Desktop wallpaper locked on solid color after malware removal

Discussion in 'Software' started by leico, Apr 7, 2008.

  1. leico

    leico Private E-2

    I recently had a brush with some malware, which I've now removed from my laptop. Unfortunately, I can no longer change my desktop wallpaper except for any the 'solid color' choices. I can see the various thumbnails of the windows wallpapers & pictures, but when I select them nothing happens.

    I've been working with someone on the MG malware forum, and he suggested that I now come over here to get help.

    I think something got removed from the registry either during the malware removal (I noticed this first after using combofix), or when I manually removed some of malware associated files.

    Here's a link to my thread on the malware forum, which has all the logs and a history of what I did. http://forums.majorgeeks.com/showthread.php?p=1132671

    BTW I'm running vista home edition on a HP pavillion dv6500 laptop
     
    leico, Apr 7, 2008
    #1
  2. Cat_w_9_lives

    Cat_w_9_lives Major KittyCat

    Cat_w_9_lives, Apr 7, 2008
    #2
  3. leico

    leico Private E-2

    I'd already checked the 'Ease of Access" settings. I downloaded and successfully merged the file in the link you provided, but it didn't help. I still can't change the wallpaper.

    Also, when I try to change the wallpaper, I do NOT receive any type of error message. Whether I double-click the thumbnail or highlight it and click OK, the only thing that happens is the "Choose a desktop" window closes.
     
    leico, Apr 8, 2008
    #3
  4. Cat_w_9_lives

    Cat_w_9_lives Major KittyCat

    Just a shot in the dark, have you tried downloading a new wallpaper to see if that will work?
     
    Cat_w_9_lives, Apr 10, 2008
    #4
  5. leico

    leico Private E-2

    If I find an image online, right-click it and select "set as background" it works okay. However if I download the same exact image to my desktop, right-click it and select "set as background" nothing happens
     
    leico, Apr 11, 2008
    #5
  6. Cat_w_9_lives

    Cat_w_9_lives Major KittyCat

    Hmm don't know if this will help but won't hurt. I had some problems with My Pictures file corrupting, no malware involved. Never found a answer to why...just a temp fix.

    Try making a new folder for your pictures i.e. Pictures 2, move everything except the "sample pictures" (file that came with OS) in the My pictures to the new folder. Then download a new wallpaper to My Pictures and select that, see if it works.
     
    Cat_w_9_lives, Apr 12, 2008
    #6
  7. DavidGP

    DavidGP MajorGeeks Forum Administrator - Grand Pooh-Bah Staff Member

    Hi

    As well as the options Cat gave you above and as your using Vista, its possible that you now have a rouge entry in the registry at this location HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\system so click Start and type regedit in the Start Search box then open regedit, drill down to the end location of System in the registry key I mention above and tell us whats in that folder, if you see a key named Wallpaper then that is likely the culprit and al you need to do is delete it or change its "value" to 0, but do tell us everything thats in that location.


    Also check this one HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop as it should have no entries in it and if any start with "no" then those could be also preventing you from changing the wallpaper, entries I think are added by malware.


    Before deleting anything from the registry its best to create a backup of the folder in which your deleting keys from so right click the System folder and choose Export, and save the file, this way if anything goes wrong you can put the key back.
     
    DavidGP, Apr 13, 2008
    #7
  8. leico

    leico Private E-2

    No joy with this.
     
    leico, Apr 14, 2008
    #8
  9. leico

    leico Private E-2

    This is what I have in the Policies\system folder

    Default REG_SZ (value not set)
    HideLegacyLogonScripts REG_DWORD 0x00000000 (0)
    HideLogoffScripts REG_DWORD 0x00000000 (0)
    HideStartupScripts REG_DWORD 0x00000000 (0)
    RunLogonScriptSync REG_DWORD 0x00000000 (1)
    RunStartupScriptSync REG_DWORD 0x00000000 (1)


    The only thing I have in this folder is
    Default REG_SZ (value not set)

    I searched the registry for "wallpaper" and found most files in the following locations

    HKEY_CURRENT_USER/ControlPanel/Desktop/
    HKEY_CURRENT_USER/Microsoft/Internetexplorer/Desktop/General
    HKEY_CURRENT_USER/Microsoft/Plus!/themes/Apply
    HKEY_CURRENT_USER/wndows/Currentversion/explorer/Wallpaper
    HKEY_CURRENT_USER/wndows/Currentversion/explorer/Wallpapers
    Then last two are actual folders with the file "Default"

    There's also similar entries in the HKEY_USERS
     
    leico, Apr 14, 2008
    #9
  10. DavidGP

    DavidGP MajorGeeks Forum Administrator - Grand Pooh-Bah Staff Member

    Hi

    Not the values I was hoping for sadly, the ones with just Default REG_SZ in them are fine thats normal for an empty reg folder.

