|
|
 |
|
|
Pages: 1
SPYWARE INFECTION (background message??)
(Click here to view the original thread with full colors/images)
Posted by: eyekanspele
Okay,
Whil browsing the internet the other night I stumbled accross a bad site that installed a bunch of crap ont he computer (didnt even get a warning, or asked if i wanted to, it just installed -_-). And anywyas, AVG pops up with a bunch of file names and such that are infected (this is where i close IE) and then i heal most of the files with avg. about a mintue later the same files that were infected came up again, and I wasnt able to ehal these liek the first go around, or quarentine, or delete them, nothing...
So what ever, spyware/virus, oh joy.
As I start a scan with avg and boot up adaware, another program randomly came up and started to scan my computer... not a clue whether this was installed previously or not (this is a shared computer in my family, and I hardly use it, despite how I get the honors of fixing it all the time) but I stoped that scan, and since i didnt install it i uninstalled and deleted it.
But anyways, I remove everything, or atleast i think I did... But anywyas its late (liek it is now again) so I decided to goto bed, look at it int he morning.
The next day, my background has changed...
it has this blue back ground with a black box in the center; in the lback box, there is a bunch of text, in big red letters it says "SPYWARE INFECTION" and in smaller white text it says "Your system is infected with spyware. Windows recommends you to use a spyware removal tool to prevent loss of important data and increase system performance. Using this PC before having it cleaned from spyware threats is highly discouraged."
Great.
So I booted up hijackthis 1.99 and do a scan. took the log file and checked a bunch of log analysers on the net. Cleaned it all up, restarted my computer.
Still the smae back ground. Atleast hijack this, adaware, and avg arent blinking at me constantly to fix anything.
however, I can't change my desktop wall papper...
When I go into the display properties where you should be able to change the wallpaper, it can goto the tab, and it shows that my background is this warnign sign thing, however, everyhtign that normally would allow you to change the wallpaper is greyed out and you can't change the background.... all you cna do is click the "customize desktop" button, and add and remove web content objects...
so im lost, how cna i change my background? I dont think I have anymore spyware atleast....
Posted by: Outlaw
After doing some googling, it seems to be a policy issue. Either find the appropriate option in windows and change it back, or try it the manual way:
Start Regedit.
Navigate to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
Delete the entry 'Wallpaper.htm'.
As always, make a backup before deleting anything from the registry. Also, this is something I came across on another forum, it's not guaranteed to work. Proceed with caution.
Posted by: redwench
install on demand is a bad thing.
Posted by: eyekanspele
Thanks Outlaw, that worked!!
Posted by: Waltzy
hey all had the same problem as eyekanspele so I followed outlaws instructions to get the desktop back but now the transparency behind the text is not transparent.. I was wondering if you know how to get my transparency back. Or if you could send me the registry value I seem to have now deleted so I could play round with that 
thx
waltzy
http://img.photobucket.com/albums/v...ckWaltz/jaz.jpg
Posted by: Waltzy
not to worie, changed resoloutions and back again, it replaced the deleeted registery values automaticley woo
Posted by: Andrew7689
Hello
AVG is the most rubbishy virus scanner in the world, it does not remove the virus and also it lets them through onto your computer, then tells you you have a virus, i have Mcafee virus scan this program stops the virus before hand, i rarely have a virus, only except after going to my friends, he has AVG, this program is so annoying, you need a pop blocker for it.
Regards
Andrew
Posted by: Andrew7689
Hello
Plus, a lot of people do not realise that when you download the free verion, that this is a demo program to show you what the program is like and what it does, that is why it can't cure virus infection, you have to buy there program in order to cure it, you do not get anything for free these days, and there is always a catch, like the program might be stuffed with spyware, which most spyware leads to trojans and then worms.
Regards
Andrew
Posted by: matt.modica
I've heard Spybot Search and Destroy mentioned a lot on this site.
Posted by: Waltzy
well they tell you where they are, so if your fealing adventurous then you can go and kill them yourself ! there free you just ahve to be flexible or so to speek
Posted by: Outlaw
 Quote:
|
Originally Posted by Andrew7689
Hello
Plus, a lot of people do not realise that when you download the free verion, that this is a demo program to show you what the program is like and what it does, that is why it can't cure virus infection, you have to buy there program in order to cure it, you do not get anything for free these days, and there is always a catch, like the program might be stuffed with spyware, which most spyware leads to trojans and then worms.
Regards
Andrew
|
Not true at all. AVG is one of the better free virus scanners. The free version will delete any virus or trojan it finds, and it doesn't come with any spyware either. Do some research next time, nobody needs false information.
Posted by: Waltzy
woooow  fftopic:
Posted by: Waltzy
found the werdist thing, i think ive found one of the files that is responsible for the above problem which has now been fixed, eeps popping up in the taskmanager, googled it found nothing, so whilst playing round with the file changed it into a text doucment and opend it, found some strange stuff
filename : HEJJAJMH.EXE-372B44CB.PD
�
Quote:
SCCA� # H E J J A J M H . E X E � @$��@D+7 � � � $� T� x � � BkI$� G G � � 5 2 � 5 ( f 5 � ] � 4 � b � <� 3 � c � � 5 � g
�� 5 � t |� 5 � } $ � 3 � � P� 3 � � � 2 � � �� 5 �
� 3 � � � 2 � � X� 4 � �� � � 4 � �� � ,� 3 � �� � � 4 � )� � � 3 � >� � f� 2 � @� � � 2 � G� � 2� 0 � N�
� 2 � X�
� : � b� � p 4 � c� ' � � �
5 � � � � � � � � gr� $ � � 4 � � D � � T � � d � t �
� � � � �
� � oe� we� � � � � �� � � �� � � $� � � 4� s� D� � � T� � � d� � � t� � � � � � � wt� � � � � � � � Ge� � � � � ! � � " �� � # �� � $ $� � % 4� � & D� � ' T� � ( d� � ) � � * � � + � � , $� � - T� � . d� � / � � 0 �� � 1 � � 2 � � 3 � ' 4 � 72 � G 6 7 � � 8 � � 9 $ � : 4 � ; D � < T � = d � > t � ? � @ � A � B � C � D � E � F � G �� � H �� � I $� � J 4� � K D� � L T� � M d� � N t� � O � � P � � Q � � R � � S �� � T $� � U d� � V �� � W � � X � � Y � � Z � � [ "� � \ 2� wO B� � ^ � _ � � ` p � a � � � � d � e � f 0 � @ � h � � i � � j $ � k 4 � l D � m T � n d � o t � p � q � r � s � � u � � v � � w $ � x � � y � � z � � { � | � � �� � ~ � � � � $ � � � � t� � � � � � � � � � �� � $� � 4� � T� � d� � � � � � � � � � � � � � � � � � � � d� � t� � � � � � � � � � � � � � �� �
� � � � � � $ � 4 � D � T � d � t � � � * � � �� � � � �� � D� � � � � � � � T� � � � � � � � � � � � � � � � $ � 4 � D � T � $� � � � � � � � �� � �� � � � � � � � $ � 4 � D � T � d � t � � � D� � � � � � H� � t� � � � � � $ 4 D T � $� � � � � � � � � � � � � �� �� � � � � � � � � � � J� � � � � � � 4 D � � �� �� �� T� � d� � � t� � �� � �� � � �� � � �� � � �� � � �� � � �� $ � 4 �
� D � �� T � �� d �
� t � �� � �� 4� � �� �� � �� �� � �� $� � �� 4� � �� B� � f� � �� � ?��� $ � �� � �� � �� � � �� � � �� � � �� $ � �� 4 � � D � !� T � "� � #� �� � $� � � %� � � &� � � '� � � (� � � � � *� � � +� � � ,� D � -� � .� � /� � 0� � 1� � 2� � 3� �� � 4� D� � 5� � � 6� � � 7� � � 8� � � 9� � � :� � � ;� � � <� �� � =� $� � .� � ?� � � � A� � B� � � C� � � D� 4� � E� D� � F� P� � R� � H� I� � � J� � � K� 4 � L� D � M� L � N � O� P� � � Q� $� � R� � � S� � � T� $� � U� 4� � V� @� � W� � � � � Y� � � Z� � � [� $ � \� 4 � ]� D � ^� T � _� ` � `� p � a� | � � � d� � e� � � f� � � g� $ � h� 4 � i� D � j� T � k� d � l� � m� � n� � � o� � � p� �� � q� 4� � r� T� � s� � � t� � � u� �� � v� $� � w� 4� � x� T� � y� � � z� � � {� $� � |� �� � }� �� � ~� D� � � d� � � � � � � � � � � � D� � � � � � � � � � � � � � � � � � � �
� � \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ N T D L L . D L L \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ K E R N E L 3 2 . D L L \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ U N I C O D E . N L S \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ L O C A L E . N L S \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ S O R T T B L S . N L S \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ H E J J A J M H . E X E \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ O L E A U T 3 2 . D L L \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ M S V C R T . D L L \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ U S E R 3 2 . D L L \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ G D I 3 2 . D L L \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ A D V A P I 3 2 . D L L \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ R P C R T 4 . D L L \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ O L E 3 2 . D L L \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ W I N I N E T . D L L \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ C R Y P T 3 2 . D L L \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ M S A S N 1 . D L L \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ S H L W A P I . D L L \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ C R T D L L . D L L \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ C T Y P E . N L S \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ I M M 3 2 . D L L \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ L P K . D L L \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ U S P 1 0 . D L L \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ M S G P L U S L O A D E R . D L L \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ S O R T K E Y . N L S \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ W I N S X S \ X 8 6 _ M I C R O S O F T . W I N D O W S . C O M M O N - C O N T R O L S _ 6 5 9 5 B 6 4 1 4 4 C C F 1 D F _ 6 . 0 . 2 6 0 0 . 2 1 8 0 _ X - W W _ A 8 4 F 1 F F 9 \ C O M C T L 3 2 . D L L \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ W I N D O W S S H E L L . M A N I F E S T ( � jP���RX � X� � \ D E V I C E \ H A R D D I S K V O L U M E 1 � � g-� � � � 0� � �� � .0� � �� � /� � [-� � �g � /� � � � � 9/� � R-� � &G M-� � {.� � ] � �� � f � � @ � -� � U � � � � � � � � � � � | � � � � \ D E V I C E \ H A R D D I S K V O L U M E 1 \ \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ ) \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ ' \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ W I N S X S \ z \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ W I N S X S \ X 8 6 _ M I C R O S O F T . W I N D O W S . C O M M O N - C O N T R O L S _ 6 5 9 5 B 6 4 1 4 4 C C F 1 D F _ 6 . 0 . 2 6 0 0 . 2 1 8 0 _ X - W W _ A 8 4 F 1 F F 9 \ C C F 1 D F _ 6
|
looking at the file locatuions at the bottom... hummm
Posted by: matt.modica
The newer versions of pay software such as McAfee antivirus also scan for malware.
Posted by: devildave
Hi! I Had the same problem with theblue background with the black box saying I was infected and such, I did the thing outlaw said but now there are boxes behind my icons/text on the desktop! how do I fix that??
peace##
Posted by: devildave
Hi! I Had the same problem with theblue background with the black box saying I was infected and such, I did the thing outlaw said but now there are boxes behind my icons/text on the desktop! how do I fix that??
peace##
Posted by: vespa125125
Hi
i've got the same problem but i've got a icon in my system tray aswell with a big circle with a cross on it and when you hover your mouse on it, it says your computer is infected.
I would like to know if it is spyware putting that wallpaper on there or if it is actually windows. Click the link to see it.
http://www.freewebs.com/vespa125125...tion%20icon.bmp
plz if you know how to get rid of it plz post me a reply
Posted by: Outlaw
Spyware puts that wallpaper there. Windows doesn't know if you're infected or not.
You get rid of it by running spyware scanners. Get Spybot, Ad-Aware, MS Antispyware, and any other you might prefer. Keep running them all until they don't find anything anymore.
And even though you have an updated virus scanner installed, an online scan wouldn't hurt either. A few you can try are Housecall, Bitdefender, and Panda. If you don't know where to find all those, I'm sure Google will be glad to assist.
Posted by: runningman
I just had this problem and it was "Trojan.Spywad.A". SpyDoctor will find this and clean it but the program isn't free.
I hope this is helpful!
Posted by: markdude
what do you mean about that??
i have the same problem with the boxes around my icons, but my wallpaper is now more pixelised :S
Can anyone help me out....
Posted by: devildave
Hi again i fixed the background tiles thingy.. i went to the registry(regedit) and HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer and deleted all exept "Deafult" and "NoDriveTypeAutoRun" and rebooted and it worked... i'm not very skilled with the registry but i don't think u have t have other directories than Explorer(i don't) in the HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\
hope you make it. and also i installed this really good program called XoftSpy 4.16 that removed alot. anyways...
PEACE##
Posted by: mbt
Quote:
|
Originally Posted by Waltzy
not to worie, changed resoloutions and back again, it replaced the deleeted registery values automaticley woo |
Hi,
I'm having the same problem - a trojan infected my registry and gave me the same error message on the desktop which I fixed by going into regedit and deleting the wallpaper item. However, even after changing the resolution and trying all options under My Computer (Advanced Settings), I have still njot been able to remove the shadows from under my desktop icons. Any suggestions?
Thanks a bunch, in advance, for your help.
MBT.
Posted by: ddmorg0
Let me begin by saying that I hate spyware and all who design it!!! Anyway, I have a little bit of everything mentioned in this thread. I have the black and blue background and the random Spy Sheriff like eyekanspele, the warning icon in my system tray like vespa125125, you name it. I have SpywareGaurd Browser Hijack Protection running. It keeps alerting me to the fact that my browsers default pages have been changed. I tell it to restore them, but the hijackers keep re-screwing them up. AWESOME!
I just got done running Spy-Bot , Im now running Ad-Aware, and well see how it goes from here.
Posted by: Sharky
Hi everyone, I have had the same problems with the SPYWARE message and constant pop ups, so I just windered if anyone whois not inept, as am i, in the use of hijack 1.99 will take a look at my file log and advise me on what to remove and what to keep? Thanks.
Posted by: uh...ok
Quote:
|
Originally Posted by Sharky
Hi everyone, I have had the same problems with the SPYWARE message and constant pop ups, so I just windered if anyone whois not inept, as am i, in the use of hijack 1.99 will take a look at my file log and advise me on what to remove and what to keep? Thanks.
|
Sharky, just follow the steps as Outlaw suggested, and you shouldn't have to worry about manually deleting anything.
Posted by: Sharky
Ok, thanks
Posted by: P0nix
Either mcafee or norton have a really good article on the manual removal of spy sheriff, that's a rough one usually taking these steps on xp machine cleans up the mess:
Ad-aware
Spybot
CleanUp!
Ewido
Microsoft
HijackThis
msconfig
reboot
Posted by: SurfPark
Quote:
|
Originally Posted by Outlaw
After doing some googling, it seems to be a policy issue. Either find the appropriate option in windows and change it back, or try it the manual way:
Start Regedit.
Navigate to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
Delete the entry 'Wallpaper.htm'.
As always, make a backup before deleting anything from the registry. Also, this is something I came across on another forum, it's not guaranteed to work. Proceed with caution.
|
I followed these steps, but did not see "Wallpaper.htm" anywhere, either as a registery key or as part of the editable binary data.
In my HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
I only have the following keys:
(Default)
dontdisplaylastusername
legalnoticecaptaion
legalnoticetext
shutdownwithoutlogon
undockwithoutlogon
Am I missing something? Perhaps one of my anti-viruses deleted Wallpaper.htm for me? Either way, I still can't change the background.
Posted by: SurfPark
I actually fixed it myself. I used Adware Away, a cool free program. (www.adwareaway.com). I had some "malware" that isn't really spyware or a virus. Something called CoolWebWWW and Nexus Gold Web Popups were the two spyware my trojan horse invited into my computer. Adware away was able to spot these (something Norton, AVG, MacFee, Spybot, and Ad-aware all failed at!!) Good luck guys.
Posted by: XploD
Hey guys.
I've managed to get rid of the background by deleting Wallpaper.htm in regedit. After that my icons look like they're marked or something, as other people have said in this thread.
http://hem.bredband.net/b201674/bakgrund.jpg
I've tried to change resolutions and whatnot but it's still there. So how do I get rid of those "shadows"?
On top of that I still haven't managed to get rid of all the popups I'm getting from this infection.
So please help.
Posted by: Outlaw
To make the text transparant again; right-click My Computer, go to Properties. On the Advanced tab, go into the Performance settings. Check the box that says "Use drop shadows for icon labels on desktop."
As for your pop-up problem, simply run more anti spyware programs. Spybot S&D and Ad-Aware usually catch most of it, for starters...
Posted by: XploD
Quote:
|
Originally Posted by Outlaw
As for your pop-up problem, simply run more anti spyware programs. Spybot S&D and Ad-Aware usually catch most of it, for starters...
|
I fixed the shadows. Now it's just the popups that need to be fixed. And it seems that it's not easy. I ran Adware Away, and it said I had a malware called Notify Dll Hijacker, and you were supposed to mail them about it if you had it cause it's the hardest spyware to get rid of. So I'm mailing with a guy from adwareaway.com now and trying to get rid of it, no luck so far though but I think I'm getting there.
Notify Dll Hijacker creates a .dll in C:/Windows/System32. It can't be deleted and everytime you reboot your computer it changes name. It's easy to locate the file with HijackThis though.
The spyware gives you popups and will try to download more spywares.
Posted by: elabuwa
simple thing guys just download the software spyware doctor ad aware scanned only 7 programs and objects bt this scanned over 165 objects. just try that
Posted by: 187clown
Hey thank you guys for all the Help on getting my background changed, but now i have a problems concerning the desktop icons. i did every thing you said up above. and nothing is working. i did find i can change the colors of the shadows. by going to were you would change your background and change the color were is says change background color.
im really confused. any help would be greatly appreciated.
thank you..
Clown
Posted by: hijackmasta
I had the same problem as 187clown, please help me delete that background so my computer will look like before again and I tried all of the ideas posted and none of them worked
Posted by: lovebites_666
if u dont like playing the registry then rght click on takbar >>properties>>strat menu >>customize it as u need it ...i dont think dis is a spyware issue
Posted by: penguin
thank you all for Outlaw as well for posting the fix for the spyware .. non worked yahoo spysweeper adaware nothing . thanks again !!!
(the fix was HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
Delete the entry 'Wallpaper.htm'.
)
Posted by: bmxedup
Helllo all. Im new to this site but i have a major problem with my computer, I also had the background problem (blue screen_spyware infection box_) and i got rid of it. But NOW i cant figure out how to get ride of the shadows on the desktop icons. Ive tried the my computer setting, the lock guard and all that,,,, still NOTHINg. So will some one please HELP ME. Thanks Dustin
Posted by: bmxedup
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN\MSNCoreFiles\msn.exe
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Posted by: theadpg
I had the same problem with background problem (blue screen spyware infection box). I got rid of it and at first I couldn't fix the shadows behind the desktop icons...
The real problem was that the Spyware loaded a web page as your desktop (Active Desktop). You'll see that it was activated when the spyware loaded that blue background, which you've since deleted as referenced earlier in the thread. Therefore, the quick and dirty fix is to disable the Active Desktop (like you had your system configued before the spyware)
If you go to Display Props->Desktop-> Customize Desktop, you'll have a Web tab. When you have Active Desktop, you'll get the colored shadows.
The way I fixed it was to disable Active Desktop by downloading Tweak XP from www.tweakxp.com. Run it and select Desktop-> Active Desktop-> Disable Active Desktop. You'll be prompted to log off. Once you log back on the shadows will be gone, and the Web tab will disappear from Display Props->Desktop-> Customize Desktop.
"now you own me a watermelon"
Posted by: Sarafan
I had the exact same problem. After two days of trying I bought spyware doctor online and this got rid of the problem! it was a big head ache for me so I hope you have the same success!
Posted by: unberninja
I caught the same thing yesterday afternoon. It's a malware program called SpyAxe, it automatically downloads itself, reinstalls itself, and is damn hard to get rid of. I spent hours trying different programs and had to get my tech support friend to come over and look at it.
So far, my comp's still clean...
Posted by: computerdude12
Hey ppl i have that message in the black box red letters and blue screen is still there. Could sumbody plzz give step by step how to get rid of it?
Posted by: computerdude12
plzz sum1 help thxx
Posted by: Mel
Devildave, thanks so much for the fix about the spyware infection black box. It worked great.
Posted by: computerdude12
hey mel can u tell me how u got rid of the black box pllz i tried everything but it won't work so plzz tell me what u did thx
Posted by: computerdude12
what is regedit?
Posted by: Ocean
an application that edits the windows registry, a collection of settings spread out across approximately 2 files, start menu>run>regedit. lots of windows settings, last positions, viewed history, file structure info etc etc
on a similar note, i just freakin decided to wipe my windows partition and just reinstalled and updated everything, i started looking for a program to recover my ut2k4 cd key, (i saved the appropriate stuff prior), i ended up at serials.ws , a great site for bad things. without anything even popping up and a fully updated ie and a firewall, BAM, instant virus. killed my taskmanager instantly, and i instantly became limited with the tools to fix my comp, i tried, avg didnt help. so i just wiped it again  . i gave ie another try, but it sucks ass, back to opera for everything, including windows update.
pissed me off.
Posted by: Gerber
Thanks to Devildave !! Hey man, Id like to kiss you or something!
He was absolutely right... here is his previous post again (working!):
" Hi again i fixed the background tiles thingy.. i went to the registry(regedit) and HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer and deleted all exept "Deafult" and "NoDriveTypeAutoRun" and rebooted and it worked... i'm not very skilled with the registry but i don't think u have t have other directories than Explorer(i don't) in the HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ "
Posted by: Suzy
I had a problem with this also, I downloaded spydoctor and it removed it, along with 200 other spyware infections that spybot and ad-aware missed.
Posted by: Ocean
del me
Posted by: Patel22
thanx outlaw i had the some prob
Posted by: fety
Hold up people. Don't go deleting all those. Some of the values in there are for custom settings that one may have specified using TweakUI.
All you need to delete in HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
is ForceActiveDesktopOn and NoActiveDesktop. It will maintain the Web tab in Customize Dektop and rid the color behind the icons. Log out and back in or reboot.
Done! That's it!
I didn't notice a difference in anything when I deleted the whole HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop tree.
Posted by: Venn
Get NOD32. Get Firefox.... IE sucks the big 1...
Posted by: ibnot4u
Has anyone found a SIMPLE solution to get rid of this "spyware infected" mess?
Posted by: devildave
Hey, I know this is an old post, but does anyone know how to make something similar to the wallpaper.htm file? so that thei can't change the background? would'a been neat to change the background on my school or something
PEACE##
Posted by: redwench
no one is going to tell you how to hack a school computer.
Posted by: Thelby
Personally I use X-Block/X-Cleaner along with a Firewall on my router and a Tweaked Firewall on each Computer to compliment the router firewall and not interfere with the LAN. X-Block does a fantastic job of keeping the CRAP off my Computers. Try it @ :
http://www.xblock.com/
You'll be glad you did!!!
|
|
|
|
|
