Hijacked Desktop - Quick Question

I seem to have the same problem as this guy:

http://forums.majorgeeks.com/showthread.php?t=35345

Originally, the problem was that I had a big black notice covering my desktop, saying my computer was infected, etc., then I went through and did the whole "How to: Spyware, Trojan and Virus Removal" guide from here. It seemed to clean things up. But now what was one the message on my desktop is now just an alternative White/beige screen.

I can change my wallpaper and underneath my taskbar I can see tha wallpaper has changed, but it is like this white screen is overlayed on top of it.

When right-click on the white screen it says file is "not available" and it's listed as "file://C:\WINDOWS\Web\desktop.html" though that file doesn't seem to exist (and I'm showing hidden files).

The fix that I linked to above said to go to --->display properties,desktop, customize desktop,web. But I don't have a "web" tab in customize desktop.

Any suggestions? I can run an HJT log and I can also paste the source of the white screen if it is of any use. But perhaps there is a simple fix I'm overlooking.

Anyway, thanks much in advance.

 

By the way, it appears that going to display - customize desktop - web tab seems to be the solution.

See this link: http://computing.net/security/wwwboard/forum/12432.html

But the problem is I don't even have the web tab that they are referring to. I'm on XP just like them, but it's missing I guess.

 

Download HijackThis 1.99.1

Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the ZIP file as your backups will not be safely stored.

Before running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

Run HijackThis and save your log file.

Post your log as an ATTACHMENT to your next post. (Do NOT copy/paste the log into your post as it will be removed).

Need help with HJT? See this thread: NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

 

Hi,

Thanks for the response! I just attached the HJT log.

Looks like there might be a few problems, but what the heck do I know.

Thanks again.
Darren

 

BTW, someone at another forum suggested I download and run smitfraud.reg from this link:
http://www.bleepingcomputer.com/files/reg/smitfraud.reg

. . . to get the proper desktop control tabs back. Is that sound advice?

 

Hello,

I ran smitfraud.reg and got my desktop back to normal. I also did a few HJT fixes as recommended by a friend. Here is a new HJT Log. Please disregard the last one.

Thanks very much!

 

Please look in Add or Remove Programs for the following and Uninstall them if found:

Security iGuard

Security iGuard is on a list of rogue antispyware programs. For more information, see the thread below.

http://www.spywarewarrior.com/rogue_anti-spyware.htm



Please boot into Safe Mode with the Viewing of Hidden Files & Folders Enabled



Now scan with HijackThis and Check the Boxes for the following:

Make sure All Browser Windows are Closed when you Click FIX.

O4 - HKLM\..\Run: [MNPol] c:\windows\system32\mnpol.exe /nocomm
O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe
O4 - HKCU\..\Run: [ZeroAds] 0

O9 - Extra button: Microsoft AntiSpyware helper - {CF3C8327-5717-4FCC-AC5C-09AF30AA406F} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {CF3C8327-5717-4FCC-AC5C-09AF30AA406F} - (no file) (HKCU)

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/095ac4b672da54807a02/netzip/RdxIE601.cab

Again, make sure All Browser Windows are Closed when you Click FIX.

NOW:
Navigate to and DELETE the following if they should remain:

C:\Program Files\Security iGuard ←–– Delete this whole folder if it exist!

C:\WINDOWS\System32\mnpol.exe

NEXT:
Run CCleaner and Spybot S&D and have Spybot fix what it finds.
Note: Dont forget to update Spybot S&D by selecting "Search For Updates"

Then, as an added precaution, Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.


Reboot to Normal Windows , Scan with HijackThis and attach the new log.
Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now.

Good Luck!

 

Hey thanks so much.

I did what you said. I acually got rid of zeroads anyway, and it did not show up on HJT.

Here is the new HJT Log. What do you think.

Thanks again!

 

I think your HJT log is now clean

Now,you must surf into Windows Updates and get updated. You need to install Service Pack 2 for best protection.

Are you having any further problems?

 

Wow. Thanks. Things seem to be fine.

What would you suggest for me to best keep it this way? I don't have an antivirus prog - I just use trendmicro, RAV and a couple other online scans.

I also now have spybot, spywareBlaster, adaware, etc.

Is there a bets practice for keeping the wolves at bay?

Thanks very much for your insight!

 

No, I would suggest that at all. You need a up-to-date antivirus and firewall. For more information on programs see the below thread.

How to Protect yourself from malware!