Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Bizarre Post-malware Wallpaper Problem


  • Please log in to reply
9 replies to this topic

#1 EFG

EFG

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:50 AM

Posted 21 March 2006 - 04:29 PM

Hi,

I got nailed with some malware which replaced my wallpaper with one of those annoying "You might be infected <etc.> Click here!" messages.

I managed to remove the malware but (1) the upper left corner of my screen is totally white (icons show, but no wallpaper) and (2) every icon is highlit as though I'd "Selected All".

BTW I run Norton and the MS Spyware beta regularly; AdAware occasionally; and just purchased (and ran) Registry Mechanic; the problem persists.

Thanks For Any Help,

EFG

PS Oh yeah -- and whenever I reboot XP tells me that my Norton is turned off ...

-E.

Edited by EFG, 21 March 2006 - 04:30 PM.


BC AdBot (Login to Remove)

 


m

#2 rigel

rigel

    FD-BC


  • BC Advisor
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:08:50 AM

Posted 21 March 2006 - 06:22 PM

Hi EFG and welcome to BleepingComputer!

I have a feeling you may still be seeing the effects of Malware. I would recommend following these steps : Start here . It is a great guide that will lead you to a clean computer. The team members that assist in that process are excellent at what they do.

Good luck

rigel

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. – Will Smith


#3 Enthusiast

Enthusiast

  • Members
  • 5,898 posts
  • OFFLINE
  •  
  • Location:Florida, USA
  • Local time:07:50 AM

Posted 21 March 2006 - 06:37 PM

I have a feeling you haven't fully eradicated the malware infection if those anomalies persist.

Run Adaware and Spybot Search and Destroy from Safe Mode after first updating the definitions on both, and then post a Hijack This log in our HJT Forum.

Ad-Aware SE Personal - freeware
http://www.lavasoft.com/
Click on Adaware SE Personal in “Products” on the left side of the page
Or it may be easier to find it here:
http://fileforum.betanews.com/detail/Adawa...nal/965718306/1


Spybot S&D: http://www.safer-networking.org/en/index.html
Be sure to enable “Teatimer” which gives you realtime protection against malware invasion. (absolutely necessary)


Read the pinned post in our “HijackThis” forum, here
http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/
Carefully read and follow all directions explicitly.

Following instructions run a log, and post it in following HJT forum,
at this link. Include a brief description of your computer (ie, processor, amount of RAM, brand or motherboard, etc, and the problem you are experiencing.)
http://www.bleepingcomputer.com/forums/posthjtlog.html

Do not as yet attempt to fix anything by yourself using Hijack This as even what may seem to be a small mistake can render your op system inoperable.
Some files when in one folder may be fine while in another may be malware.


A member of our HJT Team will analyze your log, make recommendations and offer assistance.

It may take a period of time to get a response to the log you posted because the members of our HJT Team are kept very busy.
Please be patient as this team is manned by volunteers. They will help you in order received as soon as possible.

NOTE
Once you have posted your HJT log, please DO NOT make any additional posts in the HJT forum thread you created until you get a response from a member of our HJT expert team, and do not make any changes to your system (changes, including any attempted repairs, will make it different than displayed in the log you posted and therefore make your log inaccurate).

The first criteria they have when looking for logs that need replies are posts showing 0 replies. If you make an additional post, it will show as having 1 reply.
A team member, looking for a new log to work on might well assume another HJT Team member is already assisting you and might not open the thread to respond.

So, make your post and wait for a response from a team member.

#4 EFG

EFG
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:50 AM

Posted 22 March 2006 - 01:16 PM

Thank you for your fast responses and welcome!

Unfortunately, I tried everything suggested to no effect; I've posted on the "HijackThis Logs And Analysis" forum.

Best,

EFG

Edited by EFG, 22 March 2006 - 01:18 PM.


#5 rigel

rigel

    FD-BC


  • BC Advisor
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:08:50 AM

Posted 22 March 2006 - 02:43 PM

Thanks for posting back EFG. I am curious to find out if your problem is caused by smitfraud. When your problem is fixed, can you please post back.

Thanks,

rigel

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. – Will Smith


#6 Herk

Herk

  • Members
  • 1,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:S.E. Idaho, USA
  • Local time:08:50 AM

Posted 22 March 2006 - 02:58 PM

It's possible that you had an html image on your desktop that, once removed, is still set to run. In other words, the html file may be gone, but the settings for your desktop remain. To check this, right-click on your desktop and choose Properties. Click on the "desktop" tab. Click the button that says "Configure Desktop." Then click on the "Web" tab. You should see an empty checkbox next to "My Current Home Page," or nothing at all. If you have other entries there, they might be your problem. Highlight the entries and click the Delete button.

#7 EFG

EFG
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:50 AM

Posted 22 March 2006 - 03:06 PM

It's possible that you had an html image on your desktop that, once removed, is still set to run. In other words, the html file may be gone, but the settings for your desktop remain. To check this, right-click on your desktop and choose Properties. Click on the "desktop" tab. Click the button that says "Configure Desktop." Then click on the "Web" tab. You should see an empty checkbox next to "My Current Home Page," or nothing at all. If you have other entries there, they might be your problem. Highlight the entries and click the Delete button.



By Jove, that fixed it! There was an extra item checked, which I deleted.

Many, Many Thanks,

EFG

PS/Edit ... Except that the machine still boots with Norton AV disabled ... ???

-E.

Edited by EFG, 22 March 2006 - 03:23 PM.


#8 rigel

rigel

    FD-BC


  • BC Advisor
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:08:50 AM

Posted 22 March 2006 - 04:15 PM

WTG Herk!!!!

EFG...

you still may wish to let the HJT team look at your posting. It won't hurt and you will be sure everything has been cleaned.

Edited by rigel, 22 March 2006 - 04:17 PM.

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. – Will Smith


#9 EFG

EFG
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:50 AM

Posted 22 March 2006 - 04:21 PM

WTG Herk!!!!

EFG...

you still may wish to let the HJT team look at your posting. It won't hurt and you will be sure everything has been cleaned.



Yup, they're on it -- it really is strange; Norton is configured properly (launch on start-up) and the problem appeared exactly with the wallpaper one ... strange ...

Best,

EFG

#10 Enthusiast

Enthusiast

  • Members
  • 5,898 posts
  • OFFLINE
  •  
  • Location:Florida, USA
  • Local time:07:50 AM

Posted 22 March 2006 - 05:26 PM

Spyware is nasty stuff and some is capable of disabling antispyware and antimalware aps.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users