How did my homepage get set to About:Blank?

The About:Blank homepage hijacker is a variation of a more advanced Cool Web Search hijacker. There are several variants of the About:Blank hijacker and all of them are difficult to remove manually. This hijacker is also referred to as the HomeOldSP hijacker because of the changes to the registry that can be seen using HijackThis such as

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

This is very similar in characteristics to the random dll hijacker also known as HomeSearch Hijacker that came out around the same time. The key to the hijack is a hidden dll file that is connected to a BHO (Browser Hijack Object). This hidden dll file shows up in the following registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs

Unfortunately removing this About:Blank hijacker can be difficult. Its a very persistent problem that can return quickly if it is not removed carefully.

Look for the Key named AppInit_DLLs, the value in this key is the hidden dll file that is causing your problems. Write down the name of this file and think of it as the hidden.dll file

Secondly, use the Windows Recovery Console in Windows XP to rename the file.

Restart the computer in Recovery Console mode using the Windows XP or Windows 2000 CD or by the option show below
Type cd \windows\system32 and press Enter
Type the following line to remove the read-only characteristic, replacing hidden.dll with the name of the dll file found with RegLite

ATTRIB -R hidden.dll