Spyware Infection Desktop

Discussion in 'Windows XP General' started by Guest, Aug 2, 2006.

  1. Guest

    Guest Guest

    I'm currently on a Compaq Presario V2000 laptop. Before I had set up my
    antispyware software, I got a desktop background saying:

    SPYWARE
    INFECTION

    Your system is infected with spyware. Windows recommends you to use a
    spyware removal tool to prevent loss of important data and increase system
    performance. Using this PC before having it cleaned from spyware threats is
    highly discouraged.


    I removed the spyware and now when I try to change my desktop, it still
    remains the SPYWARE INFECTION desktop. Help Please.
     
    Guest, Aug 2, 2006
    #1
    1. Advertisements

  2. From: "BadWithTechnology" <>

    | I'm currently on a Compaq Presario V2000 laptop. Before I had set up my
    | antispyware software, I got a desktop background saying:
    |
    | SPYWARE
    | INFECTION
    |
    | Your system is infected with spyware. Windows recommends you to use a
    | spyware removal tool to prevent loss of important data and increase system
    | performance. Using this PC before having it cleaned from spyware threats is
    | highly discouraged.
    |
    | I removed the spyware and now when I try to change my desktop, it still
    | remains the SPYWARE INFECTION desktop. Help Please.



    Two part reply..

    Perform Part 1 then perform Part 2.

    If the first two parts don't work, perform the alternate section.

    It is suggested that you execute each tool in Normal Mode then in Safe Mode.

    If you are using any version of Sun Java that is prior to JRE Version 5.0,
    then you are strongly urged to remove any/all versions that are prior to JRE/JSE
    Version 5.0. There are vulnerabilities in them and they are actively being exploited.
    This is most likely why you got infected with malware.

    Therefore, it is highly suggested that if there are any prior versions of Sun Java
    to Version 5 on the PC that they be removed and Sun Java JRE/JSE Version 5.0 Update 7
    be installed ASAP.

    Simple check, look under...
    C:\Program Files\Java

    The only folder under that folder should be the latest version...

    C:\Program Files\Java\jre1.5.0_07


    http://www.java.com/en/download/manual.jsp



    Part 1
    -----------

    Use noahdfear's SmitFraud, SpyAxe, SpyFalcon, et. al., removal tool -- SmitRem.exe
    http://noahdfear.geekstogo.com/click counter/click.php?id=1

    http://www.bleepingcomputer.com/forums/topic43659.html


    Part 2
    -----------

    Download SmitFraud.exe from the URL --
    http://www.ik-cs.com/programs/virtools/SmitFraud.exe

    Execute; SmitFraud.exe { Note: You must accept the default of C:\McAfee }
    Choose; Unzip
    Choose; Close

    NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
    FireWall to enable WGET.EXE to download the needed McAfee related files.

    Execute; c:\mcafee\clean.bat
    { or Double-click on 'Clean Link' in c:\mcafee }

    A final report in HTML format called C:\mcafee\Normal_ScanReport.HTML or
    C:\mcafee\Safe_ScanReport.HTML will be generated. At the end of the scan, it will be
    displayed in your browser (Opera, FireFox or Internet Explorer). However, if you are using
    WinXP, Win2K or Win2003 your system will be left in a state where you will have to manually
    shutdown/reboot the PC. On Win9x/ME platforms the report will not be shown in your bowser
    but your PC will automatically be shutdown. It is suggested that you move the report out of
    c:\mcafee before performing another scan.

    It would be best to scan in both Safe Mode and in Normal Mode and save a copy of the HTML
    report for each session.


    ALTERNATE:

    Part 1
    -----------

    Secured2K's SpyAxe, PSGuard, Smitfraud, Sinnaka and Alemod removal tool.

    http://secured2k.home.comcast.net/tools/AntiPuper.exe

    http://forums.mcafeehelp.com/viewtopic.php?t=65072


    Part 2
    -----------

    S!ri's SmitfraudFix
    http://siri.urz.free.fr/Fix/SmitfraudFix_En.php


    Please Copy and Paste the contents of the HTML Log files;
    C:\mcafee\Normal_ScanReport.HTML & C:\mcafee\Safe_ScanReport.HTML in your reply.

    * * * Please report back your results * * *


    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm
     
    David H. Lipman, Aug 2, 2006
    #2
    1. Advertisements

  3. Guest

    Guest Guest

    Hey BWT,

    Just go into start > control panel > appearance and themes > Display >
    desktop tab > customize desktop button > web tab > uncheckmark and delete all
    entries in there > ok > ok > restart. Good Luck

    Joe

    Kemco Technician

    "BadWithTechnology" wrote:

    > I'm currently on a Compaq Presario V2000 laptop. Before I had set up my
    > antispyware software, I got a desktop background saying:
    >
    > SPYWARE
    > INFECTION
    >
    > Your system is infected with spyware. Windows recommends you to use a
    > spyware removal tool to prevent loss of important data and increase system
    > performance. Using this PC before having it cleaned from spyware threats is
    > highly discouraged.
    >
    >
    > I removed the spyware and now when I try to change my desktop, it still
    > remains the SPYWARE INFECTION desktop. Help Please.
     
    Guest, Aug 2, 2006
    #3
  4. From: "Kemco" <>

    | Hey BWT,
    |
    | Just go into start > control panel > appearance and themes > Display >
    | desktop tab > customize desktop button > web tab > uncheckmark and delete all
    | entries in there > ok > ok > restart. Good Luck
    |
    | Joe
    |
    | Kemco Technician
    |


    And how will that remove the SmitFraud Trojan (or FakeAlert, ZLob, etc.) that has caused
    this ?
    How about if the malware has also set the Policies to limit the user's ability to change teh
    Desktop ?

    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm
     
    David H. Lipman, Aug 2, 2006
    #4
  5. Guest

    Guest Guest

    I am trying to remove the spyware off my computer, but it won't let me.It
    tells me the system is locked and can't close it down now what.

    "BadWithTechnology" wrote:

    > I'm currently on a Compaq Presario V2000 laptop. Before I had set up my
    > antispyware software, I got a desktop background saying:
    >
    > SPYWARE
    > INFECTION
    >
    > Your system is infected with spyware. Windows recommends you to use a
    > spyware removal tool to prevent loss of important data and increase system
    > performance. Using this PC before having it cleaned from spyware threats is
    > highly discouraged.
    >
    >
    > I removed the spyware and now when I try to change my desktop, it still
    > remains the SPYWARE INFECTION desktop. Help Please.
     
    Guest, Aug 2, 2006
    #5
  6. From: "missie" <>

    | I am trying to remove the spyware off my computer, but it won't let me.It
    | tells me the system is locked and can't close it down now what.
    |


    The same advice I gave the OP...

    Two part reply..

    Perform Part 1 then perform Part 2.

    If the first two parts don't work, perform the alternate section.

    It is suggested that you execute each tool in Normal Mode then in Safe Mode.

    If you are using any version of Sun Java that is prior to JRE Version 5.0,
    then you are strongly urged to remove any/all versions that are prior to JRE/JSE
    Version 5.0. There are vulnerabilities in them and they are actively being exploited.
    This is most likely why you got infected with malware.

    Therefore, it is highly suggested that if there are any prior versions of Sun Java
    to Version 5 on the PC that they be removed and Sun Java JRE/JSE Version 5.0 Update 7
    be installed ASAP.

    Simple check, look under...
    C:\Program Files\Java

    The only folder under that folder should be the latest version...

    C:\Program Files\Java\jre1.5.0_07

    http://www.java.com/en/download/manual.jsp

    Part 1
    -----------

    Use noahdfear's SmitFraud, SpyAxe, SpyFalcon, et. al., removal tool -- SmitRem.exe
    http://noahdfear.geekstogo.com/click counter/click.php?id=1

    http://www.bleepingcomputer.com/forums/topic43659.html

    Part 2
    -----------

    Download SmitFraud.exe from the URL --
    http://www.ik-cs.com/programs/virtools/SmitFraud.exe

    Execute; SmitFraud.exe { Note: You must accept the default of C:\McAfee }
    Choose; Unzip
    Choose; Close

    NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
    FireWall to enable WGET.EXE to download the needed McAfee related files.

    Execute; c:\mcafee\clean.bat
    { or Double-click on 'Clean Link' in c:\mcafee }

    A final report in HTML format called C:\mcafee\Normal_ScanReport.HTML or
    C:\mcafee\Safe_ScanReport.HTML will be generated. At the end of the scan, it will be
    displayed in your browser (Opera, FireFox or Internet Explorer). However, if you are using
    WinXP, Win2K or Win2003 your system will be left in a state where you will have to manually
    shutdown/reboot the PC. On Win9x/ME platforms the report will not be shown in your bowser
    but your PC will automatically be shutdown. It is suggested that you move the report out of
    c:\mcafee before performing another scan.

    It would be best to scan in both Safe Mode and in Normal Mode and save a copy of the HTML
    report for each session.

    ALTERNATE:

    Part 1
    -----------

    Secured2K's SpyAxe, PSGuard, Smitfraud, Sinnaka and Alemod removal tool.

    http://secured2k.home.comcast.net/tools/AntiPuper.exe

    http://forums.mcafeehelp.com/viewtopic.php?t=65072

    Part 2
    -----------

    S!ri's SmitfraudFix
    http://siri.urz.free.fr/Fix/SmitfraudFix_En.php

    Please Copy and Paste the contents of the HTML Log files;
    C:\mcafee\Normal_ScanReport.HTML & C:\mcafee\Safe_ScanReport.HTML in your reply.

    * * * Please report back your results * * *


    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm
     
    David H. Lipman, Aug 3, 2006
    #6
  7. Guest

    Guest Guest

    The OP stated:

    | I removed the spyware and now when I try to change my desktop, it still
    | remains the SPYWARE INFECTION desktop. Help Please.

    I suppose I should have covered that he may still have smitfraud but I was
    assuming, and I know that its not the right thing to do, that when he says he
    removed the spyware that he had an anti-spyware capable of removing the
    threats. My bad, I guess....

    Joe

    Kemco Technician

    "David H. Lipman" wrote:

    > From: "Kemco" <>
    >
    > | Hey BWT,
    > |
    > | Just go into start > control panel > appearance and themes > Display >
    > | desktop tab > customize desktop button > web tab > uncheckmark and delete all
    > | entries in there > ok > ok > restart. Good Luck
    > |
    > | Joe
    > |
    > | Kemco Technician
    > |
    >
    >
    > And how will that remove the SmitFraud Trojan (or FakeAlert, ZLob, etc.) that has caused
    > this ?
    > How about if the malware has also set the Policies to limit the user's ability to change teh
    > Desktop ?
    >
    > --
    > Dave
    > http://www.claymania.com/removal-trojan-adware.html
    > http://www.ik-cs.com/got-a-virus.htm
    >
    >
    >
     
    Guest, Aug 3, 2006
    #7
  8. From: "Kemco" <>

    | The OP stated:
    |
    |> I removed the spyware and now when I try to change my desktop, it still
    |> remains the SPYWARE INFECTION desktop. Help Please.
    |
    | I suppose I should have covered that he may still have smitfraud but I was
    | assuming, and I know that its not the right thing to do, that when he says he
    | removed the spyware that he had an anti-spyware capable of removing the
    | threats. My bad, I guess....
    |
    | Joe
    |
    | Kemco Technician
    |

    The utilities I posted, incli\uding my own, are written specifically for this falmily of
    malware and will remove the policies that block changes to the desktop as well as other
    known relationships with this family of malware.

    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm
     
    David H. Lipman, Aug 3, 2006
    #8
  9. Guest

    Jay Guest

    I'm currently using Ad-aware and the Mcafee security centre, do you
    think this a sufficient amount of security to repel current spyware
    threats?

    Regards,
    Jay

    David H. Lipman wrote:
    > From: "Kemco" <>
    >
    > | The OP stated:
    > |
    > |> I removed the spyware and now when I try to change my desktop, it still
    > |> remains the SPYWARE INFECTION desktop. Help Please.
    > |
    > | I suppose I should have covered that he may still have smitfraud but I was
    > | assuming, and I know that its not the right thing to do, that when he says he
    > | removed the spyware that he had an anti-spyware capable of removing the
    > | threats. My bad, I guess....
    > |
    > | Joe
    > |
    > | Kemco Technician
    > |
    >
    > The utilities I posted, incli\uding my own, are written specifically for this falmily of
    > malware and will remove the policies that block changes to the desktop as well as other
    > known relationships with this family of malware.
    >
    > --
    > Dave
    > http://www.claymania.com/removal-trojan-adware.html
    > http://www.ik-cs.com/got-a-virus.htm
     
    Jay, Aug 7, 2006
    #9
  10. David H. Lipman, Aug 7, 2006
    #10
  11. Guest

    Plato Guest

    Jay wrote:
    >
    > I'm currently using Ad-aware and the Mcafee security centre, do you
    > think this a sufficient amount of security to repel current spyware
    > threats?


    No. Best bet is NOT to install spyware in the first place.


    --
    http://www.bootdisk.com/
     
    Plato, Aug 9, 2006
    #11
    1. Advertisements

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Alberto

    Can not open desktop anymore after virus infection

    Alberto, Sep 23, 2005, in forum: Windows XP General
    Replies:
    3
    Views:
    188
    Alberto
    Sep 24, 2005
  2. Guest

    Blue, black and red Spyware Infection Screen!

    Guest, Jan 11, 2006, in forum: Windows XP General
    Replies:
    4
    Views:
    376
  3. Guest

    "SPYWARE INFECTION" BLACK BOX ON DESKTOP

    Guest, Jan 28, 2006, in forum: Windows XP General
    Replies:
    7
    Views:
    231
    Malke
    Jan 30, 2006
  4. Guest

    spyware infection

    Guest, Mar 21, 2006, in forum: Windows XP General
    Replies:
    1
    Views:
    205
  5. Stacy Young

    Curing Major Spyware Infection

    Stacy Young, Jun 30, 2010, in forum: Windows XP General
    Replies:
    8
    Views:
    264
    Don Wiss
    Jul 2, 2010
Loading...

Share This Page