Can't identify problem as hoax or real virus -- NEED HELP

[EmonyDax]

Before you start chewing me out, this problem isn't on my machine. I run an
anti-virus program and have a firewall. I'm trying to help my 83-year-old
father-in-law who lives in another state and is running his WinXP
unprotected. The following is a description of what his machine is doing.

On bootup, the desktop is totally black, but does maintain all icons. A
black box, outlined by white dots, sits in the center of the desktop. The
top line is on yellow background and says "Warning!". The second line in on
white background and says "You're in danger!". The main writeup is a lot of
gibberish about spyware and viruses with several misspellings. The last two
lines are on yellow background and say "Secure yourself right now!!" and
"Remove all spyware from your PC!!". On the last line is a grey box which
says "Removal Instructions."

Instead of closing the popup the first time it came up, he clicked on the
"Removal" link which took him to a page that couldn't be found.

Any help you can give would be appreciated.

 

[Ian JP Kenefick]

Before you start chewing me out, this problem isn't on my machine. I run an
anti-virus program and have a firewall. I'm trying to help my 83-year-old
father-in-law who lives in another state and is running his WinXP
unprotected. The following is a description of what his machine is doing.

On bootup, the desktop is totally black, but does maintain all icons. A
black box, outlined by white dots, sits in the center of the desktop. The
top line is on yellow background and says "Warning!". The second line in on
white background and says "You're in danger!". The main writeup is a lot of
gibberish about spyware and viruses with several misspellings. The last two
lines are on yellow background and say "Secure yourself right now!!" and
"Remove all spyware from your PC!!". On the last line is a grey box which
says "Removal Instructions."

Instead of closing the popup the first time it came up, he clicked on the
"Removal" link which took him to a page that couldn't be found.

Any help you can give would be appreciated.

Switch the pop scanning to high compatibility mode

see.. http://www.nod32-av.com/setup/nod32setup.htm

 

[Randy]

Before you start chewing me out, this problem isn't on my machine. I run an
anti-virus program and have a firewall. I'm trying to help my 83-year-old
father-in-law who lives in another state and is running his WinXP
unprotected. The following is a description of what his machine is doing.

On bootup, the desktop is totally black, but does maintain all icons. A
black box, outlined by white dots, sits in the center of the desktop. The
top line is on yellow background and says "Warning!". The second line in on
white background and says "You're in danger!". The main writeup is a lot of
gibberish about spyware and viruses with several misspellings. The last two
lines are on yellow background and say "Secure yourself right now!!" and
"Remove all spyware from your PC!!". On the last line is a grey box which
says "Removal Instructions."

Instead of closing the popup the first time it came up, he clicked on the
"Removal" link which took him to a page that couldn't be found.

Any help you can give would be appreciated.

Got some hits on google.
Maybe this one will help

http://www.sophos.com/virusinfo/analyses/trojfavaddc.html

 

[Larry Sabo]

On bootup, the desktop is totally black, but does maintain all icons. A
black box, outlined by white dots, sits in the center of the desktop. The
top line is on yellow background and says "Warning!". The second line in on
white background and says "You're in danger!". The main writeup is a lot of
gibberish about spyware and viruses with several misspellings. The last two
lines are on yellow background and say "Secure yourself right now!!" and
"Remove all spyware from your PC!!". On the last line is a grey box which
says "Removal Instructions."

Instead of closing the popup the first time it came up, he clicked on the
"Removal" link which took him to a page that couldn't be found.

Any help you can give would be appreciated.

Google has lots of hits on "You're in danger!" Here's the fix from the
Castlecops site...

Click "Start", "Settings", and then click "Control Panel". Open the
"Display" applet.

Click on "Desktop", "Customise Display..." and "Web".

In the box under "Web pages" look for a checkbox named "Security". If
found select it and click "Delete".


Larry

 

[EmonyDax]

I found that same references via a "Geeks to Go" forum. However, my
"Display / Desktop" doesn't have a "Customize Display" on it. I do have
"Customize Desktop", but that link shows nothing involving the web.
The system in question is WinXP Home SP1. I wonder if there's a difference
between it and what other people are using. I would love to get to the
"web" tab/button, because I've discovered that it's the first step of the
overall solution. It gets rid of the black desktop, at least until the next
boot.

The lasting fix, however, requires multiple steps involving Trojan Hunter,
Kaspersky Anti-virus, and HiJackThis. I've written a lengthy email to my
father-in-law with step-by-step instructions up to the point of turning him
over to Geeks to Go for the final implementation. I'm crossing my fingers.

Thank you, Larry for getting involved.

Google has lots of hits on "You're in danger!" Here's the fix from the
Castlecops site...

Click "Start", "Settings", and then click "Control Panel". Open the
"Display" applet.

Click on "Desktop", "Customise Display..." and "Web".

In the box under "Web pages" look for a checkbox named "Security". If
found select it and click "Delete".


Larry

=----

 

[EmonyDax]

The previous post was supposed to reply to Larry, but I accidentally
hilighted my original post before sending. However, I want to thank you all
for your help. That was going to be my next step. oops

 

[Larry Sabo]

Converted to bottom post layout...

I found that same references via a "Geeks to Go" forum. However, my
"Display / Desktop" doesn't have a "Customize Display" on it. I do have
"Customize Desktop", but that link shows nothing involving the web.
The system in question is WinXP Home SP1. I wonder if there's a difference
between it and what other people are using. I would love to get to the
"web" tab/button, because I've discovered that it's the first step of the
overall solution. It gets rid of the black desktop, at least until the next
boot.
....

Thank you, Larry for getting involved.

You're welcome.

I use Win2k; sorry about XP not having a Web tab. On XP, right-click
the desktop and the first tab is Themes. That is where you can track
down reference to Web and the Security theme, IIRC. You could also
search for Security.htm, as I think that's what it uses, but the
extension might be off slightly.

Good luck in any case.

Larry