Re: Trojan
From: Doug Knox MS-MVP (dknox_at_mvps.org)
Date: 05/17/05
- Next message: terry_at_terryking.us: "Using XP-Pro firewall to prevent MP3 downloads??"
- Previous message: Ramesh: "Unknown account"
- In reply to: Teri: "Re: Trojan"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 17 May 2005 00:46:14 -0400
You're welcome :-)
-- Doug Knox, MS-MVP Windows Media Center\Windows Powered Smart Display\Security Win 95/98/Me/XP Tweaks and Fixes http://www.dougknox.com -------------------------------- Per user Group Policy Restrictions for XP Home and XP Pro http://www.dougknox.com/xp/utils/xp_securityconsole.htm -------------------------------- Please reply only to the newsgroup so all may benefit. Unsolicited e-mail is not answered. "Teri" <Teri@discussions.microsoft.com> wrote in message news:D1620EB4-A93E-4740-AE27-6C1476A6B8BC@microsoft.com... > Sorry about that, I think I got in too big of a hurry to cure the problem. I > do go back and follow your instructions to the letter and it worked. Thank > you > > "Doug Knox MS-MVP" wrote: > >> That's why I didn't recommend deleting anything, I said change them from 1 to 0, if they existed. >> >> The values you mention in HKLM are not in the key I originally said to check. They are in: >> >> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system >> >> Not >> >> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer >> >> The Policies\Explorer key may not exist on your system. Its just a good idea to check because some values are machine wide settings if they're in HKLM, and per user if they're in HKCU. >> >> -- >> Doug Knox, MS-MVP Windows Media Center\Windows Powered Smart Display\Security >> Win 95/98/Me/XP Tweaks and Fixes >> http://www.dougknox.com >> -------------------------------- >> Per user Group Policy Restrictions for XP Home and XP Pro >> http://www.dougknox.com/xp/utils/xp_securityconsole.htm >> -------------------------------- >> Please reply only to the newsgroup so all may benefit. >> Unsolicited e-mail is not answered. >> >> "Teri" <Teri@discussions.microsoft.com> wrote in message news:ED489893-D909-4FA4-9ACF-F92D7F970EB1@microsoft.com... >> > It is an active desktop item and at the same time it came up my screen went >> > to a blue background and 20 new advertising icons appeared on my desktop. >> > Now I do not have an option of restoring my active desktop although I'm not >> > sure I ever did in XP. >> > I went to regedit and in HKCU it had ( nodisplayappearancepage, >> > nodisplaybackgroundpage, and wallpaperstyle). There was one other one which >> > I deleted immediately (I should have written it down) but I remembered seeing >> > it on every site I had been to about this trojan something about wp.bmp. >> > On HKLM it showed (dontdisplaylastusername, legalnoticecaption, >> > legalnoticetext, shutdownwithoutlogon, undockwithlogon). I think I need a >> > little guidance on this before I start deleting everything >> > >> > "Doug Knox MS-MVP" wrote: >> > >> >> I think its an Active Desktop item. >> >> >> >> -- >> >> Doug Knox, MS-MVP Windows Media Center\Windows Powered Smart Display\Security >> >> Win 95/98/Me/XP Tweaks and Fixes >> >> http://www.dougknox.com >> >> -------------------------------- >> >> Per user Group Policy Restrictions for XP Home and XP Pro >> >> http://www.dougknox.com/xp/utils/xp_securityconsole.htm >> >> -------------------------------- >> >> Please reply only to the newsgroup so all may benefit. >> >> Unsolicited e-mail is not answered. >> >> >> >> "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message news:u1WwfdnWFHA.2060@tk2msftngp13.phx.gbl... >> >> > From: "Teri" <Teri@discussions.microsoft.com> >> >> > >> >> > | I have this message right in the center of my screen that says "A