Jump to content

I have a virus

Guest Bsmith0776

By Guest Bsmith0776
in Windows XP

 Share

Recommended Posts

Guest Bsmith0776

Guest Bsmith0776

Posted
Posted

I have a virus. My desktop is white with "Active Desktop Recovery" which

when I hit "Restore my Active Desktop" I get the message "an error occured in

the script". Plus my start menu is gone. When I hit start, the right side is

blank plus "programs" is gone. I ran Ad-Aware and AVG and this cleaned up a

lot of the pop ups but with my desktop icons gone and unable to go through

"programs", I am unable to access needed programs.

 

Any help in getting me back to normal will be appreciated.

 

 

 

 

I can see them on my Start menu anymore. PLus there is this Desktop pic of

"Buy Privacy Protection Service now" with the Url Link with it. When i tried

to right click my properties on my desktop it says

 

 

Im able to access My Document via a shortcut. But my C: is not accessible. I

will try to scan my comp for a 2nd time but can u guys tell me anything about

my situation ( if u ever heard of a problem like this)?

 

 

--

Bsmith0776

  • Replies 8
  • Created
  • Last Reply

Popular Days

Popular Days

Guest Oahuyahoo

Guest Oahuyahoo

Posted
Posted

RE: I have a virus

 

I always try to do a system restore if possible. It's the only way to get

all of it.

 

"Bsmith0776" wrote:

> I have a virus. My desktop is white with "Active Desktop Recovery" which

> when I hit "Restore my Active Desktop" I get the message "an error occured in

> the script". Plus my start menu is gone. When I hit start, the right side is

> blank plus "programs" is gone. I ran Ad-Aware and AVG and this cleaned up a

> lot of the pop ups but with my desktop icons gone and unable to go through

> "programs", I am unable to access needed programs.

>

> Any help in getting me back to normal will be appreciated.

>

>

>

>

> I can see them on my Start menu anymore. PLus there is this Desktop pic of

> "Buy Privacy Protection Service now" with the Url Link with it. When i tried

> to right click my properties on my desktop it says

>

>

> Im able to access My Document via a shortcut. But my C: is not accessible. I

> will try to scan my comp for a 2nd time but can u guys tell me anything about

> my situation ( if u ever heard of a problem like this)?

>

>

> --

> Bsmith0776

Guest Anteaus

Guest Anteaus

Posted
Posted

RE: I have a virus

 

Chances are this isn't a virus but a fraudulent antivirus program. Probably

the "Antivirus 2008 Online Security Scanner" or a variant thereof. It uses

the active desktop to simulate virus warnings.

 

Go to http://malwarebytes.org and download the rogue-program removal tool.

 

"Bsmith0776" wrote:

> I have a virus. My desktop is white with "Active Desktop Recovery" which

> when I hit "Restore my Active Desktop" I get the message "an error occured in

> the script". Plus my start menu is gone. When I hit start, the right side is

> blank plus "programs" is gone. I ran Ad-Aware and AVG and this cleaned up a

> lot of the pop ups but with my desktop icons gone and unable to go through

> "programs", I am unable to access needed programs.

>

> Any help in getting me back to normal will be appreciated.

>

>

>

>

> I can see them on my Start menu anymore. PLus there is this Desktop pic of

> "Buy Privacy Protection Service now" with the Url Link with it. When i tried

> to right click my properties on my desktop it says

>

>

> Im able to access My Document via a shortcut. But my C: is not accessible. I

> will try to scan my comp for a 2nd time but can u guys tell me anything about

> my situation ( if u ever heard of a problem like this)?

>

>

> --

> Bsmith0776

Guest fvghjk

Guest fvghjk

Posted
Posted

Re: I have a virus

 

a system restore will fix it- if you can't access it the usual way

hit "system recovery" during startup

 

On Sun, 7 Sep 2008 22:01:01 -0700, Anteaus

<Anteaus@discussions.microsoft.com> wrote:

>Chances are this isn't a virus but a fraudulent antivirus program. Probably

>the "Antivirus 2008 Online Security Scanner" or a variant thereof. It uses

>the active desktop to simulate virus warnings.

>

>Go to http://malwarebytes.org and download the rogue-program removal tool.

>

>"Bsmith0776" wrote:

>

>> I have a virus. My desktop is white with "Active Desktop Recovery" which

>> when I hit "Restore my Active Desktop" I get the message "an error occured in

>> the script". Plus my start menu is gone. When I hit start, the right side is

>> blank plus "programs" is gone. I ran Ad-Aware and AVG and this cleaned up a

>> lot of the pop ups but with my desktop icons gone and unable to go through

>> "programs", I am unable to access needed programs.

>>

>> Any help in getting me back to normal will be appreciated.

>>

>>

>>

>>

>> I can see them on my Start menu anymore. PLus there is this Desktop pic of

>> "Buy Privacy Protection Service now" with the Url Link with it. When i tried

>> to right click my properties on my desktop it says

>>

>>

>> Im able to access My Document via a shortcut. But my C: is not accessible. I

>> will try to scan my comp for a 2nd time but can u guys tell me anything about

>> my situation ( if u ever heard of a problem like this)?

>>

>>

>> --

>> Bsmith0776

Guest nass

Guest nass

Posted
Posted

RE: I have a virus

 

 

 

"Bsmith0776" wrote:

> I have a virus. My desktop is white with "Active Desktop Recovery" which

> when I hit "Restore my Active Desktop" I get the message "an error occured in

> the script". Plus my start menu is gone. When I hit start, the right side is

> blank plus "programs" is gone. I ran Ad-Aware and AVG and this cleaned up a

> lot of the pop ups but with my desktop icons gone and unable to go through

> "programs", I am unable to access needed programs.

>

> Any help in getting me back to normal will be appreciated.

>

>

>

>

> I can see them on my Start menu anymore. PLus there is this Desktop pic of

> "Buy Privacy Protection Service now" with the Url Link with it. When i tried

> to right click my properties on my desktop it says

>

>

> Im able to access My Document via a shortcut. But my C: is not accessible. I

> will try to scan my comp for a 2nd time but can u guys tell me anything about

> my situation ( if u ever heard of a problem like this)?

>

>

> --

> Bsmith0776

 

 

I think you got SpyFalcon removal or Vundo Variants on your Machine!

Note you can Try Systenm Restore from safe Mode and then try to remove the

infection.

 

 

right-click an empty area on the desktop, point to Active Desktop, and then

click View As Web Page to clear the check mark.

 

Or right click the desktop and select properties >> On the display

properties click on Desktop Tab then customize Desktop Button then on Web Tab

and make sure the check box for this is unchecked:

[ ] My Cureent Home Page

 

And the Lock Desktop Items is unchecked too!

 

In the registry open a run command and type in :

regedit.exe click [OK] Locate these Keys and change the Value of the

NoActiveDesktop to (0) to disable it:

 

[-]HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer =

Value Name: NoActiveDesktop

Data Type: REG_DWORD (DWORD Value)

Value Data: (0 = disable restriction, 1 = enable restriction)

 

 

[-]HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer =

Value Name: NoActiveDesktop

Data Type: REG_DWORD (DWORD Value)

Value Data: (0 = disable restriction, 1 = enable restriction)

 

Close the Registry Editor and then perofrom these cleaning steps:

 

1... Click start >> Control Panel >> Double Click Network and Internet

Connections >> Double click Internet Options, on the IE Properties window

you will see these Options:

General | Security | Privacy | Content | Connections | Programs

| Advanced .

 

Click on General Tab (1st Tab on the left) and you will see a Button called

[ Clear History ..] click on it to clear your History caches, then click on

[Delete Files..] to delete Internet Files created over the time, click on [

Delete Cookies...] to delete your cookies left by visiting websites.

 

Click on Connections tab then click LAN Settings Button, there make sure

nothing checked.

 

= Then try to Disable the Add-Ons on your Browser somehow installed on your

browser, On how to disable the Add-ons follow this:

Click on Programs Tab and then click the Manage Add-Ons Button there Disable

the None/Not Verified Plug-ins/Add-ons ( you need to Renable them one-by-one

later and see which is the culprit .

How to manage Add-Ons:

http://support.microsoft.com/kb/883256

 

Click on Advanced Tab and scroll down under the browsing option and uncheck

this box:

[&] Browsing

[ ] Enable Third-Party browser extensions (Req Rest)

and click Apply then [OK] to close the IE properties

 

Scan for malware from here:

SuperAntispyware - Free

http://www.superantispyware.com/superantispywarefreevspro.html

RootkitRevealer v1.71

By Bryce Cogswell and Mark Russinovich

http://www.microsoft.com/technet/sysinternals/Security/RootkitRevealer.mspx

BlackLight™ Rootkit Elimination

http://www.f-secure.com/news/items/news_2005030701.shtml

Comodo BOClean : Anti-Malware Version 4.27

http://www.comodo.com/boclean/boclean.html

 

Run a scan from here on-line:

http://security.symantec.com/sscv6/default.asp?langid=ie&venid=sym

http://www3.ca.com/securityadvisor/virusinfo/scan.aspx

Download Avast Cleaner (offline scanner) from here:

http://www.avast.com/eng/avast-virus-cleaner.html

 

download Hijackthis and send me the log.

