Annoying graphic

[Ross M. Greenberg]

My wife infected my daughter's machine with some dumb spyware. I cleaned
everything up except for her desktop. A rightclick on her desktop,
Properties, Desktop brings a disabled Background and Browse. The graphic is
"Your machine Is Inected With Spyware".

Help and Thanks!

Ross

 

[David H. Lipman]

From: "Ross M. Greenberg" <[email protected]>

| My wife infected my daughter's machine with some dumb spyware. I cleaned
| everything up except for her desktop. A rightclick on her desktop,
| Properties, Desktop brings a disabled Background and Browse. The graphic is
| "Your machine Is Inected With Spyware".
|
| Help and Thanks!
|
| Ross
|



Two part reply..

Perform Part 1 then perform Part 2.

If the first two parts don't work, perform the alternate utility.

It is suggested that you execute each tool in Normal Mode then in Safe Mode.

If you are using any version of Sun Java that is prior to JRE Version 5.0,
then you are strongly urged to remove any/all versions that are prior to JRE
Version 5.0. There are vulnerabilities in them and they are actively being exploited.
It is possible that is how you got infected with malware.

Therefore, it is highly suggested that if there are any prior versions of Sun Java
to Version 5 on the PC that they be removed and Sun Java JRE Version 5.0 Update 6
be installed ASAP.

http://www.java.com/en/download/manual.jsp



Part 1
-----------

Use noahdfear's SmitFraud and SpyAxe removal tool -- SmitRem.exe
http://noahdfear.geekstogo.com/click counter/click.php?id=1

http://www.bleepingcomputer.com/forums/topic36868.html


Part 2
-----------

Download SmitFraud.exe from the URL --
http://www.ik-cs.com/programs/virtools/SmitFraud.exe

Execute; SmitFraud.exe { Note: You must accept the default of C:\McAfee }
Choose; Unzip
Choose; Close

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to enable WGET.EXE to download the needed McAfee related files.

Execute; c:\mcafee\clean.bat
{ or Double-click on 'Clean Link' in c:\mcafee }

A final report in HTML format called C:\mcafee\ScanReport.HTML will be generated. At the
end of the scan, it will be displayed in your browser (Opera, FireFox or Internet Explorer).
It is suggested that you move the report out of c:\mcafee before performing another scan.

ALTERNATE:

Secured2K's SpyAxe, PSGuard, Smitfraud, Sinnaka and Alemod removal tool.

http://secured2k.home.comcast.net/tools/AntiPuper.exe

http://forums.mcafeehelp.com/viewtopic.php?t=65072


Please Copy and Paste the contents of the HTML Log file; C:\mcafee\ScanReport.HTML in your
reply.

* * * Please report back your results * * *

 

[Ross M. Greenberg]

Well, the alternate method did remove the annoying graphic! Thank you!

But the ability to select new wallpaper is still disabled. Any suggestions?

Thanks!

Ross

 

[David H. Lipman]

From: "Ross M. Greenberg" <[email protected]>

| Well, the alternate method did remove the annoying graphic! Thank you!
|
| But the ability to select new wallpaper is still disabled. Any suggestions?
|
| Thanks!
|


Download SmitFraud.exe from the URL --
http://www.ik-cs.com/programs/virtools/SmitFraud.exe

Execute; SmitFraud.exe { Note: You must accept the default of C:\McAfee }
Choose; Unzip
Choose; Close

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to enable WGET.EXE to download the needed McAfee related files.

Execute; c:\mcafee\clean.bat
{ or Double-click on 'Clean Link' in c:\mcafee }

A final report in HTML format called C:\mcafee\ScanReport.HTML will be generated. At the
end of the scan, it will be displayed in your browser (Opera, FireFox or Internet Explorer).
It is suggested that you move the report out of c:\mcafee before performing another scan.

Please Copy and Paste the contents of the HTML Log file; C:\mcafee\ScanReport.HTML in your
reply.

* * * Please report back your results * * *

 

[Ross M. Greenberg]

Alas, the report never came up. But the problem is fixed!

A zillion thanks, Mr. Lipman!!

Ross

 

[David H. Lipman]

From: "Ross M. Greenberg" <[email protected]>

| Alas, the report never came up. But the problem is fixed!
|
| A zillion thanks, Mr. Lipman!!
|
| Ross

Ross:

I am glad to hear that.

BTW: You don't need to be so formal.

 

[Ross M. Greenberg]

David, it wasn't a matter of formality. It was a matter of respect.

Ross

 

[David H. Lipman]

From: "Ross M. Greenberg" <[email protected]>

| David, it wasn't a matter of formality. It was a matter of respect.
|
| Ross

I appreciate that Ross but it isn't necessary.

However, thank you for it !

 

[Ross M. Greenberg]

David, now that it's cleared up, whatinhell actually happened?

 

[Malke]

David, now that it's cleared up, whatinhell actually happened?

I'm not David, but I don't think he'll mind if I give you some links:

http://www.wilderssecurity.com/showthread.php?t=27971 - So How Did I Get
Infected Anyway?
http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction
http://www.aumha.org/a/parasite.htm - The Parasite Fight
http://www.claymania.com/safe-hex.html
http://www.spywarewarrior.com/rogue_anti-spyware.htm

Malke

 

[David H. Lipman]

From: "Ross M. Greenberg" <[email protected]>

| David, now that it's cleared up, whatinhell actually happened?
|

Hi Ross:

MVP Malke gave you some resources.

Basically you got hit with one or more Trojans. The objective is to get you to buy and use
rogue anti spyware applications. The objective is to infect your PC, notify of your
infection and then limit you ability to undo what was done by the Trojan. These user
limitations are done via Local and Group policies.

The utility I suggested does three things. The first is that it is hard coded to remove
this kind of malware. The second step is to implement the McAfee command line scanner to
apply heuristic and signature based malware detection and removal for those items not hard
coded. The final step is to undo those Local and Group policy limiting factors.