Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Fake Antivirus Software/Desktop Background Change


  • Please log in to reply
No replies to this topic

#1 Jaklyman

Jaklyman

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:02:02 PM

Posted 22 February 2010 - 04:31 AM

So yesterday my friend was surfing a fully legitimate Wiki site and the page was left open without clicking on anything. Maybe an hour later I'm walking by and hear the usual pop-up add crap and to my horror see a crap ton of pop-ups, some fake anti-virus software wanting me to buy it, several balloons informing my I'm infected and need to buy their crap,and my desktop background changed to

"Your System is Infected! System has been stopped due to a serious malfunction. Spyware activity has been detected. It is recommended to use spyware removal tool to prevent data loss. Do not use the computer before all spyware is removed."

My system is Windows XP service pack 3
What I've done so far:
  • First things first I closed down the internet and closed every window
  • Then I ran the anti-virus and spyware tools I had installed (Norton internet Security, Spybot Search and Destroy). Spybot finished first and found about 10 things which it removed and Norton found nothing that Spybot did not.
  • Installed and ran MalwareBytes which found 27 items which it claims to have removed
  • Attempted to restore to a previous version of Windows through system restore but found that my restore points have been wiped out
  • Attempted to start in safe mode but when I try a large list of Windows directory items fly through the screen and then it resets
Of note during this process was my attempts to update Spybot and malwarebytes were prevented.
This Left me with only two obvious problems left, one is the annoyingly green background message and the other is when any browser is open it attempts to direct me to some site.

After much searching through forums on this site and others and attempting many solutions to get Malwarebytes working I succeeded in updating it. The problem now is that after about 5 seconds of scanning it causes a blue screen of death which is too fast to read and resets the computer. This problem has persisted through several reinstalls and attempting everything [post="http://www.bleepingcomputer.com/forums/t/267354/for-those-having-trouble-running-malwarebytes-anti-malware/"]Here[/post]. Also this is now occurring when attempting to scan with Spybot as well.
As a recent result after several blue-screens while attempting the above workarounds for malwarebytes the background image has stopped loading and I now get the "Active Desktop Recovery" screen. Also of interest is my original desktop background is loaded each time I re-boot but it quickly changes to the desktop recovery screen. Lastly when I was running rkill.exe the background would flash back to my original desktop for a few seconds as if the malware is gone but seems to quickly reassert itself.
Having run out of forum solutions to try and at the end of my rope I'm posting here in the hope of a solution short of reformatting and reinstalling Windows.
I have all the logs from Spybot, Malwarebytes, and Rkill and can transcribe them at your request.
Thank you.

Edited by Jaklyman, 22 February 2010 - 05:11 AM.


BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users