fatal error >> >> > | in IE has occured at 0028:C0011E36 in VXD VMM<01> + 00010F36. Error is >> >> > | caused by Trojan-Spy.HTML.Smitfraud.c >> >> > | * System cannot function in normal mode....." >> >> > | I think I have eliminated the Trojan with the help of Panda and Microsoft >> >> > | AntiSpyware BUT the message remains, my favorites folder is empty and in my >> >> > | control panel/DISPLAY I have only 2 tabs which is screen saver and settings. >> >> > | I ran Hijack This and everything there looked normal so what do I do next? >> >> > >> >> > There are anti virus News Groups specifically for this type of discussion. >> >> > >> >> > microsoft.public.scripting.virus.discussion >> >> > microsoft.public.security.virus >> >> > alt.comp.virus >> >> > alt.comp.anti-virus >> >> > >> >> > I am curious as to what generated that error message. MS AS ? Panda ? >> >> > >> >> > Trojan-Spy.HTML.Smitfraud.c >> >> > >> >> > http://www.viruslist.com/en/viruses/encyclopedia?virusid=73615 >> >> > >> >> > >> >> > Dump the contents of the IE Temporary Internet Folder cache (TIF) >> >> > Start --> Settings --> Control Panel --> Internet Options --> Delete Files >> >> > >> >> > Dump the contents of the Mozilla FireFox Cache { if you use FireFox } >> >> > Tools --> Options --> Privacy --> Cache --> Clear >> >> > >> >> > 1) Download the TrendMicro Sysclean Front End >> >> > >> >> > Download the utility SYSCLEAN_FE at the following URL -- >> >> > http://www.ik-cs.com/got-a-virus.htm >> >> > SYSCLEAN_FE automates the download and execution process of the Trend Sysclean Package. >> >> > Direct URL -- >> >> > http://www.ik-cs.com/programs/virtools/Sysclean_FE.exe >> >> > >> >> > >> >> > 2) Download and install Ad-aware SE >> >> > (free personal version v1.05) >> >> > http://www.lavasoftusa.com/ >> >> > Update Ad-aware with the latest definitions and then exit the software. >> >> > >> >> > 3) Execute; SYSCLEAN_FE.EXE >> >> > Choose; Unzip >> >> > Choose; Close >> >> > >> >> > >> >> > Execute; c:\sysclean\SYSCLEAN_FE.BAT >> >> > { or Double-click on 'SYSCLEAN_FE Link' in c:\sysclean } >> >> > when you get to the menu dhoose [1] so you can boot into Safe Mode. >> >> > >> >> > 4) Disable System Restore >> >> > http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm >> >> > >> >> > 5) Reboot your PC into Safe Mode and shutdown as many applications as possible. >> >> > >> >> > 6) Execute; c:\sysclean\SYSCLEAN_FE.BAT >> >> > { or Double-click on 'SYSCLEAN_FE Link' in c:\sysclean } >> >> > Choose [2] on the menu and let SYCLEAN.COM scan your computer. >> >> > when done, execute Ad-aware SE and perform a full scan of your PC and delete >> >> > all objects found. >> >> > >> >> > 7) Restart your PC and perform a "final" Full Scan of your platform >> >> > Execute; c:\sysclean\SYSCLEAN_FE.BAT >> >> > { or Double-click on 'SYSCLEAN_FE Link' in c:\sysclean } >> >> > Choose [2] on the menu and let SYCLEAN.COM scan your computer. >> >> > when done, execute Ad-aware SE and perform a final scan of your PC and delete >> >> > all objects found. >> >> > >> >> > >> >> > 8) Re-enable System Restore and re-apply any System Restore preferences, >> >> > (e.g. HD space to use suggested 400 ~ 600MB), >> >> > >> >> > 9) Reboot your PC. >> >> > >> >> > 10) Create a new Restore point >> >> > >> >> > >> >> > * * * Please report back your results * * * >> >> > >> >> > >> >> > -- >> >> > Dave >> >> > http://www.claymania.com/removal-trojan-adware.html >> >> > http://www.ik-cs.com/got-a-virus.htm >> >> > >> >> > >> >> >>
- Next message: terry_at_terryking.us: "Using XP-Pro firewall to prevent MP3 downloads??"
- Previous message: Ramesh: "Unknown account"
- In reply to: Teri: "Re: Trojan"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
