• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Desktop Hijacked

S

sjgmoney

Senior member
Trying to help my buddy clean up his computer (by phone, not easy) and we seem to have gotten all the spyware/adware crap off of there but his desktop has been hijacked by a black screen, a web-page like screen that says some message about "you've got spyware, click here to remove, blah, blah blah". We keep changing his desktop/background image but it won't "stick" and none of the spyware removal programs (Adaware, Spybot S&D, Microsoft Anti SPyware) are getting rid of it.

I had him do search of his files looking for suspicius desktop folders/files, only thing out of place was something called "addesktop". Anybody know what this is? I googled it but it seems to be some legitimate business and doesn't seem to show up on any spyware lists.

Thanks for the help in advance.
 
It is a certain policy you can set in Windows XP/2K. Trying going into Admin Tools and look for the security policies... Us guys at work always use it to fubar one another systems over.
 
Try this: scan.txt. Save the text file, get the scanner and unzip it, reboot into SAFE MODE and run the scanner as the text file directs.
 
Try this at least: http://securityresponse.symantec.com/

Click on Check for Security Risks a free service offered by symantec.

I think I saw a really good deal on their AV software on fatwallet.com

If you don't want to pay for AV software download AVAST for free an run and if necessary run again in safe mode.

more sw picks here:

Antivirus Avast

Firewall ZoneAlarm

Spyware Prevention Spybot S&D

Spyware Removal Hijack This

Cookies AdAware

Registry Cleaner RegSeeker

Backup SyncBack
 
oh and at the very least delete the file your background uses ...black is prefereable to a message from satan!
 
This describes where you need to look in the registry to get the all of the display tabs back which will then allow you to change the desktop background.

Link
 
No, I know what this is. The spyware runs a webpage in the background somehow, OVER the actual background. When you first boot into Windows you'll see your background for a split-second before the spyware process starts up.

Boot into safe mode and do a complete top-bottom check for EVERYTHING.

- Microsoft Antispyware
- Spybot S&D
- Ad-Aware SE
- AntiVirus (check here for free AV)
 
I had the same thing happend on my pc. Look in your system processes and if you see msole32.dll or msole32.exe that is the problem. Do a search for this and delete anything that is msole32.* also do a search in the registry and delete and thing with msole32.* in the key. Hope this helps.
 
The other thing you can do to try to disable it is to look in the startup folder and in msconfig so that the program doesn't run at startup. That might at least get you your desktop back until you can figure out how to get rid of it.

-Tom
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top