ACTIVE DESKTOP HIGHJACK

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

My OS is Windows 2000 professional, and i got my active desktop highjacked by
some sort of spy/malware, and i got as my screen background an add of a
supposed spyware/malware removal utility called SMART SECUTITY. ( imagine
that! )
The thing is i have no acess to my right mouse button, part of my desktop
icons have dissapeared, and even if i go to my crontrol pannel/monitor
properties, i have no acess to it in order to make the change.
I have run AD Aware SE, and cleaned everything. I even used the new
Microsoft AntiSpyware Beta version utility which have detected some more
items to clean.
I have restarted the laptop, but still same problem continues. The image i
have as background is an HTML file that even if i go manually delete it,
after restart it apears again.

Does anyone have a possible solution that could help me out?

Thank you.

SEV
 
Get rid of Microsoft Anti Spyware & Adware Away & download SpyBot S & D from
here:

http://www.spybot.info/en/download/index.html

To re-enable right-click on the Desktop, do this:

User Key:
----------

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explore
r


System Key:
------------

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explor
er


Key Name:
------------

NoViewContextMenu

Value:
------

0 = Show Context Menu <---- use this option
1 = Hide Context Menu

--------------------------------

To show all items on the Desktop:

User Key:
---------

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explore
r

System Key:
------------

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explor
er

Key Name:
----------

NoDesktop

Value:
------

0 = Show icons on Desktop <---- use this option
1 = Hide Desktop icons

-------------------------

The 'monitor' Properties in Control Panel. Don't you mean 'Display'
Properties?

To gain access to the 'Display' applet in Control Panel again, do this:

User Key:
---------

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System

System Key:
------------

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System

Key Name:
----------

NoDispCPL

Value:
------

0 = Enable Display settings applet <---- use this option
1 = Disable Display settings applet

----------------------------------------------------------------------------
-----

The reason for that HTML page keep showing after you restart is because its
running on startup. The startup key you need to navigate to is:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

In the right-hand pane you will see the programs running on startup. One of
these values will be the spyware program that creates the HTML file.

Firstly, backup your registry key by click the REGISTRY menu, EXPORT key &
choose a name/location to export it to

If there are any that don't make any sense like 'dlfhwkjbf' (example only)
then delete them. If you have Quicktime, RealPlayer you can delete those too
because they only take up memory.. Now, click the key on the left under the
run key (maybe 'RunOnce' or 'RunOnceEx') & check what is running on startup
there too. Do exactly the same to this key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

And also check the keys below like 'Run-' or 'RunOnce' etc, but remember to
back up the registry key first.

----------------------------------------------------------------------------
-----

If you are worried that you may delete the wrong key name under the Run keys
then export them, right-click the file & then paste them into the reply to
this post. I will then take a look at the values, tell you which you can
delete.

----------------------------------------------------------------------------
-----

If you don't know how to open the registry editor then this is how:

Click START, click RUN, type 'regedit' (without quotes) & press ENTER

Awaiting your reply, but please get SPYBOT S & D, which will clean your
system so much better than the Microsoft Anti-Spy or Adware Away programs.

Crouchie1998
BA (HONS) MCP MCSE
 
It's not a "HijackThis" removal tool it is a "Spyware" removal tool. LOL. But please post what it tells you here. Don't be checking and removing ad nausem.
 
Back
Top