(http://www.trendsecure.com/portal/en-US/threat_analytics/hijackthis.php)

Send me copy to my address is : to_you_ross(at remove this and repalce with

the

obvious)yahoo.co.uk

 

( _ is underscore)

HTH

nass

--

http://www.nasstec.co.uk

Guest PA Bear [MS MVP]

Guest PA Bear [MS MVP]

Posted
Posted

Re: I have a virus

 

Your infection is similar to this one:

http://aumha.net/viewtopic.php?f=30&t=35970 (very new "XP Antivirus"

variant).

 

NB: Do NOT follow any of the instructions given in this thread! Start your

own thread in an appropriate forum!

 

Unexplained computer behavior may be caused by deceptive software

http://support.microsoft.com/kb/827315

 

Run a /thorough/ check for hijackware, including posting your hijackthis log

to an appropriate forum.

 

Checking for/Help with Hijackware

http://aumha.org/a/parasite.htm

http://aumha.org/a/quickfix.htm

http://aumha.net/viewtopic.php?t=5878

http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction

http://mvps.org/winhelp2002/unwanted.htm

http://inetexplorer.mvps.org/data/prevention.htm

http://inetexplorer.mvps.org/tshoot.html

http://www.mvps.org/sramesh2k/Malware_Defence.htm

http://defendingyourmachine2.blogspot.com/

http://www.elephantboycomputers.com/page2.html#Removing_Malware

 

When all else fails, HijackThis v2.0.2

(http://aumha.org/downloads/hijackthis.exe) is the preferred tool to use (in

conjuction with some other utilities). HijackThis will NOT fix anything on

its own, but it will help you to both identify and remove any

hijackware/spyware with assistance from an expert. **Post your log to

http://aumha.net/viewforum.php?f=30,

http://forums.spybot.info/forumdisplay.php?f=22,

http://castlecops.com/forum67.html, or other appropriate forums for review

by an expert in such matters, not here.**

 

If the procedures look too complex - and there is no shame in admitting this

isn't your cup of tea - take the machine to a local, reputable and

independent (i.e., not BigBoxStoreUSA or Geek Squad) computer repair shop.

--

~Robear Dyer (PA Bear)

MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002

AumHa VSOP & Admin http://aumha.net

DTS-L http://dts-l.net/

 

 

Bsmith0776 wrote:

> I have a virus. My desktop is white with "Active Desktop Recovery" which

> when I hit "Restore my Active Desktop" I get the message "an error occured

> in the script". Plus my start menu is gone. When I hit start, the right

> side is blank plus "programs" is gone. I ran Ad-Aware and AVG and this

> cleaned up a lot of the pop ups but with my desktop icons gone and unable

> to go through "programs", I am unable to access needed programs.

>

> Any help in getting me back to normal will be appreciated.

>

> I can see them on my Start menu anymore. PLus there is this Desktop pic

> of

> "Buy Privacy Protection Service now" with the Url Link with it. When i

> tried

> to right click my properties on my desktop it says

>

>

> Im able to access My Document via a shortcut. But my C: is not accessible.

> I

> will try to scan my comp for a 2nd time but can u guys tell me anything

> about my situation ( if u ever heard of a problem like this)?

Guest David H. Lipman

Guest David H. Lipman

Posted
Posted

Re: I have a virus

 

From: "fvghjk" <akiww@hotmail.com>

 

| a system restore will fix it- if you can't access it the usual way

| hit "system recovery" during startup

 

That is only an assumption.

 

There are *many* kinds of malware that will disable or corrupt the System Restore service.

 

--

Dave

http://www.claymania.com/removal-trojan-adware.html

Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

Guest David H. Lipman

Guest David H. Lipman

Posted
Posted

Re: I have a virus

 

From: "Oahuyahoo" <Oahuyahoo@discussions.microsoft.com>

 

| I always try to do a system restore if possible. It's the only way to get

| all of it.

 

No, that is NOT true.

 

As I stated in another part of this thread...

There are *many* kinds of malware that will disable or corrupt the System Restore service.

 

 

--

Dave

http://www.claymania.com/removal-trojan-adware.html

Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

Guest David H. Lipman

Guest David H. Lipman

Posted
Posted

Re: I have a virus

 

From: "PA Bear [MS MVP]" <PABearMVP@gmail.com>

 

| Your infection is similar to this one:

| http://aumha.net/viewtopic.php?f=30&t=35970 (very new "XP Antivirus"

| variant).

 

NB:: Do NOT follow any of the instructions given in this thread! Start your

| own thread in an appropriate forum!

 

I second this !

 

 

--

Dave

http://www.claymania.com/removal-trojan-adware.html

Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

 Share
Go to topic listing
×
×
  • Create New...