Trojan.Desktophijack help

[Guest]

Sorry if my questions are long and ridiculous, but I am truly a novice at
this all.

While online, I got a Norton security alert about Trojan.Desktophijack. I
was very tired and don't remember if it said "detected" or "infected" (don't
know if that matters), but thought it said something about not being able to
repair it. I was guided to the Symantec site, and it confuses me.

In Norton Anti-Virus reports, it showed the virus as quarantined. The
details for it said it was a "backed-up copy of a file that has been
repaired" and indicated that I could delete it. In Symantecs "What to do
after you quarantine a file", it instructs you to determine if the file is
needed. Looking at their steps to do this, I couldn't tell *for sure*; my
best guess was that it was not, so I finally hit "delete". I am a worrier,
and I'm worried about having done this.

The virus no longer shows up in quarantine. I don't have any trouble with my
desktop wallpaper or icons right now (haven't yet shut down and restarted
computer). This Symantec "What to do after..." page does not show any further
steps to follow, but another "Security Response" page says to

Disable System Restore (Windows Me/XP).
Update the virus definitions.
Run a full system scan and delete all the files detected as
Trojan.Desktophijack.
Delete any values added to the registry.
Reset the Internet Explorer home page.
Reset the desktop wallpaper.

There are many, many steps I could screw up doing all of that. I don't
understand any of it. So, do I need to do the above or anything else? Any
problem having deleted that back-up file? Or could I really be good to go
now?

Thanks for your patience and your help.

 

[John Barnett MVP]

With the exception of 'delete any values added to the registry' all the
others are straightforward.
You need to disable system restore in order to delet all the system restore
points. The reason for this is that the trojan was more than likely saved
when a system restore was taken. Deleting all system restore points means
you cannot restore your system to a previous time, thus re-infect the
machine.
Go to control panel and click the system icon. next click the system restore
tab and then click your mouse on the box marked 'turn off system, restore on
all drive'. Click apply followed by OK. All system restore points will now
be deleted. All you need do then is open system properties again (click the
system icon), click the system restore tab and then remove the tick from the
box 'turn off system restore on all drives'. System restore will now start
monitoring again and creating restore points.

Make sure your anti virus definitions are updated, by updating Norton Anti
Virus, then run a full scan. if nothing shows up the trojan has been
removed.

The same applies to the desktop wallpaper. you can check this from the
display option.

You will, of course, need to restart your pc at some point to ensure that
everything is working okay.

--
John Barnett MVP
Associate Expert
http://xphelpandsupport.mvps.org

The information in this post is supplied "as is". No warranty of any kind,
either expressed or implied, is made in relation to the accuracy,
reliability or content of this post. The Author shall not be liable for any
direct, indirect, incidental or consequential damages arising out of the use
of, or inability to use, information or opinions expressed in this post..




Go to control panel and click the Internet options icon. on the general tab
make sure that your home page is the one you have always had, not some
obscure website. If it is not the usual home page you use, then change it
back to your usual home page.

 

[Guest]

Thanks for your response. Why answers are always helpful. Just a couple of
more questions:

My understanding of what you outline below is that I will be Disabling
System Restore, Updating virus definitions and Running a full scan. Am I not
doing anything about step 4. "delete any values added to the registry" then?
Or if I am, can you offer some instructions that are more straightforward
than Symantec's?

Also, you write >> The same applies to the desktop wallpaper. you can check
this from the display option <<

I'm not clear about what applies to the desktop wallpaper, that is, what I
will be checking, from what display option, or where that is. Further along
in your post I see steps for resetting the homepage. Does the wallpaper
process follow along the same lines?

Thankyou so much,

bookbabe

With the exception of 'delete any values added to the registry' all the
others are straightforward.
You need to disable system restore in order to delet all the system restore
points. The reason for this is that the trojan was more than likely saved
when a system restore was taken. Deleting all system restore points means
you cannot restore your system to a previous time, thus re-infect the
machine.
Go to control panel and click the system icon. next click the system restore
tab and then click your mouse on the box marked 'turn off system, restore on
all drive'. Click apply followed by OK. All system restore points will now
be deleted. All you need do then is open system properties again (click the
system icon), click the system restore tab and then remove the tick from the
box 'turn off system restore on all drives'. System restore will now start
monitoring again and creating restore points.

Make sure your anti virus definitions are updated, by updating Norton Anti
Virus, then run a full scan. if nothing shows up the trojan has been
removed.

The same applies to the desktop wallpaper. you can check this from the

display option.

You will, of course, need to restart your pc at some point to ensure that
everything is working okay.

--
John Barnett MVP
Associate Expert
http://xphelpandsupport.mvps.org

The information in this post is supplied "as is". No warranty of any kind,
either expressed or implied, is made in relation to the accuracy,
reliability or content of this post. The Author shall not be liable for any
direct, indirect, incidental or consequential damages arising out of the use
of, or inability to use, information or opinions expressed in this post..

Go to control panel and click the Internet options icon. on the general tab

 

[John Barnett MVP]

You only need to delete registry values if the tojan has inserted new values
in the registry. As the trojan was 'quarantined' before it could do any
damage i'm assuming no registry values were changed. However, let me know
the link you used on the Symantec site and i'll see what they suggest.

As for wallpaper it is simply a matter of going to control panel, click the
display icon, then click the desktop tab. is the desktop you always use,
i.e., Bliss highlighted or has the desktop pattern been changed? if it's
been changed then change it back to Bliss or your original desktop
background.


--
John Barnett MVP
Associate Expert
http://xphelpandsupport.mvps.org

The information in this post is supplied "as is". No warranty of any kind,
either expressed or implied, is made in relation to the accuracy,
reliability or content of this post. The Author shall not be liable for any
direct, indirect, incidental or consequential damages arising out of the use
of, or inability to use, information or opinions expressed in this post..