Removed trojan - can't change some display settings now

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

I recently removed SpySheriff from my pc. It would not allow task manager or
changes to some of the display settings. I got task manager back but cannot
get display settings back. This is affecting desktop, screensaver, and
appearance. How do I get control of these display settings back? Thanks for
any help or advice.
 
EManning said:
I recently removed SpySheriff from my pc. It would not allow task
manager or
changes to some of the display settings. I got task manager back but
cannot
get display settings back. This is affecting desktop, screensaver,
and
appearance. How do I get control of these display settings back?
Thanks for any help or advice.
Click to expand...

If you can't enable desktop backgrounds after a virus, MVP Kelly Theriot
has a fix. Look under Wallpaper-Desktop-Disable Changing here:

http://www.kellys-korner-xp.com/xp_w.htm

If Display tabs are missing, run Kelly's registry edit on line 285,
right-hand side "Restore all display tabs".

Malke
 
From: "EManning" <[email protected]>

| I recently removed SpySheriff from my pc. It would not allow task manager or
| changes to some of the display settings. I got task manager back but cannot
| get display settings back. This is affecting desktop, screensaver, and
| appearance. How do I get control of these display settings back? Thanks for
| any help or advice.

Two part reply..

Perform Part 1 and then perform Part 2.

Use the alternate if the first two parts are ineffective...
Note: Alternate only for Win2K, WinXP and Win2003 Server

Part 1
-----------

Use noahdfear's SmitFraud and SpyAxe removal tool -- SmitRem.exe
http://noahdfear.geekstogo.com/click counter/click.php?id=1

http://www.bleepingcomputer.com/forums/topic36868.html


Part 2
-----------

Download SmitFraud.exe from the URL --
http://www.ik-cs.com/programs/virtools/SmitFraud.exe

Execute; SmitFraud.exe { Note: You must accept the default of C:\McAfee }
Choose; Unzip
Choose; Close

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to enable WGET.EXE to download the needed McAfee related files.

Execute; c:\mcafee\clean.bat
{ or Double-click on 'Clean Link' in c:\mcafee }

A final report in HTML format called C:\mcafee\ScanReport.HTML will be generated. At the
end of the scan, it will be displayed in your browser (Opera, FireFox or Internet Explorer).
It is suggested that you move the report out of c:\mcafee before performing another scan.

Alternate:

Secured2K's SpyAxe, PSGuard, Smitfraud, Sinnaka and Alemod removal tool.

http://secured2k.home.comcast.net/tools/AntiPuper.exe

http://forums.mcafeehelp.com/viewtopic.php?t=65072


* * * Please report back your results * * *
 
I tried the above and it did not work. I cannot find
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop in my registry. The other entry is there and is set to zero.
 
EManning said:
I tried the above and it did not work. I cannot find
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop
in my registry. The other entry is there and is set to zero.
Click to expand...

Check to see if these Registry entries exist:

HKCU\Software\Microsoft\Windows\CurrentVersion\GroupPolicyobject\{21A7BE9D-5027-49C1-B6F7-757B707E1C94}User\Software\Policies\Microsoft\Windows\System
If "GroupPolicyRefreshTime" and/or "GroupPolicyRefreshTimeOffset" are
there, then delete them.

HKCU\Software\Policies\Microsoft\Windows\System. If
"GroupPolicyRefreshTime" and/or "GroupPolicyRefreshTimeOffset" are
there, then delete them and then run the reg fix from Kelly's page.

A default wallpaper called wp.bmp may be set in
HKCU\Software\Policies\Microsoft\Windows\System created by the
smitfraud.c virus. Remove that and you will be able to choose different
wallpapers.

Malke
 
Sorry, none of those entries are in my registry.

Malke said:
Check to see if these Registry entries exist:

HKCU\Software\Microsoft\Windows\CurrentVersion\GroupPolicyobject\{21A7BE9D-5027-49C1-B6F7-757B707E1C94}User\Software\Policies\Microsoft\Windows\System
If "GroupPolicyRefreshTime" and/or "GroupPolicyRefreshTimeOffset" are
there, then delete them.

HKCU\Software\Policies\Microsoft\Windows\System. If
"GroupPolicyRefreshTime" and/or "GroupPolicyRefreshTimeOffset" are
there, then delete them and then run the reg fix from Kelly's page.

A default wallpaper called wp.bmp may be set in
HKCU\Software\Policies\Microsoft\Windows\System created by the
smitfraud.c virus. Remove that and you will be able to choose different
wallpapers.

Malke
--
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic!"
MS-MVP Windows - Shell/User
Click to expand...
 
Back
Top