Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Cannot remove "infected" from desktop [RESOLVED]

Started by pmchose , Sep 26 2005 01:14 PM

  • This topic is locked This topic is locked

#1
pmchose
Posted 26 September 2005 - 01:14 PM

pmchose

    New Member

  • Member
  • Pip
  • 8 posts
Hello gang - Desktop shows "Your system is infected". I tried going into desktop and it appears that my desktop background is pointing to a link. The ability to change the backgroud is disabled some how and I can't change it. Started receiving "Only the best" pop-ups as well. I did Ad-Aware scans, Ewido, CWShreder, and Spybot but can't clear it. Ad-Watch is constantly bombarding me with registry updates that I keep blocking. Tried finding the pgm causing the mess but it keeps changing. Need some help with this and appreciate anything you can do.
  • 0

Advertisements

#2
Trevuren
Posted 26 September 2005 - 02:26 PM

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Hi pmchose welcome to Geeks 2 Go.

My name is Trevuren and I will be assisting you with your log.

However, before I am able to analyze your problem, you must read the information provided in the following link and I would like you to follow the steps that are recommended before posting a new log:

You Must Read This Before Posting A Log


Regards,

Trevuren
  • 0

#3
pmchose
Posted 27 September 2005 - 04:18 AM

pmchose

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Did all yesterday. No dice. Wanna hijack this log?
  • 0

#4
pmchose
Posted 27 September 2005 - 04:34 AM

pmchose

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Nothing to do at 06:30 so I decided to post a log. I had to update hijack this... Here's what I have:

Logfile of HijackThis v1.99.1
Scan saved at 6:31:24 AM, on 9/27/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\HP\KBD\KBD.EXE
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\HP CD-DVD\Umbrella\DVDTray.exe
C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\addus.exe
C:\WINDOWS\system32\d3ln.exe
C:\Documents and Settings\patrick\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\zodym.dll/sp.html#63796
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\zodym.dll/sp.html#63796
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {572A44A6-4945-DA71-B13F-066F8EC29E66} - C:\WINDOWS\appgh.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NAV Agent] c:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DVDBitSet] "C:\Program Files\HP CD-DVD\Umbrella\DVDBitSet.exe" /NOUI
O4 - HKLM\..\Run: [DVDTray] "C:\Program Files\HP CD-DVD\Umbrella\DVDTray.exe
O4 - HKLM\..\Run: [Ad-watch] C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [checktime] c:\program files\HPSelect\Frontend\ct.exe
O4 - HKLM\..\Run: [sysvr.exe] C:\WINDOWS\system32\sysvr.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\javaqv.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\UltraVNC\WinVNC.exe" -service (file missing)

Thanks for anything you can do.
  • 0

#5
Trevuren
Posted 27 September 2005 - 11:52 AM

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
1. We will have you up and running in no time.

2. Please DELETE your current HJT program from its present location.

3. Download and run the following HijackThis autoinstall program from Here . Please choose the default location of C:\Program Files\ as the destination. HJT needs to be in its own folder so that the program itself isn't deleted by accident. Having the backups could be VITAL to restoring your system if something went wrong in the FIX process!
  • Run HijackThis
  • Click SCAN and SAVE LOG. (a notepad window will open with the log in it when you click Save Log) (Ctrl-A to'select all', Ctrl-C to 'copy')
  • POST the log into this thread using 'Add Reply' (Ctrl-V to 'paste')

DO NOT MAKE ANY CHANGES OR CLICK "FIX CHECKED" UNTIL WE CHECK THE LOG, AS MOST OF THE FILES ARE LEGIT AND VITAL TO THE FUNCTION OF YOUR COMPUTER


Regards,

Trevuren
  • 0

#6
pmchose
Posted 03 October 2005 - 12:07 PM

pmchose

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Was away for a couple of days - Sorry - Things look slightly different (names changing on pgms that I'm blocking via Ad-watch) Here's my log and thanks for your help:

Logfile of HijackThis v1.99.1
Scan saved at 2:03:19 PM, on 10/3/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\WINDOWS\addus.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\HP\KBD\KBD.EXE
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\HP CD-DVD\Umbrella\DVDTray.exe
C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
C:\WINDOWS\atlah32.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\zodym.dll/sp.html#63796
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\zodym.dll/sp.html#63796
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {572A44A6-4945-DA71-B13F-066F8EC29E66} - C:\WINDOWS\appgh.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NAV Agent] c:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DVDBitSet] "C:\Program Files\HP CD-DVD\Umbrella\DVDBitSet.exe" /NOUI
O4 - HKLM\..\Run: [DVDTray] "C:\Program Files\HP CD-DVD\Umbrella\DVDTray.exe
O4 - HKLM\..\Run: [Ad-watch] C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [checktime] c:\program files\HPSelect\Frontend\ct.exe
O4 - HKLM\..\Run: [sysvr.exe] C:\WINDOWS\system32\sysvr.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\javaqv.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\UltraVNC\WinVNC.exe" -service (file missing)
  • 0

#7
Trevuren
Posted 03 October 2005 - 02:13 PM

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Your system is infected with a variant of the About:Blank infection.
  • First we must STOP, and Disable a bad Added Service
    • Click Start>Run and type in: services.msc
    • Click OK
    • In the Services window find: Remote Procedure Call (RPC) Helper
    • Select/highlight and right click the entry, and choose: Properties
    • On the General tab, under Service Status click the Stop button
    • Beside: Startup Type, in the drop menu, select: Disabled
    • Click Apply, then OK
  • Download CWShredder
    Click check for updates. Do not use it yet.

  • Download Aboutbuster 5
    Unzip the file to its own folder (C:\AB) Do not use it yet.

  • Download: HomeSearchfix. Unzip it to your desktop. Do not use it yet.

  • Download Killbox
    Choose save as to your desktop. Unzip the file. Do not use it yet.

    Take care: some files can be hidden, so first go to start > control panel > folder options > view (tab) > mark “show hidden files en extensions >OK

    Please print out these directions for in safe mode you will have to be disconnected from the internet. You should entirely disconnect (UNPLUG) from the internet!!!

  • Reboot your system intosafe mode for all OS

  • Close all windows and open HijackThis.
    • Click "scan only” in the main window
    • Put a checkmark beside the following entries and click “FIX checked”.

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\zodym.dll/sp.html#63796
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\zodym.dll/sp.html#63796
      R3 - Default URLSearchHook is missing
      O2 - BHO: Class - {572A44A6-4945-DA71-B13F-066F8EC29E66} - C:\WINDOWS\appgh.dll
      O4 - HKLM\..\Run: [sysvr.exe] C:\WINDOWS\system32\sysvr.exe
      O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\javaqv.exe (file missing)
  • Run CWShredder and choose FIX

  • Start AboutBuster and press START, and then OK. The program will start scanning.

  • Doubleclick HomeSearchfix.reg to merge the info to the registry. You will be prompted to accept the merge, answer YES.

  • Start Killbox
    • Place a checkmark next to [x] Delete On Reboot.
    • Highlight the following list and Copy it (Ctrl+C) to the windows clipboard.

      C:\WINDOWS\addus.exe
      C:\WINDOWS\atlah32.exe
      C:\WINDOWS\zodym.dll
      C:\WINDOWS\appgh.dll
      C:\WINDOWS\system32\sysvr.exe
      C:\WINDOWS\javaqv.exe

    • Back in Killbox, go > file > paste from clipboard,
    • Click the red highlighted X button and click yes to the prompt when all the files have been pasted.
    • Then click OK
    • Exit Killbox and Reboot your PC.
  • After the reboot, Start AboutBuster AGAIN and scan AGAIN.

  • Clean temporary files:
    • Go > start > run and type cleanmgr and OK
    • Scan your system for files to remove.
    • Make sure Temporary Files, Temporary Internet Files and Recycle Bin are the only things checked.
    • Click OK to remove those files.
    • Click Yes to confirm deletion.
  • Reboot your system into normal mode.

  • Download Ewido scan
    • Check for updates.
    • Let it do a full run.
    • Copy the log. Past it to a blank Notepad file and save it to post here.
  • Finally, run HijackThis, click SCAN, produce a LOG and POST it and the EWIDOscan log in this thread for review.
Regards,

Trevuren
  • 0

#8
pmchose
Posted 04 October 2005 - 12:23 PM

pmchose

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
WOW!! Things are MUCH, MUCH better. The only thing that seems out of order is the fact that I can't change my desktop anymore... Anyway - here are my logs.

Logfile of HijackThis v1.99.1
Scan saved at 2:12:53 PM, on 10/4/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\HP\KBD\KBD.EXE
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\HP CD-DVD\Umbrella\DVDTray.exe
C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
C:\Program Files\Hijackthis\HijackThis.exe

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NAV Agent] c:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DVDBitSet] "C:\Program Files\HP CD-DVD\Umbrella\DVDBitSet.exe" /NOUI
O4 - HKLM\..\Run: [DVDTray] "C:\Program Files\HP CD-DVD\Umbrella\DVDTray.exe
O4 - HKLM\..\Run: [Ad-watch] C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [checktime] c:\program files\HPSelect\Frontend\ct.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 2:07:01 PM, 10/4/2005
+ Report-Checksum: 8C8839C6

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{676575DD-4D46-911D-8037-9B10D6EE8BB5} -> Spyware.CoolWebSearch : Cleaned with backup
C:\!Submit\zodym.dll -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\crjx32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\DirectX.log:qmhymh -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\ocgen.log:klbdo -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ocgen.log:rjbwdm -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\pldwd.dll -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\system32\javavl.exe -> TrojanDownloader.Agent.bq : Cleaned with backup


::Report End

I can't tell you how much I appreciate this.
  • 0

#9
Trevuren
Posted 04 October 2005 - 12:30 PM

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
What is the problem with your desktop?

Trevuren
  • 0

#10
pmchose
Posted 05 October 2005 - 11:13 AM

pmchose

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
If I right click on desktop ---> Properties --> Select the Desktop tab, my ability to change the desktop background is gone. It also has E-Internet as a selection which I think was a link to the "You Computer....Infected" page. Here's an attachment of what it looks like.

Attached Files


  • 0

Advertisements

#11
Trevuren
Posted 05 October 2005 - 11:36 AM

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
1. Please download the following from Kelly's korners:FixMe to your desktop.

2. It should show up as a little blue cube.

3. Double click the little cube and when prompted to do so, accept that it merge with your registry.

4. REBOOT your computer.

5. PLease tell me how it went

Regards,

Trevuren
  • 0

#12
pmchose
Posted 07 October 2005 - 07:53 AM

pmchose

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Hi Trevuren - Did as instructed and rebooted. Took a long time for desktop to initialize. Same results - Can't change background. I can live with this if I must. Any other Ideas?
  • 0

#13
Trevuren
Posted 07 October 2005 - 10:59 AM

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Please try this:

Right click on http://www.greyknigh...pairDesktop.reg and download that file. Double click on it and click on Yes when it asks you if you want to merge it into the registry. Once that's done, restart your computer.

Login as usual and now right click on your Desktop and go to Properties. Next go to Desktop tab->Customize Desktop button->Web tab. Uncheck everything listed there. Then delete all the entries listed except for 'My Current Home Page'. Click OK and OK.


Regards,

Trevuren
  • 0

#14
pmchose
Posted 10 October 2005 - 10:02 AM

pmchose

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Worked like a champ!!! Everything is back to normal. Can't thank you enough. Donation coming your way.
  • 0

#15
Trevuren
Posted 10 October 2005 - 11:38 AM

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Your log looks good. If you have no more malware-related problems that you are aware of, just give me the OK and we can start the final but essential cleanup procedures.

Trevuren
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP