No Desktop tab in props dialbox w2k

Status
Not open for further replies.
S

sknowonweb

Journeyman
Hello,
I m now using win 2000 professional with avast antivirus. Now my computer shows a desktop image which says its a ad which warns me to download some s/w to sweep my computer from spies. I try to change the Backgrounf of the PC and found no Desktop tab. I think its a job of ome respectable Adware and run a full sys scan . Avast says the PC is clean. can any body help me sort this problem .
A link in the back ground directs me to //top adware reviews.com. where i find only commercial info.
 
OP
S

sknowonweb

Journeyman
Supporting images for above post

*img2.postimage.org/192069/err2.jpg
The above one is in my desktop background

*img2.postimage.org/192070/err.jpg
This is my propertie dialo g box.

Please help me out pals[/img]
 
S

sakumar79

Technomancer
Avast wont find spyware, it only detects viruses. Donwload a couple of antispyware tools such as Adaware and Spybot Search and Destroy. Install them and update them with latest definitions. Run them in safe mode...
Then, download HijackThis and post its log (that you can obtain by running the software) in the forum so that we can verify if there is anything else left.

After being sure that the spyware is gone, you can get back the background tab by opening regedit and navigating to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
Look for the entry named NoDispBackgroundPage and either delete it or set its value to 0.

Arun
 
OP
S

sknowonweb

Journeyman
hijac this log

thanks pal:spybot and ad aware almost rectifies my system , i think ihave posted the correct log file : verify it.


Logfile of HijackThis v1.99.1
Scan saved at 4:20:39 AM, on 1/8/2006
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP2 (5.00.2920.0000)

Running processes:
F:\WINNT\System32\smss.exe
F:\WINNT\system32\winlogon.exe
F:\WINNT\system32\services.exe
F:\WINNT\system32\lsass.exe
F:\WINNT\system32\svchost.exe
F:\WINNT\system32\spoolsv.exe
F:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
F:\Program Files\Alwil Software\Avast4\ashServ.exe
F:\WINNT\System32\svchost.exe
F:\WINNT\system32\regsvc.exe
F:\WINNT\system32\MSTask.exe
F:\WINNT\Explorer.EXE
F:\WINNT\System32\igfxtray.exe
F:\WINNT\System32\hkcmd.exe
F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
F:\Program Files\Analog Devices\SoundMAX\Smtray.exe
F:\WINNT\batserv2.exe
F:\WINNT\system32\shdocie.exe
F:\Program Files\Tavultesoft\Keyman-thamizha\keyman.exe
F:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
F:\Program Files\Alwil Software\Avast4\ashWebSv.exe
F:\WINNT\System32\sysc.exe
C:\Program Files\FireFox\firefox.exe
C:\Program Files\FlashGet\JetCar.exe
F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
F:\Documents and Settings\Administrator\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://shdocie.dll/blank.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [IgfxTray] F:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] F:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [avast!] F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Smapp] F:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BatSrv] F:\WINNT\batserv2.exe
O4 - HKLM\..\Run: [FA Page] F:\WINNT\system32\shdocie.exe home
O4 - HKLM\..\Run: [Zone Labs Client] F:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [keyman.exe-thamizha] F:\Program Files\Tavultesoft\Keyman-thamizha\keyman.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O12 - Plugin for .swf: F:\Program Files\Internet Explorer\PLUGINS\NPSWF32.dll
O20 - Winlogon Notify: igfxcui - F:\WINNT\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: nwprovau - F:\WINNT\SYSTEM32\nwprovau.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - F:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - F:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - F:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - F:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - F:\WINNT\System32\dmadmin.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - F:\WINNT\system32\ZONELABS\vsmon.exe
 
alib_i

alib_i

Cyborg Agent
Check following two entries in HijackThis .. and fix them.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://shdocie.dll/blank.html

O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)

-----
alibi
 
swatkat

swatkat

Technomancer
Re: hijac this log

Hi,
Download KillBox, extract it to your desktop.


Download and install Ewido Security Suite v3.5. After download, double click on the file to launch the install process. During installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu". Launch ewido, the program will prompt you to update - click the "OK" button. On the left side of the main screen, click on "Update" and then click "Start Update". After updating, exit from Ewido.


Right-click on this link and selecet "Save Target As" (or "Save Link As") and save the file with the default file name (Default filename would be Smitfraud.reg).


Boot in Safe Mode.


Run HijackThis and click Do only a System scan.
Then put a check mark infront of below listed entries:-

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://shdocie.dll/blank.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O4 - HKLM\..\Run: [BatSrv] F:\WINNT\batserv2.exe
O4 - HKLM\..\Run: [FA Page] F:\WINNT\system32\shdocie.exe home

Close all other open programs except Hijackthis and click the button Fix Checked in HijackThis.


Double-click on the SmitFraud.reg file and click "Yes" to merge it to Registry.

Run Ewido, click on the "Scanner" button in the left menu, then click on the "Settings", here select the option "Scan every file" and click "OK". Next, click "Complete System Scan" button to start scan. If ewido finds anything, it will pop up a notification. You can select "Clean" and check the boxes "Perform action with all infections" and "Create encrypted backup" before clicking on OK.


Open Killbox.exe. Check the following box:-

Delete on Reboot

Highlight all the entries in the quote box below and then Copy them.
F:\WINNT\batserv2.exe
F:\WINNT\system32\shdocie.exe
F:\WINNT\System32\sysc.exe
Click to expand...
Then in Killbox click File > Paste from Clipboard.

At this point the "All Files" button should be enabled so you can click it. Click the "All Files" button.

Then click the Red X button and for the confirmation message that will appear, you will need to click "Yes".

A second message will ask to Reboot now? you will need to click "Yes" to allow the reboot.

Note: Killbox will let you know if a file does not exist.

If you have any issues with this method you can copy and paste the lines one at a time into the killbox top box. Then click the "Single File" button. Then click the Red X and for the confirmation message that will appear, you will need to click Yes. A second message will ask to Reboot now? you will need to click No until the last one at which time you click yes to allow the reboot.


Reboot to Normal Mode. Run HijackThis again, click Do a System scan and save log, and post the fresh log.
 
Status
Not open for further replies.
Top Bottom