Malware and Virus RemovalProblems removing malware/viruses? Get help from our Malware removal experts.
Mission Statement
WindowsBBS is an online community dedicated to easily accessible technical support for those using Microsoft operating systems and other Windows software.
Our goal is to become the leading resource for computer users that require assistance with their day-to-day computer usage, including full support for networking PC's, virus & malware removal, system upgrades and general support questions.
I clicked on a link to a nude photo for "Angelina Jolie"
The following day,when I started the computer,the Desktop Background had been replaced with a "Your Computer Has a Virus,Please Clean your Computer" [blue background,yellow/black lettering]...
I immediately scanned the computer with Avast anti-virus,wich found two files that it put into the 'Safe Area'following the scan.
However,on and off,the computer goes into ScreenSaver mode. I typically dont have the Screensaver in use.This ScreenSaver shows erroneous errors,that could not be taking place.At least for now that is what I think it is since,I do not understand how a program can just 'run'without someplace on the computer to do so.
I later figured this must be a ScreenSaver. So then- the Display Properties,The "Desktop " tab,and "ScreenSaver"tabs are missing. I cannot change what is being shown on the computer at my Desktop. Or 'Change The Background'howebeit,there is still the individual file option that will set the Background.
If I right click to 'Show the Desktop',the option to do so does not work.
At present am scanning with Online,House Call.(Trend Micro).Dont know the extent of what is /has been done to computer from clicking this .avi.exe file as I did. Suggestions would be helpful. Dont have programming expertise below the interface.
Im under the impression that I will have to replace some files,but I dont know wich. Or replace the video driver files. Going on to Scan the hardrive/defrag. Since the two files found for/from the Avast Antivirus- were also in the Systems 'Restore'file. Since removed.
Have computer with ScreenSaver..perhaps. Will Travel.
Didn't find the information you thought to find? Check out these Similar Threads
This may not be a ScreenSaver. However.. I know that.. If the 'error message/-era maybe avi.com comes on...
I can..
er-a..usually..use 'Esc' key - or any other key to bring up the Windows Screen Desktop.
If I watch the thing run,too long.,this does not work so ...easily.. esc key.
I'm pretty sure that I have several video driver files damage. And maybe the ACPI(power) problems comming on,as a direct result of some damaged System Files,. Or more stooge lunacy from the aspects of the virus program.
Seems the more I let it run,the more difficult it is to get the Desktop back up. Still running the House Call (Trend Micro). Have not Defragged the Hardrive. Yet. Would like to run System File Checker.
XP SP3...machine.
Last edited by KaleidiScope; 31st July 2008 at 09:00.
Ran Avast Antivirus..found two files wich are locked up. Others were deleted when found.
Ran Spybot Search&Destroy .Innoculated Explorer.
.Stopped program after 5 hours of slow going.
Ran online version of Trend Micros ..Housecall. 2 hours slow going.
-Discovered Tabbs missing within Display Properties (ScreenSaver,and Appearance).
Rolled Video Driver Back to previous version.
Rolled Video Driver Forward (Using Microsofts UPdate)
- no change to Display panels.
Also found interesting reference Microsofts KNowledge base concerning running System File
Checker (with only the Restore option using re-installing the Op.Sys.)
+Creating a New User Account on My Computer.
+Ran System File Checker* Following doing this,for another angle.
*the specific command I found in XP Home Edition Cowart&Kittel page 875
...it did not run until a new Start-up.
**curious as to the differences between this and what Windows Update
may now see.
Result,..on the new user account,the Display Panel Tabs are back
User Icons are Displayed along with Desktop
-set sufficient power settings.
.....................Reading Your Post.....
Switching over to previous user account.With a Restart.
->This User: The Display Panel Tabs are still gone.
no access to the Desktop icons.Previously Hidden.
Run Hijack This
Run Deckards...
Note:Creating Restore Points this Computer is not advisable (restore points).
They are disabled for a reason ! These system files must be taking a beating,
with all these scans.As noted above,I have/had done several things previous
to Running Hijack This,and Deckards.The removed files via Avast Antivirus
are available for upload to Trend Micro if needed.
Creating a new User Account,Seemed (so far)to enable a running system.Intend
to run System File Checker,on This User Account.Also- XP Home Edition does
not have much control of User/User policies.With only two different Account
Types.
I:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe"
*was a program from a 'Trial Version',that insists on being part of the system.!
B)**** Declined By Poster. Thanks.
Comment:I'm posting this against my better judgement. With the disclaimer that the
'composition of its components are those of the poster.Illegal uses of the
information is prohibited.<KaleidiScope>
Deckard's System Scanner v20071014.68
Run by Mr. Mike on 2008-07-31 04:31:52
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
System Restore is disabled; attempting to re-enable...success.
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as Mr. Mike.exe) --------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:38:55 AM, on 7/31/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Hi KaleidiScope
First I have a question and some requests.
Is the I drive the one that was infected? I ask because normally the main Drive is C or sometimes D.
Next, You will need to run any tools while logged onto the user account that was first infected.
Please open Notepad and uncheck Word Wrap, it is found in the format tab.
dss.exe needs to be on your Desktop, not in a folder on the desktop or any other location The Green icon needs to be showing on the desktop.
Now please do this in the order given.
** dss.exe must be on the desktop for the following command to work. **
Highlight and copy the bolded command below.
"%userprofile%\desktop\dss.exe" /daft
Click Start>Run and paste the command in the run box, then hit enter.
An interface of Deckards file association fix will open.
Click Scan.
Check the box next to the following, then click Fix.
.cpl
Exit when complete.
Now this.
Download Malwarebytes' Anti-Malware (MBAM) from here or here and save the file to your desktop.
Double click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select 'Perform Quick Scan', then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note below)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Post the entire report in your next reply along with a fresh HijackThis log.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
posting at your site is hit and miss 5:08 pm...got limitations to using two users. Considering the south bridge on a KT7 does not multi-task that well. Nor the applications ..Zone Alarm,Avast etc. Turn them on ,turn them off. (I might just say I'm jumping off the south bridge .With a Q9450 someday).
Wont be able to post for a couple of days till I get some more time. Thanks for help.
Yeah I dont have a desktop..No Icons are available. To Do this !
As for backing up ,or turning on Restore Points. I usually have one,and one only. On a 6+ Drive/partitioned system. Problem being a Dual Boot machine/Fat32 - were while using Applications (and File System) Registry,and
Applications (saved files settings) ..I do not want to mesh.
+Think I will first: +Defrag the drive/Delete the User.
+Scan the Registry on a New User. And Migrate the settings to the new user.
Something such as this. When I return to use the Tools you showed me,. I will be doing a different user on the same machine. Need some schooling on how to run User Policies. Yet on a Home Edition machine,....
We'll have to agree to disagree on Backing Up an Infected set of information. Depends a lot on your setup.
note:The Screen Saver wich runs when switching between users...this may be a problem for securities sake. As well in addition it is a problem on a 1/8 operating machine such as mine still using a 200Mhz bus for sure.
Try Castigating from the hardware side....and PS: I'm listening. Will use your post very carefully. Sorry couldn't do that just now.
Last edited by KaleidiScope; 1st August 2008 at 03:41.
Reason: Sorry about ''next',adjacent. No DSS,or MBAM post info.
Hi KaleidiScope
If you are unwilling to do things in the order given, and no more than required to complete those instructions, I will be unable to assist you.
There's no way I'll be able to tell what you have or have not done and what the consequences of the changes you make may be, when telling you to run the tools I ask you to run.
You do what you feel you need to do, then after you have done all you feel you need to do, then come back if you still require help.
Hi KaleidiScope
If you are unwilling to do things in the order given, and no more than required to complete those instructions, I will be unable to assist you.
There's no way I'll be able to tell what you have or have not done and what the consequences of the changes you make may be, when telling you to run the tools I ask you to run.
You do what you feel you need to do, then after you have done all you feel you need to do, then come back if you still require help.
Geri
Lets See..was no way to look at the desktop. However through Files/Folder could negotiate
seeing them.
DSS..exe did not want to start.Had to delete it. Then,download the file a second attempt.
Malware Bytes..the Updater - ..did not update. However with the larger application running,
simply updated it.Then run the program.
Desktop Right Click Menu- returned.
Desktop Icons - returned.
Holding for any of the error messages.Shown below deleted.
Will still run Defrag,System File checker.
Interesting. Groovy.
Note:Same disclaimer here as previous post. Composition of these files and stuctures are those of the poster <KaleidiScope>***.Illegal use of its contents are prohibited.
***Declined by poster.Thanks.
Results..Found two malware "Trojan Fake Alerts" (.bmp,and .scr).
Converted Original Wall Paper,Converted Wall Paper,
Screensaver.exe
Should I worry about "O24 - Desktop Component 0: (no name) - (no file)"?
Files Infected:
I:\WINDOWS\system32\phcv4kj0e1ga.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\blphcv4kj0e1ga.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Hijack This Fresh Log.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:20:26 PM, on 7/31/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Will use your post very carefully. Sorry couldn't do that just now.
