Jump to content


Photo

desktop wallpaper hijacker


  • This topic is locked This topic is locked
7 replies to this topic

#1 tyoneon

tyoneon

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 30 July 2004 - 12:14 AM

My Desktop wallpaper was hijacked some time ago by some nasty ass virus or something. I was unable to access the internet for a couple days due to "re direction". I fixed that. I eliminated all the graphical interruptions to my wallpaper, but I am still left with a "blank" white field that covers my desktop wallpaper picture. I have ran all the necessary programs and am posting my log. PLEASE HELP! I am at a loss. This all originated with the Firggin' "security.html" hijacker/virus. It was a bear, but, I am up and running!

#2 tyoneon

tyoneon

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 30 July 2004 - 12:15 AM

OOPS! LOL! Here is my Log!Logfile of HijackThis v1.97.7
Scan saved at 10:01:23 PM, on 7/29/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Ty\My Documents\Tools\Spyware\HijackThis.exe

O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [appbn32.exe] C:\WINDOWS\appbn32.exe
O4 - HKLM\..\Run: [PCLEPCI] C:\PROGRA~1\PINNAC~1\PPE\PPE.EXE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...8162.9173958333

#3 tyoneon

tyoneon

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 30 July 2004 - 06:53 PM

:huh: Please Help!

#4 tyoneon

tyoneon

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 01 August 2004 - 11:15 PM

Has anyone else had this problem? I humbly plea for help!
Thankyou in advance.

Edited by tyoneon, 01 August 2004 - 11:16 PM.


#5 VashonDude

VashonDude

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 1,255 posts

Posted 01 August 2004 - 11:27 PM

Hi there!

First thing to do is load the latest version (1.98.1) of HijackThis at this location and post a new log. You're using an out-of-date version.

Also, was that the entire log you posted? I noticed it seemed awfully short.

-- LB
Want to help in the fight against malware? Join the SWI boot camp.

#6 RubbeR DuckY

RubbeR DuckY

    Marcin

  • Developer
  • PipPipPipPipPip
  • 878 posts

Posted 01 August 2004 - 11:36 PM

Hey VashonDude sorry to interupt,

tyoneon, Once VashonDude has helped you remove the leftovers. Right click on your desktop, goto properties. Click on the desktop tab and click Customize Desktop. Click on the Web tab. Highlight Security. Click delete.. Then apply. That should patch up your white web page on your desktop problem.

And when i fake installed myself it WAS a bear to remove.
Marcin Kleczynski
Chief Executive Officer
Malwarebytes Corporation

Follow me on Twitter or check out my Blog!

#7 tyoneon

tyoneon

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 05 August 2004 - 12:05 AM

:p Thanks Ducky! God, what a relief. I was beginning to feel incompetent! I had to go through "control panel" and "display properties" to get the fix in. (in case anyone else is having this problem). "right clicking" the background attempted to lacate the missing .html document. Thanks to you too "VashonDude". I didn't realize I was out of date. By the way, is that Vashon Island, WA? I am from Seattle, and my wife works on the Ferries.
Thanks again guys!

#8 dave38

dave38

    Devout Murphyite!

  • Emeritus
  • PipPipPipPipPip
  • 8,508 posts

Posted 27 August 2004 - 02:05 PM

Glad we could help!

If you need this topic reopened, please request this by sending the moderating team an email with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
Be wary of strong drink. It may make you shoot at tax collectors, and miss!
Please support SWI forum




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button