Bnaped Posted May 6, 2005 Share Posted May 6, 2005 Ahhh. My desktop has gone crazy, it changed my back round. Heres what it looks like It says somestuff about me finding a adware/spyware remover. Its totaly bs cheesy spyware. So i got microsoft anti spyware and tried to remove it. Microsoft said it was removed, but its still there, and i cant change my back round. What do i do? When survival is in question, anything goes. Link to comment Share on other sites More sharing options...
Spiralshape Posted May 6, 2005 Share Posted May 6, 2005 There are some instructions to remove that here You'll need HijackThis. Link to comment Share on other sites More sharing options...
Bnaped Posted May 6, 2005 Author Share Posted May 6, 2005 Thanks, i really hate spyware. I think i should pk who ever invented it.. When survival is in question, anything goes. Link to comment Share on other sites More sharing options...
Bnaped Posted May 6, 2005 Author Share Posted May 6, 2005 Wait.... I got this thing.... Im not sure what to get rid of, cause i think some of that stuff is my anti-virus and firewall. When survival is in question, anything goes. Link to comment Share on other sites More sharing options...
Vape Posted May 6, 2005 Share Posted May 6, 2005 Don't "get rid of anything" yet, just click "save log" and then copy and paste it to here :) Where the bloody hell are you? Link to comment Share on other sites More sharing options...
Mercifull Posted May 6, 2005 Share Posted May 6, 2005 ROFL, i removed this EXACT same virus from my friends computer last night. had me completely stumped. Go to add/remove programs and uninstall a program called iSecurityGuard or something like that. Its not a real BSOD and is actually just a forced wallpaper at C:\WP.bmp post a hijackthis log please and ill tell you what to remove. so you can then delete the files which are causing this. the background is forced via the registry entries in HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System you can safely remove this registra folder. But if you are not comfortable with modifying the registry yourself either get a friend to do it or try the following. Open notepad and paste this REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System] "NoDispAppearancePage"=- "Wallpaper"=- "WallpaperStyle"=- "NoDispBackgroundPage"=- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoActiveDesktopChanges"=- [HKEY_CURRENT_USER\Control Panel\Desktop] "Wallpaper"=- "WallpaperStyle"=- [HKEY_CURRENT_USER\Control Panel\Colors] "Background"="0 78 152" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] "notepad[Caution: ExecutableFile]"=- "notepad2[Caution: ExecutableFile]"=- "winlogon[Caution: ExecutableFile]"=- save as smitfraud.reg then right click on this new file and merge with the registry. this will bring back ie and desktop control. Mercifull <3 Suzi "We don't want players to be able to buy their way to success in RuneScape. If we let players start doing this, it devalues RuneScape for others. We feel your status in real-life shouldn't affect your ability to be successful in RuneScape" Jagex 01/04/01 - 02/03/12 Link to comment Share on other sites More sharing options...
Eb11 Posted May 6, 2005 Share Posted May 6, 2005 It looks like yure running XP, I had the same problem, and though i removed the browser and desktop hijacker, i still got popups. So, instead of removing it with hijack this, i just reverted to a restore point. Go to control panel > revert to earlier restore point, and pick a date earlier than when you first got the virus. Link to comment Share on other sites More sharing options...
gadien01 Posted May 6, 2005 Share Posted May 6, 2005 some people don't make restore points fequently enough. Restoreing to a to save point for something this trivial is useless. My suggestion is to do what Mercifull said and get ad-awear from lavasoft.com (free adwear remover) if you don't already have it. Run a full system scan on that and you should be set. Tip for other people- Never use earthlink it sucks. Link to comment Share on other sites More sharing options...
Bnaped Posted May 6, 2005 Author Share Posted May 6, 2005 Logfile of HijackThis v1.99.1 Scan saved at 5:31:38 PM, on 5/6/2005 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss[Caution: ExecutableFile] C:\WINDOWS\system32\winlogon[Caution: ExecutableFile] C:\WINDOWS\system32\services[Caution: ExecutableFile] C:\WINDOWS\system32\lsass[Caution: ExecutableFile] C:\WINDOWS\system32\svchost[Caution: ExecutableFile] C:\WINDOWS\System32\svchost[Caution: ExecutableFile] C:\WINDOWS\explorer[Caution: ExecutableFile] C:\WINDOWS\system32\spoolsv[Caution: ExecutableFile] C:\WINDOWS\System32\SMSSU[Caution: ExecutableFile] C:\WINDOWS\System32\Tmntsrv32[Caution: ExecutableFile] C:\WINDOWS\SYSTEM32\ZONELABS\vsmon[Caution: ExecutableFile] C:\Program Files\Zone Labs\ZoneAlarm\zlclient[Caution: ExecutableFile] C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile] C:\Program Files\AIM\aim[Caution: ExecutableFile] C:\WINDOWS\System32\SMSSU[Caution: ExecutableFile] C:\WINDOWS\System32\Tmntsrv32[Caution: ExecutableFile] C:\Program Files\Microsoft AntiSpyware\gcasDtServ[Caution: ExecutableFile] C:\Program Files\Internet Explorer\iexplore[Caution: ExecutableFile] C:\Program Files\Internet Explorer\iexplore[Caution: ExecutableFile] C:\Documents and Settings\Jack Patterson\My Documents\HijackThis[Caution: ExecutableFile] R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://default.home R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://default.home O2 - BHO: XMLDP Class - {60371670-81B9-4d06-9C42-4DEC1AABE62B} - C:\WINDOWS\xmllib.dll O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient[Caution: ExecutableFile] O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ[Caution: ExecutableFile]" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile]" /background O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim[Caution: ExecutableFile] -cnetwait.odl O4 - HKCU\..\Run: [sMSSU] C:\WINDOWS\System32\SMSSU[Caution: ExecutableFile] O4 - HKCU\..\Run: [Tmntsrv32] C:\WINDOWS\System32\Tmntsrv32[Caution: ExecutableFile] O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZONELABS\vsmon[Caution: ExecutableFile] Theres the log file... My comp is freaking out, NEVER surf the web without a firewall is what i learned. I keep rebooting and running ad-aware and spybot then restarting and it keeps comming back...Help pl0x When survival is in question, anything goes. Link to comment Share on other sites More sharing options...
Mercifull Posted May 7, 2005 Share Posted May 7, 2005 have you uninstalled iGuird Security yet? Go to the C:\ drive and try and delete WP[Caution: ExecutableFile] and WP.bmp if they are there. Then delete those registry entries like i said or merge the one i posted Mercifull <3 Suzi "We don't want players to be able to buy their way to success in RuneScape. If we let players start doing this, it devalues RuneScape for others. We feel your status in real-life shouldn't affect your ability to be successful in RuneScape" Jagex 01/04/01 - 02/03/12 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now