Bsmith0776 said:
I have a virus. My desktop is white with "Active Desktop Recovery" which
when I hit "Restore my Active Desktop" I get the message "an error occured in
the script". Plus my start menu is gone. When I hit start, the right side is
blank plus "programs" is gone. I ran Ad-Aware and AVG and this cleaned up a
lot of the pop ups but with my desktop icons gone and unable to go through
"programs", I am unable to access needed programs.
Any help in getting me back to normal will be appreciated.
I can see them on my Start menu anymore. PLus there is this Desktop pic of
"Buy Privacy Protection Service now" with the Url Link with it. When i tried
to right click my properties on my desktop it says
Im able to access My Document via a shortcut. But my C: is not accessible. I
will try to scan my comp for a 2nd time but can u guys tell me anything about
my situation ( if u ever heard of a problem like this)?
I think you got SpyFalcon removal or Vundo Variants on your Machine!
Note you can Try Systenm Restore from safe Mode and then try to remove the
infection.
right-click an empty area on the desktop, point to Active Desktop, and then
click View As Web Page to clear the check mark.
Or right click the desktop and select properties >> On the display
properties click on Desktop Tab then customize Desktop Button then on Web Tab
and make sure the check box for this is unchecked:
[ ] My Cureent Home Page
And the Lock Desktop Items is unchecked too!
In the registry open a run command and type in :
regedit.exe click [OK] Locate these Keys and change the Value of the
NoActiveDesktop to (0) to disable it:
[-]HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer =
Value Name: NoActiveDesktop
Data Type: REG_DWORD (DWORD Value)
Value Data: (0 = disable restriction, 1 = enable restriction)
[-]HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer =
Value Name: NoActiveDesktop
Data Type: REG_DWORD (DWORD Value)
Value Data: (0 = disable restriction, 1 = enable restriction)
Close the Registry Editor and then perofrom these cleaning steps:
1... Click start >> Control Panel >> Double Click Network and Internet
Connections >> Double click Internet Options, on the IE Properties window
you will see these Options:
General | Security | Privacy | Content | Connections | Programs
| Advanced .
Click on General Tab (1st Tab on the left) and you will see a Button called
[ Clear History ..] click on it to clear your History caches, then click on
[Delete Files..] to delete Internet Files created over the time, click on [
Delete Cookies...] to delete your cookies left by visiting websites.
Click on Connections tab then click LAN Settings Button, there make sure
nothing checked.
= Then try to Disable the Add-Ons on your Browser somehow installed on your
browser, On how to disable the Add-ons follow this:
Click on Programs Tab and then click the Manage Add-Ons Button there Disable
the None/Not Verified Plug-ins/Add-ons ( you need to Renable them one-by-one
later and see which is the culprit .
How to manage Add-Ons:
http://support.microsoft.com/kb/883256
Click on Advanced Tab and scroll down under the browsing option and uncheck
this box:
[&] Browsing
[ ] Enable Third-Party browser extensions (Req Rest)
and click Apply then [OK] to close the IE properties
Scan for malware from here:
SuperAntispyware - Free
http://www.superantispyware.com/superantispywarefreevspro.html
RootkitRevealer v1.71
By Bryce Cogswell and Mark Russinovich
http://www.microsoft.com/technet/sysinternals/Security/RootkitRevealer.mspx
BlackLightâ„¢ Rootkit Elimination
http://www.f-secure.com/news/items/news_2005030701.shtml
Comodo BOClean : Anti-Malware Version 4.27
http://www.comodo.com/boclean/boclean.html
Run a scan from here on-line:
http://security.symantec.com/sscv6/default.asp?langid=ie&venid=sym
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx
Download Avast Cleaner (offline scanner) from here:
http://www.avast.com/eng/avast-virus-cleaner.html
download Hijackthis and send me the log.
(
http://www.trendsecure.com/portal/en-US/threat_analytics/hijackthis.php)
Send me copy to my address is : to_you_ross(at remove this and repalce with
the
obvious)yahoo.co.uk
( _ is underscore)
HTH
nass