| Author |
Message |
Ted_E_Bear
Guest
|
 Posted:
Thu Nov 10, 2005 1:28 am Post subject:
Sptware Infection |
|
|
I have received a notice on my desktop stating "Your system is infected with
spyware" . Does anyone know how to clear the message from the desktop?
--
Ted |
|
| Back to top |
|
 |
David H. Lipman
Guest
|
| Posted:
Thu Nov 10, 2005 1:28 am Post subject:
Re: Sptware Infection |
|
|
From: "Ted_E_Bear" <TedEBear@discussions.microsoft.com>
| I have received a notice on my desktop stating "Your system is infected with
| spyware" . Does anyone know how to clear the message from the desktop?
| --
| Ted
For non-viral malware...
Please download, install and update the following software...
Ad-aware SE v1.06
http://www.lavasoft.de/
http://www.lavasoftusa.com/
SpyBot Search and Destroy v1.4
http://security.kolla.de/
After the software is updated, I suggest scanning the system in Safe Mode.
I also suggest downloading, installing and updating BHODemon for any Browser Helper Objects
that may be on the PC.
BHODemon
http://www.definitivesolutions.com/bhodemon.htm
For viral malware...
Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe
It is a self-extracting ZIP file that contains the Kixtart Script Interpreter {
http://kixtart.org Kixtart is CareWare } 4 batch files, 6 Kixtart scripts, one Link
(.LNK) file, a PDF instruction file and two utilities; UNZIP.EXE and WGET.EXE. It will
simplify the process of using; Sophos, Trend, Kaspersky and McAfee Anti Virus Command
Line Scanners to remove viruses, Trojans and various other malware.
C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.
You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.
When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file.
To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close
Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }
NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.
* * * Please report back your results * * *
--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm |
|
| Back to top |
|
|
Ted_E_Bear
Guest
|
| Posted:
Thu Nov 10, 2005 7:34 am Post subject:
Re: Sptware Infection |
|
|
Hi David. Thanks for responding. I have deleted all of the infections and
re-ran the scanner software and the infections are gone but I am left with
the screen under my icons on the desktop which states that "Spyware
Infection. The system is infected with spyware etc." It has overwritten my
blue background with the message and I can not get rid of it. I am unable to
change backgrounds.
--
Ted
"David H. Lipman" wrote:
| Quote: | From: "Ted_E_Bear" <TedEBear@discussions.microsoft.com
| I have received a notice on my desktop stating "Your system is infected with
| spyware" . Does anyone know how to clear the message from the desktop?
| --
| Ted
For non-viral malware...
Please download, install and update the following software...
Ad-aware SE v1.06
http://www.lavasoft.de/
http://www.lavasoftusa.com/
SpyBot Search and Destroy v1.4
http://security.kolla.de/
After the software is updated, I suggest scanning the system in Safe Mode.
I also suggest downloading, installing and updating BHODemon for any Browser Helper Objects
that may be on the PC.
BHODemon
http://www.definitivesolutions.com/bhodemon.htm
For viral malware...
Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe
It is a self-extracting ZIP file that contains the Kixtart Script Interpreter {
http://kixtart.org Kixtart is CareWare } 4 batch files, 6 Kixtart scripts, one Link
(.LNK) file, a PDF instruction file and two utilities; UNZIP.EXE and WGET.EXE. It will
simplify the process of using; Sophos, Trend, Kaspersky and McAfee Anti Virus Command
Line Scanners to remove viruses, Trojans and various other malware.
C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.
You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.
When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file.
To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close
Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }
NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.
* * * Please report back your results * * *
--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm
|
|
|
| Back to top |
|
|
David H. Lipman
Guest
|
| Posted:
Thu Nov 10, 2005 8:01 am Post subject:
Re: Sptware Infection |
|
|
From: "Ted_E_Bear" <TedEBear@discussions.microsoft.com>
| Hi David. Thanks for responding. I have deleted all of the infections and
| re-ran the scanner software and the infections are gone but I am left with
| the screen under my icons on the desktop which states that "Spyware
| Infection. The system is infected with spyware etc." It has overwritten my
| blue background with the message and I can not get rid of it. I am unable to
| change backgrounds.
|
Copy and paste the below text between the dashes (--------------) and save it as a file on
the desktop called; FixReg.REG
Double Click on the FixReg.REG file and allow the contents to be merged into your Registry.
NOTE: It is possible that one or more lines may get "wrapped" and for teh REG file to
worlk, the lines will need to be unwrapped in the .REG file.
--------------
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Start_EnableDragDrop"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Desktop\General]
"WallpaperFileTime"=-
"WallpaperLocalFileTime"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoDispAppearancePage"=-
"Wallpaper"=-
"WallpaperStyle"=-
"NoDispBackgroundPage"=-
"DisableRegistryTools"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoActiveDesktopChanges"=-
"ForceActiveDesktopOn"=-
"NoSaveSettings"=dword:00000000
"NoChangeStartMenu"=dword:00000000
"NoSetTaskbar"=dword:00000000
"NoStartMenuSubFolders"=dword:00000000
"NoStartMenuMFUprogramsList"=dword:00000000
"NoStartMenuMorePrograms"=dword:00000000
"NoToolbarsOnTaskbar"=dword:00000000
[HKEY_CURRENT_USER\Control Panel\Desktop]
"Wallpaper"=-
"WallpaperStyle"=-
[HKEY_CURRENT_USER\Control Panel\Colors]
"Background"="0 78 152"
--------------
--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm |
|
| Back to top |
|
|
Ted_E_Bear
Guest
|
| Posted:
Thu Nov 10, 2005 9:27 am Post subject:
Re: Sptware Infection |
|
|
Hi David. It worked. Thank you very much. Guess I should learn about the
registry.
--
Ted
"David H. Lipman" wrote:
| Quote: | From: "Ted_E_Bear" <TedEBear@discussions.microsoft.com
| Hi David. Thanks for responding. I have deleted all of the infections and
| re-ran the scanner software and the infections are gone but I am left with
| the screen under my icons on the desktop which states that "Spyware
| Infection. The system is infected with spyware etc." It has overwritten my
| blue background with the message and I can not get rid of it. I am unable to
| change backgrounds.
|
Copy and paste the below text between the dashes (--------------) and save it as a file on
the desktop called; FixReg.REG
Double Click on the FixReg.REG file and allow the contents to be merged into your Registry.
NOTE: It is possible that one or more lines may get "wrapped" and for teh REG file to
worlk, the lines will need to be unwrapped in the .REG file.
--------------
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Start_EnableDragDrop"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Desktop\General]
"WallpaperFileTime"=-
"WallpaperLocalFileTime"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoDispAppearancePage"=-
"Wallpaper"=-
"WallpaperStyle"=-
"NoDispBackgroundPage"=-
"DisableRegistryTools"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoActiveDesktopChanges"=-
"ForceActiveDesktopOn"=-
"NoSaveSettings"=dword:00000000
"NoChangeStartMenu"=dword:00000000
"NoSetTaskbar"=dword:00000000
"NoStartMenuSubFolders"=dword:00000000
"NoStartMenuMFUprogramsList"=dword:00000000
"NoStartMenuMorePrograms"=dword:00000000
"NoToolbarsOnTaskbar"=dword:00000000
[HKEY_CURRENT_USER\Control Panel\Desktop]
"Wallpaper"=-
"WallpaperStyle"=-
[HKEY_CURRENT_USER\Control Panel\Colors]
"Background"="0 78 152"
--------------
--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm
|
|
|
| Back to top |
|
|
David H. Lipman
Guest
|
| Posted:
Thu Nov 10, 2005 9:27 am Post subject:
Re: Sptware Infection |
|
|
From: "Ted_E_Bear" <TedEBear@discussions.microsoft.com>
| Hi David. It worked. Thank you very much. Guess I should learn about the
| registry.
Fantastic !
That means the malware modified the Local Policies of the PC as I suspected.
The Registry settings I provided removed those Policy setting modifications.
One infector that I know that makes the modifications is the SmitFraud Trojan.
I'm curious as to what infector was the cause of your problems.
--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm |
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in