Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Interesting spyware issue [CLOSED]


  • This topic is locked This topic is locked

#1
RhettSarlin

RhettSarlin

    New Member

  • Member
  • Pip
  • 2 posts
all right, i like to give the full story on things, but if you just want to get to the point, skip to the last paragraph.

ok, i've had my share and more of spyware over the years, normally i can get rid of it fine. use adaware, and spybot, can identify things needing removal in hijackthis logs, etc etc(just so you know i'm not new at this so you dont need to go through the normal steps of checking if they have this program or that program :tazz:). anyway, so my computer starts getting system error notifications popping up here and there, where each time i'd click to get rid of it it would pop back up.

so i figure spyware, do scans, but only find minor normal tracking cookies and the like, and removing them doesnt fix the issue. so i bring up hijackthis, do a scan, and start browsing through...everything looks normal except for two under hklm with basically randomly generated letter/number names saying they were in the system32 folder. check the names on google to make sure i wasnt deleting something important(though i'd never seen them before so i already knew they had to be spyware), sure enough nothing turns up.

so i check them, remove them. scan again to look for more...and theyre back. which is odd, not to say that spyware CANT put itself back on, but i've only had that happen once previously. so do it once more, scan again, sure enough, still there. so i make a mental note of the filenames and go to the system32 folder to see if they were there...nothing by that name in the folder(i have all files visible).

so i decide to try spysweeper on it again(i've heard some mixed reviews on that but when i'd used it previously it worked QUITE well, found some stuff that adaware and spybot wouldnt touch), download and install, go to reboot...windows opens up, and a active desktop hijacker proceeds to change my desktop to inform me that the fbi knows what i've been doing and such ;).

i go to turn off active desktop, get rid of the annoyance for the moment...unclick the picture it selected for me, delete the picture, apply....a moment later, it reinstalls it and reactivates it. i check the file name, its in my temp folder, so i look in there and...sure enough, nothing again. so i scan with spysweeper, which does find a few extra things but not what i was looking for, then i go into its shields and go to the startup shield to see what all was in my startup list. there, it lists the two files the hijackthis scan turned up, so i deactivate those, apply, and a moment later it tells me they reactivated.

so i restart in safe mode, deactivate them from THERE, check stuff again but dont find anything, reboot normally and proceed to download a norton trial(i'm a poor boy, havent ever had the cash to get good virus protection)....during that i note the fact that the spyware isnt doing anything anymore, i appear to have stopped it for the time being. discover that apparently i've already used a norton trial on this computer, though i didnt recall having done so :/. anyway.

NOW FOR THE ACTUAL ISSUE: after all this, knowing that the spyware is still on my system but unable to do anything at the moment, i went to deactivate active desktop(i NEVER use active desktop, i hate it)...but the checkbox to deactivate it is grayed out. check the other places you can deactivate it from, all grayed out. i no longer have the option available for turning off active desktop. would i have to actually get rid of the spyware before i could get the option back, or does anyone know what else i could change in order to get it back? is it something i'd need to change in the registry or some such? i know enough to do whatever changes are needed if told what to do, but i really dont know my way around the registry very well.
  • 0

Advertisements


#2
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Hi RhettSarlin and welcome to GeeksToGo!


If you are having malware issues, please got to the following site and follow all the instructions carefully.


You Must Read This Before Posting A Hijackthis Log

this will help you clean up to 70 percent of all problems by yourself. If at the end of the process you are still having difficulty--and you may not be-- then post a hijackthis log in THIS thread.

Thanks,

:tazz:

Excal
  • 0

#3
RhettSarlin

RhettSarlin

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
heh. wrong forum perhaps then? :tazz: i read that thread before posting in here, but i'm not POSTING my hijackthis log because i already got rid of the malware that was in there ;). if this forum is just for hijackthis logs, then i guess i should look elsewhere.
  • 0

#4
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
See if this takes care of your problem. Do you remember what type of malware you had?


Exit Add/Remove Programs.Please right-click: HERE and go to Save As (in Internet Explorer it's "Save Target As") in order to download Grinler's reg file. Save it to your desktop.

Locate "smitfraud.reg" on your desktop and double-click it. When asked if you want to merge with the registry, click YES. Wait for the "merged successfully" prompt



Thanks,

:tazz:

Excal
  • 0

#5
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP