I read a lot about this virus but everybody seems to have failed to notice there is not only one dll but 2.

- SE.DLL wich is loaded by rundll32.exe

- a mutant dll (it is created by se.dll and has a random name of 4 letters like ppfe.dll ).

the mutant dll is a com server that is tied to two registry keys:

- HKEY_CLASSES_ROOT\PROTOCOLS\Filter\"text/html"

- HKLM\SOFTWARE.... Browser helper objects.

the best way to find this dll is to look for the most recent modified dll. you will find it in winnt/system32 folder and its about 30k in size.

 

When Se.dll is running it prevents you from modifying the registry, actually it rewrites the entries you modified. To stop it you need to run a program called pview.exe. that lets you stop the program rundll32.exe or at least the instance running se.dll. you actually can also stop it with the taskmanager you just kill all the instances of rundll32.

Now you can delete se.dll.

 

but the actual reason for there is many people who fails to remove this virus it is because they fail to delete the mutant dll.

to easily know its name go to the registry key described above and copy the Guid wich it looks like {807553E5-5146-11D5-A672-00B0D022E945} it can be any serie of characters.

then you search for this key in the whole registry and once you find it you will know the exact name of th mutant dll.

 

Search for this file in your explorer and try to delete it, if you can't close all the instances of iexplorer.

 

kill this 2 dlls and your problem  is solved

 

 

 

Dll file have not a fixed name but its name only 4 chars and .dll

 

search & destroy it (in safe mode or command prompt)

 

or you can erase this file via use "MoveOnBoot"

 

You can see this file with "Filemon.exe"

Thank you all. Without you I would not have been able to get rid of "about:blank"

 

I  am a techie but no expert in the registry or things of that level. Not sure what a "key" is or other terms used to describe registry stuff.

 

I eventually found what I think was the infected file withthe trojan in it called "netqx.dll".

 

I found this using the Microsoft Beta Anit Spyware prgram but I want to make it clear thsat this program did not detect the file by itself.

 

It has Advanced tools and two very handy features - "System Explorers" and "Browser Restore". These utilties allow you to see varuious files associated with these improtant functions of your computer. One of them shows detailed information about each file like - author- use - publisher- date etc - you can easily get a feel for something suspicious and thats how I found it - I hope.

 

This thread allowd me to get an idea of whatit was that I was looking for especially the size of the file and that it was a dll file.

 

Also on this thread I found the reference to Spyware Nuker 2005 which finds things that the other Spyware doesn't find.

 

Things to note:-

 

I never found a file called se.dll

 

My Norton kept warning me of a Trojan Horse every time that I opened my Interent Explorer and then it told me the name and folder of the file BUT also said that it couldn't do anything about the file.

 

I called Norton day one and they tried to help me clea it which we did until I rebooted and then it was back with a vengance.

 

Microsoft -India I guess - were very nice people but useless. If they had to go from a - z they had to do the wqhole alphabet and had me actually reading out the entire contents of folders...phew..too much.

 

There was another serch page which kept appearing in a separate and vertical oblong window to the right of my IR window. Ostensibly nothing hostile about it and it looked like a good search engine but I didn't want it thanks and you enver know.

 

Went back to Norton and they said that I had been infected with Spyware and they don't do spyware so goodbye.. Thanks for that.

 

Donwloaded:-

 

AboutBuster:

 

Didn't find anything

 

 

Didn't find anything

 

CleanUp - very good eraser of sorts of stuff that I thought was gone at previous cleanings