spyware detected blue background on desktop with yellow message bo

[nikonuser]

I am using windows xp, a message recently appeared saying spyware dectected
download a spyware removal tool, it then changed my desktop picture, i ran a
scan which found changes to the registry, now my computer logs off as soon as
it logs on, will not allow me to log in on safe mode (f8) at all, i have left
my recovery disc in my apartment 200 miles away, although i have the
registration codes here, and i am pretty much stuck as
to what to do know, i have a basic knowledge of computers.

this virus has blocked system restore
safe mode
and log on with instant log off after flashing the blue/yellow message
any ideas anyone?

 

[Landis]

Me too! I need to get this figured out. There are about a hundred results for
this on tehweb and they all have different solutions so there is no telling
what to do/trust.

 

[Ebomb]

This is a nasty little program that makes you think you need anti-spyware and
can lead you to install the real virus. I believe this post is referring to
the 'Antivirus XP 2008' scam. You'll actually pay for a virus to to get
installed on your computer and you wouldn't know it.

If you remember seeing 'Antivirus XP 2008' when you were surfing the web
when this happened or any other time this is definately the solution.

Otherwise these are still good steps to take:


REMOVE THE FILES FROM YOUR HARD-DRIVE:
-Right-Click on My Computer and select Search...
-click All files and folders
-search for *.bmp (all or part of file name)
-Find the one that matches your background
-Note the name of the .bmp file - mine was called phccekj0e3cn.bmp (copy and
paste into notepad or something as you weill need this later, or write it
down as your computer can reboot)
-Search your drives for the last 3 characters noted in previous step. in my
case i searched on *3cn
-This search resulted in 4 files for me.
-Go to your task manager, look under the processes tab, and find the process
that matches the name of one of the files you are trying to delete (the .exe
file)
-end the process - mine was called lphccekj0e3cn.exe
-delete all files found in your search

REMOVE REGISTRY ENTRIES: (not as important since the files are no longer
there but still good idea)
-Start -> Run
-regedit
-Edit -> Find
-I searched on *3cn (the last 3 characters) but this returned some valid
registry entries. I suggest you either carefully delete all entries that look
they are related. I found 5 or 6 valid entries, but they were obvious to me
to not be related.
-typically they will have the full name like "lphccekj0e3cn" In fact you
could probably search on whatever the .exe name was (minus the .exe
extension) and you can surely delete all those entries.

FIX REGISTRY ENTRIES:
-this is what i missed in the previous post. The first time this thing runs
it changes entries in your registry to hide the 'Desktop' and/or 'Screen
Saver' tabs
-In the registry navigate to:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
-delete entries 'NoDispBackgroundPage' and/or 'NoDispScrSavPage'


Check out your display properties again, they should be back to normal.

Empty your recycle bin to get rid of it for good

Rebooting at this point is probably a good idea.