Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

desktop wall paper hijacked


  • Please log in to reply

#1
jatw

jatw

    New Member

  • Member
  • Pip
  • 5 posts
Real quick my wall paper is a solid color and formerly displayed a "Windows has detected Spyware" on it. I cant change my wall paper and every post seems case specific. Please let me know what i need to post in order to resolve this. I have run all programs suggested on the main forum page for hijacks. Any help appreciated. thank you! :tazz:
here is my hijack this stuff as well.
Logfile of HijackThis v1.99.1
Scan saved at 12:43:08 PM, on 5/15/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exeAttached File  Scan_report_20050515.txt.txt   3.66KB   78 downloads
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\MSN\MSNCoreFiles\MSN.EXE
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\jim cole\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.startsear...earch.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.startsearches.net/bar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.startsear...earch.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.startsear...earch.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.startsear...earch.php?qq=%1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.startsearches.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
F2 - REG:system.ini: Shell=Explorer.exe, msmsgs.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\PROGRA~1\COMMON~1\VERIZO~1\SFP\vzbb.dll (file missing)
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: CAILI - Unknown owner - C:\WINDOWS\System32\caili.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe

Edited by jatw, 15 May 2005 - 10:39 AM.

  • 0

Advertisements


#2
jatw

jatw

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
anyone?
  • 0

#3
jatw

jatw

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Hmmmmmmmmmmmm :tazz:
  • 0

#4
Dr. Zoltar

Dr. Zoltar

    New Member

  • Member
  • Pip
  • 4 posts
Don't worry. It may take a day or two for someone to respond with an answer, but someone will respond. I'm having the same problem with a friend's PC. A trojian downloaded a hijacker and now IE won't connect to any sites and the wallpaper feature, along with icons, of the desktop will no longer display.

The people here helped me with another friend's PC and their advice was right on the money.
  • 0

#5
jatw

jatw

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
I tried everything....I just reformatted Windows again.....if there is a way to never get this to happen again that would be great.
  • 0

#6
Dr. Zoltar

Dr. Zoltar

    New Member

  • Member
  • Pip
  • 4 posts
Did reformatting fix the issue?

I use on my own computer a combination of Ad-Aware, Spybot, Microsoft's Anti-Spyware Program, and Norton's Anti-virus. All of them except Norton are free. It has kept my home PC virus free, but you must update them weekly to be effective.

My two family friend's PCs that have become infected didn't keep their anti-virus programs updated. They also didn't install MS patches when they came out. Not doing either of these is an invitation for hackers to take over your PC. They rely on people not installing hot fixes or patches to do damage. And our media does a great job informing them when a flaw in the OS has been found. :tazz:

Also, I have found that most trojans come from either adult sites or crackz sites. Just be careful where you click.
  • 0

#7
jatw

jatw

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
lol yes this came from an adult site but it was from an email......unfortunetly the trojan virus crept up before I could shut it down, actually i played video games for a while,.....however, the assumtion is true, unfortunetly. However, yes reformating did fix the problem I, unfortunetly, did reformat and downloaded all my old programs so everything is fine. I did buy, before i got this virus, macafee and a firewall....just disapointing that this didnt do anything to help. I do thank you for atleast submitting a reply and will certainly delete any future email that i deem notorious! Good luck everyone hope you dont have to do what I did and will continue to be a memeber here. to check out any new info!!!!!
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP