Posted 25 April 2005 - 02:49 PM
Posted 25 April 2005 - 03:34 PM
I'll tell you how to remove it but you should still post your log. Most people seldom only have one infection.
This is actually one of the easiest to remove.
This bug is caused by a file wp.exe. You will see him down in the O4 entries.
O4 - HKCU\..\Run: [WindowsFY] C:\wp.exe
Terminate the process . You can use HijackThis, Config, Misc Tools, Open Process Manager, find and highlight the C:\wp.exe and Kill Process then Back and Scan and then check his box and Fix Checked. That still leaves a problem in your registry.
Start, Run, regedit, OK to bring up the regedit program.
find HKey_Current_User->Software ->Microsoft->Windows->CurrentVersion>policies (Hit the + sign in front of each Key as you find them. That will open up the subkeys.)
Under Policies is usually an entry named System. If you find it highlight it and press the Delete key. Then OK. Close the program and reboot.
Start, Control Panel, Display (Properties). This should bring up Display Properties/Background. Change the wallpaper to something else and Apply. You may also need to select Web and uncheck the box where it says View My Active Desktop as a web page. OK
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users