    I was hoping for one of many of these,

    nochangingwallpaper
    nohtmlwallpaper
    noaddingcomponents
    nocomponents
    nodeletingcomponents
    noeditingcomponents

    but these ones are different and I will have to check on what these are and do, if it was my PC, I would have backed them up and deleted them all, BUT I have no idea if these are on purpose or not settings.

    Default REG_SZ (value not set)
    HideLegacyLogonScripts REG_DWORD 0x00000000 (0)
    HideLogoffScripts REG_DWORD 0x00000000 (0)
    HideStartupScripts REG_DWORD 0x00000000 (0)
    RunLogonScriptSync REG_DWORD 0x00000000 (1)
    RunStartupScriptSync REG_DWORD 0x00000000 (1)


    and next question is, is this PC a company one which may have had some company policies set by the IT dept or is this your own PC?


    Another area to check is if a policy has been set,

    Check in Group Policy ( click Start and type gpedit.msc in the start search box ) then once opened, goto this location User Configuration > Administrative Templates > Desktop and check that every option in the Desktop folder and its two subfolders ( Dekstop and Active Dessktop ) are all set to "not configured" likely need to reboot if one of these was set to enabled.

    Also click Start > Control Panel > Ease of Access > Ease of Access Control Centre > click the line Make Computer easier to see and if ticked untick Remove background images (where available) apply and save.
     
    DavidGP, Apr 20, 2008
    #10
  11. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    For some unknown reason, ComboFix started adding these about a month ago. I just delete them in the Malware Forum now after running ComboFix. They are not needed.
     
    chaslang, Apr 20, 2008
    #11
  12. DavidGP

    DavidGP MajorGeeks Forum Administrator - Grand Pooh-Bah Staff Member

    Many thanks for that Charlie,


    @leico ~ I would suggest that you delete the below registry keys

    HideLegacyLogonScripts REG_DWORD 0x00000000 (0)
    HideLogoffScripts REG_DWORD 0x00000000 (0)
    HideStartupScripts REG_DWORD 0x00000000 (0)
    RunLogonScriptSync REG_DWORD 0x00000000 (1)
    RunStartupScriptSync REG_DWORD 0x00000000 (1)

    (you can right click the folder they are in and choose export to backup these keys for safety purpose)


    I dont know if this will remove the issue with the wallpaper but do try this and the other couple of suggestions I posted earlier and let us know how you get on?
     
    DavidGP, Apr 20, 2008
    #12
  13. leico

    leico Private E-2

    To back them up, can I just copy them to the desktop or a USB flash drive ? If there's no change to my problem (or if it screws up something else) after rebooting, can I just copy them back to the original registry folder, or do I have 'merge' or 'install' the files

    It's my own PC.

    When I typed gpedit.msc in the start search box, it couldn't find any matches. I made sure the hidden and sysem files were unchecked, but still found nothing

    This was already unchecked.
     
    leico, Apr 20, 2008
    #13
  14. rromero5

    rromero5 Private E-2

    I just had the same issue in XP. What i discovered is that the solid color "wallpaper" is covering your actual wallpaper. Place your mouse courseron the left side of the screen and you should be able to drag this solid color window intil it almost disappears. There will be small white window remaining on the llength of the right side of the screen. You can then put your mouse couser near the top of the white area and you will see the "x" to close it. Once you hit this it is gone and does not come back when you reboot. After you do this, you should be able to change settings in the "display" without any problem

    Hope this helps. I am new to the forum and am not the most technical person, if someone would like to write this in more technical terms that would be great.
     
    rromero5, Apr 23, 2008
    #14
  15. leico

    leico Private E-2

    Thanks for the idea, but unfortunately it didn't work. I think I am going to back up all my files and try re-installing Vista from the HP recovery DVD.

    I'll report back with the outcome

    Thanks for everyone's help.
     
    leico, Apr 25, 2008
    #15

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds