Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

About blank gone! but no wallpaper/background[RESOLVED]


  • This topic is locked This topic is locked

#31
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
I'm sorry, then I have no clue because we were not able to see exactly how and what you were infected with since you cleaned it before you got here, so maybe it's still in your system or maybe something is just messed up from deleting things out of the registry.

One thing I want you to try is running a program. Download it from here:
About:Buster by RubberyDuckY

Reboot into Safe Mode and run the program. Save the log, reboot into normal mode, and post it back here.
  • 0

Advertisements


#32
munchkinman

munchkinman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Hello,
i hope this is what you asked for :tazz:

AboutBuster 5.0 reference file 28
Scan started on [03/06/2005] at [16:25:37]
------------------------------------------------
Streams(ADS) not scanned: System not NTFS
------------------------------------------------
Removed File! : C:\Windows\bxejtw.dat
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 16:25:39
  • 0

#33
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Well there was one About:Blank file!

Do this for me:

Go to Start Run - copy and paste this line in:

regedit /e c:\key.txt "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components"

Click OK.

Then go to C:\ drive and find Key.txt copy the information in the text file and paste it here.
  • 0

#34
munchkinman

munchkinman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Hey
Here is the Key.txt file

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,e1,00,00,00,00,00,00,00,1f,03,00,00,e4,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,68,02,00,00,1f,00,00,00,a8,00,00,00,9e,00,\
00,00,01,00,00,00
  • 0

#35
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Hmm, ok, we might try to get another export (what we did in the last post), I'll be back as soon as possible.

Edited by bananafanafo, 03 June 2005 - 11:00 AM.

  • 0

#36
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Please delete the first C:\deskpol.txt

Do this for me again (since we have done a reg the newer one will reflect exactly what's still there.)

Click Start > Run - Copy and paste the following:

regedit /e c:\deskpol.txt "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop"

Click OK

This will create the file c:\deskpol.txt

If it's too big, copy parts of it and paste each part in a separate post into this topic. I need to see the whole thing.

Edited by bananafanafo, 03 June 2005 - 12:19 PM.

  • 0

#37
munchkinman

munchkinman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
ok for some reason this is all that is in the file deskpol.txt

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop]


Also when just playing around i found a file called wp.exe and i realised that when i right click on the desktop and goto propetries/ background in the box that says select a background it is stuck on wp.

i then went to the file wp.exe and run norton and it says its a Trojan.desktophijacker. and failed to delete it.

i asume this could be the problem with the background, could it be??????

i hope i explained this ok.
Thanks
  • 0

#38
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Interesting. That is a smitfraud file...now I know why you can't change your wallpaper.

Please locate this file:

C:\wp.bmp

Let me know if you find it!
  • 0

#39
munchkinman

munchkinman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Ok went to find files and folders and found wp.bmp in folder
C:\PQSC\CPS00010D\NEW
  • 0

#40
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Um I don't know what that file is the file I'm looking for is located directly in C: It doesn't matter, we'll do this :tazz:

Do this for me:

Open Notepad, and copy everything in the code box below and paste it into a new notepad file. Change the "Save As Type" to "All Files". Save it as fix.reg on your Desktop. Make sure there is NO blank line above "REGEDIT4"!

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoDispAppearancePage"=-
"Wallpaper"=-
"WallpaperStyle"=-
"NoDispBackgroundPage"=-

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoActiveDesktopChanges"=-

[HKEY_CURRENT_USER\Control Panel\Desktop]
"Wallpaper"=-
"WallpaperStyle"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"notepad.exe"=-
"notepad2.exe"=-
"winlogon.exe"=-

Locate fix.reg on your Desktop and double-click on it. When it asks if you want to merge with the registry, click YES.

I need you to copy all of the Killbox instructions below and paste them into Notepad and save it.

* Then, Please download the Killbox by Option^Explicit

* Save it to your desktop.

* Run Killbox.exe.

* Select "Delete on Reboot".

* Open the Notepad file where you saved these instructions earlier, and copy the file names below to the clipboard by highlighting ALL of them then press CTRL + C

C:\wp.exe
C:\wp.bmp
C:\bsw.exe
C:\Windows\sites.ini
C:\Windows\popuper.exe
C:\Windows\system\hhk.dll
C:\Windows\System\wldr.dll
C:\Windows\System\helper.exe
C:\Windows\System\intmon.exe
C:\Windows\System\shnlog.exe
C:\Windows\System\intmonp.exe
C:\Windows\System\msmsgs.exe
C:\Windows\system\msole32.exe
C:\Windows\System\ole32vbs.exe


* Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

* Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt. If your computer does not restart automatically, please restart it manually.

After reboot, Your wallpaper may be black, but you should be able to change it now.
  • 0

Advertisements


#41
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
You have Powerquest Second Chance installed? It may have made a backup of the files. We'll get to that in a minute! :tazz:
  • 0

#42
munchkinman

munchkinman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Ok, Thank you :tazz:
I NOW HAVE A BACKGROUND, WHOOOO
;)
  • 0

#43
munchkinman

munchkinman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Yes i also have powerquest second chance installed!
  • 0

#44
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Ok great! (that you got your wallpaper back, not the PQSC is making backups of malware lol)

Copy everything in the code box below and paste it into a new notepad file. Change the "Save As Type" to "All Files" and save it as PQSC.bat on your desktop.

cd "C:\PQSC"
dir /s /a >PQSC.txt
Start notepad PQSC.txt
echo %systemroot%
cls

Double-click PQSC.bat, a notepad will open up, please copy the contents of the notepad and paste it here.
  • 0

#45
munchkinman

munchkinman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
ok tried that, it comes up saying CANNOT FIND THE PQSC.txt file
do you want to create a new file?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP