Desktop Hijacked

sjgmoney

Senior member
Apr 28, 2004
219
0
0
Trying to help my buddy clean up his computer (by phone, not easy) and we seem to have gotten all the spyware/adware crap off of there but his desktop has been hijacked by a black screen, a web-page like screen that says some message about "you've got spyware, click here to remove, blah, blah blah". We keep changing his desktop/background image but it won't "stick" and none of the spyware removal programs (Adaware, Spybot S&D, Microsoft Anti SPyware) are getting rid of it.

I had him do search of his files looking for suspicius desktop folders/files, only thing out of place was something called "addesktop". Anybody know what this is? I googled it but it seems to be some legitimate business and doesn't seem to show up on any spyware lists.

Thanks for the help in advance.
 

ArchAngel777

Diamond Member
Dec 24, 2000
5,223
61
91
It is a certain policy you can set in Windows XP/2K. Trying going into Admin Tools and look for the security policies... Us guys at work always use it to fubar one another systems over.
 

mechBgon

Super Moderator<br>Elite Member
Oct 31, 1999
30,699
1
0
Try this: scan.txt. Save the text file, get the scanner and unzip it, reboot into SAFE MODE and run the scanner as the text file directs.
 

WookE

Member
Nov 8, 2004
71
0
0
Try this at least: http://securityresponse.symantec.com/

Click on Check for Security Risks a free service offered by symantec.

I think I saw a really good deal on their AV software on fatwallet.com

If you don't want to pay for AV software download AVAST for free an run and if necessary run again in safe mode.

more sw picks here:

Antivirus Avast

Firewall ZoneAlarm

Spyware Prevention Spybot S&D

Spyware Removal Hijack This

Cookies AdAware

Registry Cleaner RegSeeker

Backup SyncBack
 

WookE

Member
Nov 8, 2004
71
0
0
oh and at the very least delete the file your background uses ...black is prefereable to a message from satan!
 

redbeard1

Diamond Member
Dec 12, 2001
3,006
0
0
This describes where you need to look in the registry to get the all of the display tabs back which will then allow you to change the desktop background.

Link
 

Bona Fide

Banned
Jun 21, 2005
1,901
0
0
No, I know what this is. The spyware runs a webpage in the background somehow, OVER the actual background. When you first boot into Windows you'll see your background for a split-second before the spyware process starts up.

Boot into safe mode and do a complete top-bottom check for EVERYTHING.

- Microsoft Antispyware
- Spybot S&D
- Ad-Aware SE
- AntiVirus (check here for free AV)
 

Oifish

Senior member
Dec 21, 2003
465
1
81
I had the same thing happend on my pc. Look in your system processes and if you see msole32.dll or msole32.exe that is the problem. Do a search for this and delete anything that is msole32.* also do a search in the registry and delete and thing with msole32.* in the key. Hope this helps.
 

Soccer55

Golden Member
Jul 9, 2000
1,660
4
81
The other thing you can do to try to disable it is to look in the startup folder and in msconfig so that the program doesn't run at startup. That might at least get you your desktop back until you can figure out how to get rid of it.

-Tom