About:Blank

About:Blank is another name for the CoolWebSearch morphing spyware. As mentioned in the CoolWebSearch article, this is one of the most insidious and prevalent spyware programs currently on the net, largely because it is nearly impossible to remove. This particular spyware has been unusually active over the past two weeks (October, 2004).

About:Blank displays the following characteristics:

1. Replaces your home page with a new one titled "about:blank". This page contains a pseudo-search engine with various subjects like "art", "cars", and "shopping".
2. Installs a Browser Helper Object into Internet Explorer. This BHO consumes system resources and slows down your internet connection.
3. Restores itself after its file directory is deleted.
4. Restores its registry settings once they have been deleted.
5. Is difficult to remove from memory.
6. Starts with the operating system. If you remove it from the auto-start settings, it will restore itself there.
7. Later versions change their executable to avoid detection by the simple hash recognition algorithms that most anti-spyware products use.
8. May also store executable code in your temporary internet explorer files.

Effective Tools

CWShredder will remove older variants, but because it is no longer being updated, it is becoming less effective every week. Webroot Spy Sweeper, Ad Aware, nor Spybot S&D seem to be effective at removing this product. Aluria has just released a new update to their Spyware Eliminator product which they claim will remove About:Blank (but keep in mind that we have not tested this).