|
| | | New Member
Group: Forum Members
Last Login: 1/3/2005 8:11 PM
Posts: 26, Visits: 1 |
| I had what appears to be a trojan on my system. After launching IE, suddenly my wallpaper was changed along with my startup page, and various other things. After doing a full scan of my system, a couple of Trojans were found, along with some Spyware.
The problem is though even after removing them, I can't change the Wallpaper on my Desktop because there is a tab missing on the Display Properties Window.
Any idea how I can fix this?
Also, the IE Titlebar text has been changed.
Any help appreciated. Thanks. |
| |
| | | 
Senior Forum Advisor
Group: Senior Advisor
Last Login: 12/4/2005 12:31 AM
Posts: 4,743, Visits: 5 |
| Hi Spaceboy,
If you haven't already, please get Spybot S&D to clear out most of the spyware.
Short tutorial and download link here:
http://tomcoyote.org/SPYBOT/
After installing, first press Online, and search for, put a check mark at, and install all updates.
Next, close all Internet Explorer windows, hit 'Check for Problems', and have SpyBot fix everything it labels in red.
When you've done all that, go to
http://www.tomcoyote.org/hjt/
and download 'Hijack This!'.
Unzip, double-click HijackThis.exe, and hit "Scan".
When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log somewhere, load it in Notepad, and copy its contents here.
Most of what it lists will be harmless or even required, so do NOT fix anything yet.
Someone here will be happy to help you analyze the results.
Also , if I remember correctly, the NView/nvidia helper has a setting for this. If you have a Nvidia card, check it.
Cheers
|
| |
| | | New Member
Group: Forum Members
Last Login: 1/3/2005 8:11 PM
Posts: 26, Visits: 1 |
| Logfile of HijackThis v1.95.1
Scan saved at 01:14:32, on 18/07/2003
Platform: Unknown Windows (WinNT 5.02.3790)
MSIE: Internet Explorer v6.00 (6.00.3790.0000)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Sygate\SPF\Smc.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\nvsvc32.exe
C:\Program Files\GeCAD\RAV8 Desktop\ravmon.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\GSICON.EXE
C:\WINNT\system32\dsl*gent.exe
C:\Program Files\GeCAD\RAV8 Desktop\ravtray8.exe
C:\Program Files\Meaya\Popup Ad Filter\PopFilter.exe
C:\Program Files\SpamEater Pro 4\SpamEaterPro.exe
C:\Program Files\Pyrenean\eDexter\eDexter.exe
C:\Program Files\High Mountain Software\SpamEater Pro\Sep.exe
C:\Program Files\Trillian\Trillian.exe
C:\WINNT\Temp\Rar$EX00.834\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/softAdmin.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [Dsl*gENTEXE] dsl*gent.exe USB
O4 - HKLM\..\Run: [RAV8Tray] C:\Program Files\GeCAD\RAV8 Desktop\ravtray8.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\Smc.exe -startgui
O4 - HKCU\..\Run: [Popup Ad Filter] C:\Program Files\Meaya\Popup Ad Filter\PopFilter.exe
O4 - HKCU\..\Run: [SpamEaterPro] "C:\Program Files\SpamEater Pro 4\SpamEaterPro.exe"
O4 - Startup: ravmon.exe.lnk = C:\Program Files\GeCAD\RAV8 Desktop\ravmon.exe
O4 - Startup: Shortcut to eDexter.exe.lnk = C:\Program Files\Pyrenean\eDexter\eDexter.exe
O4 - Startup: Shortcut to Sep.exe.lnk = C:\Program Files\High Mountain Software\SpamEater Pro\Sep.exe
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\Trillian.exe
O8 - Extra context menu item: Download &All using Mass Downloader - C:\Program Files\Mass Downloader\Add_All.htm
O8 - Extra context menu item: Download using &Mass Downloader - C:\Program Files\Mass Downloader\Add_Url.htm
O9 - Extra button: Mass Downloader (HKLM)
O9 - Extra 'Tools' menuitem: &Mass Downloader (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: HiDownload (HKLM)
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {28F00B0F-DC4E-11D3-ABEC-005004A44EEB} (Register Class) - http://content.hiwirenetworks.net/inbrowser/cabfiles/2.5.30/Hiwire.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E5E24CEA-3A2E-4EA4-9623-F1588E105CFE}: NameServer = 195.112.4.4 195.112.4.7 |
| |
| | |
Senior Forum Advisor
Group: Senior Advisor
Last Login: 12/4/2005 12:31 AM
Posts: 4,743, Visits: 5 |
| A couple things Spaceboy.
I can see a couple things in the HT log that could be causing problems with IE, but I would like to wait until Pieter can have a look.
As far as the display tab missing , Click Start, Run and enter REGEDIT Go to:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
Look in the right pane for a value called NoDispBackgroundPage If it
exists, it should read 0 (zero). If not, double click it and change it to
0. If it doesn't exist, right click in a blank area of the right pane and
select New, DWord value. Name it NoDispBackgroundPage and leave it set at
0.
You may need to add the same value and setting to:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System
as well. (from Doug Knox, MS-MVP Windows XP)
OR:
Restore the Desktop and Screensaver Tabs (Line 128)
http://www.kellys-korner-xp.com/xp_tweaks.htm
To use the Regedits: Save the REG File to your hard disk. Double click it
and answer yes to the import prompt. REG files can be viewed in Notepad by
right clicking on the file and selecting Edit.
Please back up your registry first.
Cheers
|
| |
| | | New Member
Group: Forum Members
Last Login: 1/3/2005 8:11 PM
Posts: 26, Visits: 1 |
| | Cheers. That suggestion worked perfectly. I've also managed to fix the IE problem after some searching. |
| |
| | |
Senior Forum Advisor
Group: Senior Advisor
Last Login: 12/4/2005 12:31 AM
Posts: 4,743, Visits: 5 |
| That's good news. 
I had already sent a PM to Metallica, he may drop by early Friday morning.
Cheers
|
| |
| | | 
Forum Security Advisor
Group: Advisor
Last Login: 8/14/2007 12:45 PM
Posts: 263, Visits: 4 |
| Check the following items in HijackThis.
Close all windows except HijackThis and click Fix checked:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
I assume this is something you set yourself?
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/softAdmin.htm
Other than that your log looks fine.
Regards,
Pieter
Madly in anger with spyware
 |
| |
|
|
