Guest Bsmith0776 Posted September 8, 2008 Posted September 8, 2008 I have a virus. My desktop is white with "Active Desktop Recovery" which when I hit "Restore my Active Desktop" I get the message "an error occured in the script". Plus my start menu is gone. When I hit start, the right side is blank plus "programs" is gone. I ran Ad-Aware and AVG and this cleaned up a lot of the pop ups but with my desktop icons gone and unable to go through "programs", I am unable to access needed programs. Any help in getting me back to normal will be appreciated. I can see them on my Start menu anymore. PLus there is this Desktop pic of "Buy Privacy Protection Service now" with the Url Link with it. When i tried to right click my properties on my desktop it says Im able to access My Document via a shortcut. But my C: is not accessible. I will try to scan my comp for a 2nd time but can u guys tell me anything about my situation ( if u ever heard of a problem like this)? -- Bsmith0776
Guest Oahuyahoo Posted September 8, 2008 Posted September 8, 2008 RE: I have a virus I always try to do a system restore if possible. It's the only way to get all of it. "Bsmith0776" wrote: > I have a virus. My desktop is white with "Active Desktop Recovery" which > when I hit "Restore my Active Desktop" I get the message "an error occured in > the script". Plus my start menu is gone. When I hit start, the right side is > blank plus "programs" is gone. I ran Ad-Aware and AVG and this cleaned up a > lot of the pop ups but with my desktop icons gone and unable to go through > "programs", I am unable to access needed programs. > > Any help in getting me back to normal will be appreciated. > > > > > I can see them on my Start menu anymore. PLus there is this Desktop pic of > "Buy Privacy Protection Service now" with the Url Link with it. When i tried > to right click my properties on my desktop it says > > > Im able to access My Document via a shortcut. But my C: is not accessible. I > will try to scan my comp for a 2nd time but can u guys tell me anything about > my situation ( if u ever heard of a problem like this)? > > > -- > Bsmith0776
Guest Anteaus Posted September 8, 2008 Posted September 8, 2008 RE: I have a virus Chances are this isn't a virus but a fraudulent antivirus program. Probably the "Antivirus 2008 Online Security Scanner" or a variant thereof. It uses the active desktop to simulate virus warnings. Go to http://malwarebytes.org and download the rogue-program removal tool. "Bsmith0776" wrote: > I have a virus. My desktop is white with "Active Desktop Recovery" which > when I hit "Restore my Active Desktop" I get the message "an error occured in > the script". Plus my start menu is gone. When I hit start, the right side is > blank plus "programs" is gone. I ran Ad-Aware and AVG and this cleaned up a > lot of the pop ups but with my desktop icons gone and unable to go through > "programs", I am unable to access needed programs. > > Any help in getting me back to normal will be appreciated. > > > > > I can see them on my Start menu anymore. PLus there is this Desktop pic of > "Buy Privacy Protection Service now" with the Url Link with it. When i tried > to right click my properties on my desktop it says > > > Im able to access My Document via a shortcut. But my C: is not accessible. I > will try to scan my comp for a 2nd time but can u guys tell me anything about > my situation ( if u ever heard of a problem like this)? > > > -- > Bsmith0776
Guest fvghjk Posted September 8, 2008 Posted September 8, 2008 Re: I have a virus a system restore will fix it- if you can't access it the usual way hit "system recovery" during startup On Sun, 7 Sep 2008 22:01:01 -0700, Anteaus <Anteaus@discussions.microsoft.com> wrote: >Chances are this isn't a virus but a fraudulent antivirus program. Probably >the "Antivirus 2008 Online Security Scanner" or a variant thereof. It uses >the active desktop to simulate virus warnings. > >Go to http://malwarebytes.org and download the rogue-program removal tool. > >"Bsmith0776" wrote: > >> I have a virus. My desktop is white with "Active Desktop Recovery" which >> when I hit "Restore my Active Desktop" I get the message "an error occured in >> the script". Plus my start menu is gone. When I hit start, the right side is >> blank plus "programs" is gone. I ran Ad-Aware and AVG and this cleaned up a >> lot of the pop ups but with my desktop icons gone and unable to go through >> "programs", I am unable to access needed programs. >> >> Any help in getting me back to normal will be appreciated. >> >> >> >> >> I can see them on my Start menu anymore. PLus there is this Desktop pic of >> "Buy Privacy Protection Service now" with the Url Link with it. When i tried >> to right click my properties on my desktop it says >> >> >> Im able to access My Document via a shortcut. But my C: is not accessible. I >> will try to scan my comp for a 2nd time but can u guys tell me anything about >> my situation ( if u ever heard of a problem like this)? >> >> >> -- >> Bsmith0776
Guest nass Posted September 8, 2008 Posted September 8, 2008 RE: I have a virus "Bsmith0776" wrote: > I have a virus. My desktop is white with "Active Desktop Recovery" which > when I hit "Restore my Active Desktop" I get the message "an error occured in > the script". Plus my start menu is gone. When I hit start, the right side is > blank plus "programs" is gone. I ran Ad-Aware and AVG and this cleaned up a > lot of the pop ups but with my desktop icons gone and unable to go through > "programs", I am unable to access needed programs. > > Any help in getting me back to normal will be appreciated. > > > > > I can see them on my Start menu anymore. PLus there is this Desktop pic of > "Buy Privacy Protection Service now" with the Url Link with it. When i tried > to right click my properties on my desktop it says > > > Im able to access My Document via a shortcut. But my C: is not accessible. I > will try to scan my comp for a 2nd time but can u guys tell me anything about > my situation ( if u ever heard of a problem like this)? > > > -- > Bsmith0776 I think you got SpyFalcon removal or Vundo Variants on your Machine! Note you can Try Systenm Restore from safe Mode and then try to remove the infection. right-click an empty area on the desktop, point to Active Desktop, and then click View As Web Page to clear the check mark. Or right click the desktop and select properties >> On the display properties click on Desktop Tab then customize Desktop Button then on Web Tab and make sure the check box for this is unchecked: [ ] My Cureent Home Page And the Lock Desktop Items is unchecked too! In the registry open a run command and type in : regedit.exe click [OK] Locate these Keys and change the Value of the NoActiveDesktop to (0) to disable it: [-]HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer = Value Name: NoActiveDesktop Data Type: REG_DWORD (DWORD Value) Value Data: (0 = disable restriction, 1 = enable restriction) [-]HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer = Value Name: NoActiveDesktop Data Type: REG_DWORD (DWORD Value) Value Data: (0 = disable restriction, 1 = enable restriction) Close the Registry Editor and then perofrom these cleaning steps: 1... Click start >> Control Panel >> Double Click Network and Internet Connections >> Double click Internet Options, on the IE Properties window you will see these Options: General | Security | Privacy | Content | Connections | Programs | Advanced . Click on General Tab (1st Tab on the left) and you will see a Button called [ Clear History ..] click on it to clear your History caches, then click on [Delete Files..] to delete Internet Files created over the time, click on [ Delete Cookies...] to delete your cookies left by visiting websites. Click on Connections tab then click LAN Settings Button, there make sure nothing checked. = Then try to Disable the Add-Ons on your Browser somehow installed on your browser, On how to disable the Add-ons follow this: Click on Programs Tab and then click the Manage Add-Ons Button there Disable the None/Not Verified Plug-ins/Add-ons ( you need to Renable them one-by-one later and see which is the culprit . How to manage Add-Ons: http://support.microsoft.com/kb/883256 Click on Advanced Tab and scroll down under the browsing option and uncheck this box: [&] Browsing [ ] Enable Third-Party browser extensions (Req Rest) and click Apply then [OK] to close the IE properties Scan for malware from here: SuperAntispyware - Free http://www.superantispyware.com/superantispywarefreevspro.html RootkitRevealer v1.71 By Bryce Cogswell and Mark Russinovich http://www.microsoft.com/technet/sysinternals/Security/RootkitRevealer.mspx BlackLight™ Rootkit Elimination http://www.f-secure.com/news/items/news_2005030701.shtml Comodo BOClean : Anti-Malware Version 4.27 http://www.comodo.com/boclean/boclean.html Run a scan from here on-line: http://security.symantec.com/sscv6/default.asp?langid=ie&venid=sym http://www3.ca.com/securityadvisor/virusinfo/scan.aspx Download Avast Cleaner (offline scanner) from here: http://www.avast.com/eng/avast-virus-cleaner.html download Hijackthis and send me the log. (http://www.trendsecure.com/portal/en-US/threat_analytics/hijackthis.php) Send me copy to my address is : to_you_ross(at remove this and repalce with the obvious)yahoo.co.uk ( _ is underscore) HTH nass -- http://www.nasstec.co.uk
Guest PA Bear [MS MVP] Posted September 8, 2008 Posted September 8, 2008 Re: I have a virus Your infection is similar to this one: http://aumha.net/viewtopic.php?f=30&t=35970 (very new "XP Antivirus" variant). NB: Do NOT follow any of the instructions given in this thread! Start your own thread in an appropriate forum! Unexplained computer behavior may be caused by deceptive software http://support.microsoft.com/kb/827315 Run a /thorough/ check for hijackware, including posting your hijackthis log to an appropriate forum. Checking for/Help with Hijackware http://aumha.org/a/parasite.htm http://aumha.org/a/quickfix.htm http://aumha.net/viewtopic.php?t=5878 http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction http://mvps.org/winhelp2002/unwanted.htm http://inetexplorer.mvps.org/data/prevention.htm http://inetexplorer.mvps.org/tshoot.html http://www.mvps.org/sramesh2k/Malware_Defence.htm http://defendingyourmachine2.blogspot.com/ http://www.elephantboycomputers.com/page2.html#Removing_Malware When all else fails, HijackThis v2.0.2 (http://aumha.org/downloads/hijackthis.exe) is the preferred tool to use (in conjuction with some other utilities). HijackThis will NOT fix anything on its own, but it will help you to both identify and remove any hijackware/spyware with assistance from an expert. **Post your log to http://aumha.net/viewforum.php?f=30, http://forums.spybot.info/forumdisplay.php?f=22, http://castlecops.com/forum67.html, or other appropriate forums for review by an expert in such matters, not here.** If the procedures look too complex - and there is no shame in admitting this isn't your cup of tea - take the machine to a local, reputable and independent (i.e., not BigBoxStoreUSA or Geek Squad) computer repair shop. -- ~Robear Dyer (PA Bear) MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002 AumHa VSOP & Admin http://aumha.net DTS-L http://dts-l.net/ Bsmith0776 wrote: > I have a virus. My desktop is white with "Active Desktop Recovery" which > when I hit "Restore my Active Desktop" I get the message "an error occured > in the script". Plus my start menu is gone. When I hit start, the right > side is blank plus "programs" is gone. I ran Ad-Aware and AVG and this > cleaned up a lot of the pop ups but with my desktop icons gone and unable > to go through "programs", I am unable to access needed programs. > > Any help in getting me back to normal will be appreciated. > > I can see them on my Start menu anymore. PLus there is this Desktop pic > of > "Buy Privacy Protection Service now" with the Url Link with it. When i > tried > to right click my properties on my desktop it says > > > Im able to access My Document via a shortcut. But my C: is not accessible. > I > will try to scan my comp for a 2nd time but can u guys tell me anything > about my situation ( if u ever heard of a problem like this)?
Guest David H. Lipman Posted September 8, 2008 Posted September 8, 2008 Re: I have a virus From: "fvghjk" <akiww@hotmail.com> | a system restore will fix it- if you can't access it the usual way | hit "system recovery" during startup That is only an assumption. There are *many* kinds of malware that will disable or corrupt the System Restore service. -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
Guest David H. Lipman Posted September 8, 2008 Posted September 8, 2008 Re: I have a virus From: "Oahuyahoo" <Oahuyahoo@discussions.microsoft.com> | I always try to do a system restore if possible. It's the only way to get | all of it. No, that is NOT true. As I stated in another part of this thread... There are *many* kinds of malware that will disable or corrupt the System Restore service. -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
Guest David H. Lipman Posted September 8, 2008 Posted September 8, 2008 Re: I have a virus From: "PA Bear [MS MVP]" <PABearMVP@gmail.com> | Your infection is similar to this one: | http://aumha.net/viewtopic.php?f=30&t=35970 (very new "XP Antivirus" | variant). NB:: Do NOT follow any of the instructions given in this thread! Start your | own thread in an appropriate forum! I second this ! -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
Recommended Posts