the shredder program.
The option you must use is Delete On Reboot.
Make sure that you are offline when all of this occurs.

After your computer reboots, go immediately to your registry and check this: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\Cu rrentVersion\Windows AppInit_DLLs

This value may have file name that you have just killed, if so edit this and make sure that this value is blank.

Again it is important to remind you, don't have your internet explorer on, and use both programs together, because if you don't get rid of the phantom dll file right after the shredder program, you will have the problem reoccur.
That was my success and have been ok for almost a week now.
hope this works for others. Good luck

Can someone please detail how to figure out which dll files are the targets for KillBox?

I sorted by size and I have quite a few...and I don't know how to identify the infected ones.

to change your browser open spybot ( download if you don't have it) click on the tools button, it's to the left , then click the browser button, to the right you will see some browser addresses, highlight the about:blank then click change, it's right aboveyour browser links, click the dropdown and pick a browser you want to use then ok. I don't know if this will work for every one but it worked for me. this also doesn't delete it from your system.

If you want to get rid of this pest, just follow Mysticav's instructions on page 5 (Subject: The final Solution for "about:blank"... )

i was trying to get rid of this about:blank for weeks now and have spent way too much time on it. if you're looking for the right solution then follow Mysticav's instructions and you will be rid of that annoying pest.

it turns out the randomly generating dll file was "reskj.dll" in my system32..i could not find it, or delete it even in safe mode dos command. the only was to do it was the killbox delete on reboot and that did the trick. the weird thing was, after i ran cwshredder and then taskinfo i found the suspicious reskj.dll file and taskinfo said it was about 61kb in size. killbox found the file but said it was really 21kb, and not a file. haven't ahd any problems yet, i hope this helps!

ps, i wouldn't have posted this, but it took so long to get rid of this problem and when i finally just followed Mysticav's instructions, it was really easy. so do yourself a favor and just do it!

ps: make sure you do the regedit when you reboot and remove the offending dll file from the windows app init dlls. sure enough it was there!

thanks al ot Mysticav!

My problem is that even Killbox doesn't see the file thats generating my random .dll files. I know the name of my file thats causing this. "msapg.dll" but even following Mysticav's instructions, killbox does not see this file. can't delete it if it doesn't see it.