[Michelle]

Got your desktop back?

[Advertisements]

Hello. Im totally new here, but I surfed the forum alot becosue i also got this takeover.

I really didnt do like alot of people said. but I did run hijackthis and a friednd looked at it at told me what to remove.

I got it all away but still my desktop was taken over. It flashed from balck to white.. I opend up register lite, found MORE stuff that regedit didnt find, about qp.exe and that exe

also found desktop.html

I set the values to 0 and rebooted. still desktop blinking, but beach to witeh.. So i right clicked on desktop, all stuff was back, but the change of wallpaper wasnt visual.

I then saw under activ desktop, a "securety.." something, removed it and all was back to normal.

Im writing this becouse some might not find all the stuff you say, what i understod is that this takeover changes from PC to PC some bit.

I just hope my reply might help others who have removed all the stuff but still desktop isnt working.

Thanks for al the help, coudlnt have done it without you.

[mdm]

Hello. Im totally new here, but I surfed the forum alot becosue i also got this takeover.

I really didnt do like alot of people said. but I did run hijackthis and a friednd looked at it at told me what to remove.

I got it all away but still my desktop was taken over. It flashed from balck to white.. I opend up register lite, found MORE stuff that regedit didnt find, about qp.exe and that exe

also found desktop.html

I set the values to 0 and rebooted. still desktop blinking, but beach to witeh.. So i right clicked on desktop, all stuff was back, but the change of wallpaper wasnt visual.

I then saw under activ desktop, a "securety.." something, removed it and all was back to normal.

Im writing this becouse some might not find all the stuff you say, what i understod is that this takeover changes from PC to PC some bit.

I just hope my reply might help others who have removed all the stuff but still desktop isnt working.

Thanks for al the help, coudlnt have done it without you.

[ExOtiC_SwEeTs]

I was just deleting the last couple icons and I sure do have my desktop back!!!!

Thank you soooo much, you can't even imagine how thankful I am!

You guys have officailly been declared the BEST internet help site EVER by, you guessed it, little ol' me! hehe

But really, I can't thank you enough, especially you, bananafanafo, for taking time out of your day just to help me. I really do appreciate all the time and effort you put into helping me, so that's why I'm gonna give you a good ol' thankful hug, well, cyber hug, that is! There ya go!

Once again, thank you!

[Michelle]

mdm,
No, actually, this infection does pretty much the same thing to computer ranging from 95 to XP...I designed the fix so I know what I'm talking about If you don't follow all of the directions, then no it won't work like it's supposed to. Also, if you have separate infections besides just the smitfraud then you'll have other problems.

[Michelle]

Exotic Sweets - you may want to go here:

C:\Windows\System32

Then look to see if any icons are still present in the system32 folder. Here are some examples:

casino.ico
date.ico
games.ico
mobile.ico
network.ico
pharm.ico
pharm2.ico
scanner.ico
spam.ico
spyware.ico

If any are there, delete them.

Let me take a look at your log to make sure there isn't anything else that needs to go! BRB!

[Michelle]

Make sure you are disconnected from the Internet and that all programs and windows are closed. Run HiJackThis and place a check next to the following items and click FIX CHECKED:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.newgenlook.info/ad/ad0058/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com

Post one more HiJackThis log for me.

[ExOtiC_SwEeTs]

There ya go

Logfile of HijackThis v1.99.1
Scan saved at 4:34:03 PM, on 4/26/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUNOTIFY.EXE
C:\Program Files\SBC\Connection Manager\CManager.exe
C:\PROGRA~1\BROADJ~1\CORREC~1\CCD.exe
C:\PROGRA~1\BROADJ~1\CLIENT~1\CFD.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Documents and Settings\Gloria ((Mom))\Desktop\HijackThis.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNOTIFY.EXE
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

[Michelle]

HIGHLY Recommend downloading XP Service Pack 2. Click on this link and click on "Express Install (Recommended)":

http://v5.windowsupd...t.aspx?ln=en-us

Congratulations your log is clean! Great job on the clean up

Here are some tips, to reduce the potential for spyware infection in the future, I strongly recommend installing the following applications:

Ewido Security Suite <= Protection against Trojans, Worms, Dialers, Hijackers, Spyware, and Keyloggers.

Detect and Remove Programs:

• How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.
• How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.

Prevention Programs:

• Spywareblaster <= SpywareBlaster will prevent spyware from being installed.
• Spywareguard <= SpywareGuard offers realtime protection from spyware installation attempts.
• MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
• Google Toolbar <= Get the free google toolbar to help stop pop up windows.

Other necessary Programs:

• AntiVirus Program<= An AntiVirus program is a must! Whether it is a free version like AVG or Anti-Vir, or a shareware version like Norton or Kapersky, this is a must have.
• Firewall<= A firewall is definitely a must have. Two good free versions are Sygate and ZoneLabs.

[ExOtiC_SwEeTs]

THANK YOU!!!!

I'm gonna make sure to download what you suggested and this time I'll keep a better eye on things!

Once again, thanks for all your help and take care!

~Andrea~

[Michelle]

You're very welcome, Andrea! I'm happy I could help

Since this topic has been resolved, I'm going to go ahead and close it. if you have any other problems at all you can PM me or another staff member and we'll re-open it for you!

Michelle