Yikes! My desktop has been invaded.

Just when I thought I was virus free by using Mozilla I have this black advert for Antivirus-Gold invading my desktop. I have all my icons and they work it's just that I have this obnoxious page telling me "You're Infected!". It's a scam coming out of Panama and I don't know how to rid myself of it. Help. I've tried Hijack This but nothing works. What gives?

 

well i did all that was asked of me and the damn thing is still there. i'm wondering if it wouldn't pay for me to just reinstall windows xp. i don't really have anything of worth to be concerned about losing. everything i want i have on back-up disk. whadya think? or should i just trash this hunk-o-junk and go mac? i'm working with a 19month old dell.

 

If you already had "malware" on your machine, just switching to firefox won't prevent the current "malware" to not function.....


I have no idea what you have done on the other forum, but have you turned off system restore?

What about deleting the file within safe mode?

What about righ click on desktop, properties, then select the Desktop tab, select the customize desktop button, then select the web tab, then uncheck any checked boxes?

But, in the end, I think you should give a bit more faith with the guys and gals who work hard in the spyware forums. Give them some time, they will help you out.

 

I agree with "theefool", in that you should have given the members that support the SpyWare Specific section time to get back with you and help you fix your problem(s). They are a hard working bunch, and the help, support, and advice that they give is all done on their time, as it isn't something that they are paid to do! I went back and read your only post in the Spyware Specific section, and see that you failed to follow Kodo's advice.

No offence intended and hope that none is taken, but impatience on a software board like MG's is not a good way to get help.

In answer to your question, yes reformatting your computer will rid you of the problems that you have. But you may have the same problem later in the same day if you don't follow the advice given in the sticky note at the top of the forum page about how to protect yourself from malware!

 

i agree........ lots of people have helped me out in the past on this site and I have told everyone just go to majorgeeks.com if you have a problem! just take your time..these guys give excellent advice!19 month Dell? I got my computer second hand 5 yrs ago and I just keep upgrading it.

 

well, i did everything as directed. i ran all the programs in safe mode. when you suggested to right click on my desktop and then open properties all i got was a "general" tab. there were no other options for me. i can not customize my desktop. where in hell does this stuff come from anyway? we don't visit porn sites and we don't download anything unknown. i've got friends who never get invaded. i feel as though it's a conspiracy against me. am i getting paranoid?

 

When you say you rightclick on my desktop do you rightclick the folder or the empty space on your desktop.And did the guys at spyware give you the clean signal?Does control panel>display not work?

 

You have a total of 10 threads in spyware (dating as far back as last year) and they all indicate you have not followed through with the suggested fixes. If you want to fix this you have to stick with it and follow ALL instructions until they tell you the clean up is complete and your system is clean. If you don't, there is usually something lurking there that will once again make it's presence known and you have to start the clean up process all over again which takes even more of your time and the time of those that are trying to help you.

Moving this thread to Spyware and I suggest you start with the below...complete ALL the steps, give the requested feedback, complete any additional steps that are suggested and stick with the thread until they tell you you're done.

- Run ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal Make sure you check version numbers and get all updates.

- Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.


After doing ALL of the above if you still have a problem:

- Download HijackThis 1.99.1

- Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

- Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file.

- Before running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

- Run HijackThis and save your log file.

- Post your log as an ATTACHMENT to your next message. (Do NOT copy/paste the log into your post).

 

my apologies for what appears to be a waste of your time but i was not aware that one had to maintain the same thread. i can now see how important it is. i will not break the thread. back to my problem, i followed the step-by-step instructions given within this thread and reported back that the problem persists. it seems this demon has managed to disable my norton internet security walls of protection.in fact, i spent most of today with symantec to see if they could resolve the matter. a monstrous waste of time. i will go back over the instructions given, repeat the proceedure and report back.

 

Well, I’m back and the following is my report. I once again followed the procedure as detailed in the thread. This time however, I ran Trend Micro’s online scan with Java (I’m using Firefox) and the following is the report from Trend Micro:

TROJ_KREPPER.AE (3 items) C:\Documents and settings
TROJ_DLOADER (2 items) C:\Documents and settings
BKDR_PP.A (1 item) C:\windows\dnscleaner.exe
TROJ_HOTWORLD.A (3 items) C:\windows\ef.exe
TROJ_QLOWZONES.4 (1 item) C:\windows\inetxxx\1.02.03.dll
TROJ_RQ.A (1 item) C:\windows\inetxxx\services.exe
TROJ_SMALL.DD (1 item) C:\windows\ITSHTA.exe
TROJ_OGOM.A (1 item) C:\windows\systems\BHO mod.dll
TROJ_DLOADER.OH (1 item) C:\windows\loader.dll
TROJ_DROPPER.BS (1 item) C:\windows32\dstart4.exe

I don’t know what to do with these or how to rid myself of them. I then ran AdAware and got a clean bill of health from that scan.
I then ran Spybot and there were 6 entries in DSO EXPLOIT. I fixed them and then returned to regular mode.
Did I do right? Or did I miss something?

 

did you download all the other spyware apps? They all catch different spyware it seems.

 

When you ran the trend micro scan did you put a check mark in the box for it to 'auto clean' anything it found? If not, please run the scan again and let it clean out what it finds. Then move on to the Symantec scan. Please post back and let us know the results, along with the results or any problems encountered with the remaining steps from the read me first where applicable.

 

i'm back to report that the demon is still with me. i've run the following programs and like videogurl says, each one seems to catch different spyware. i ran TREND MICRO PC-cillin and it quaranteed the items i listed previously. in addition to that, i downloaded and ran SPYWARE DOCTOR, STINGER, KILL2ME, ADAWARE SE PERSONAL, HS REMOVER, PC DOC PRO 3.1, REGISTRY MECHANIC, ASWCLNR and NORTON. still this thing persists. I ran them all in regular mode and then in safe mode.