David H. Lipman said:From: "Ted_E_Bear" <[email protected]>
| I have received a notice on my desktop stating "Your system is infected with
| spyware" . Does anyone know how to clear the message from the desktop?
| --
| Ted
For non-viral malware...
Please download, install and update the following software...
Ad-aware SE v1.06
http://www.lavasoft.de/
http://www.lavasoftusa.com/
SpyBot Search and Destroy v1.4
http://security.kolla.de/
After the software is updated, I suggest scanning the system in Safe Mode.
I also suggest downloading, installing and updating BHODemon for any Browser Helper Objects
that may be on the PC.
BHODemon
http://www.definitivesolutions.com/bhodemon.htm
For viral malware...
Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe
It is a self-extracting ZIP file that contains the Kixtart Script Interpreter {
http://kixtart.org Kixtart is CareWare } 4 batch files, 6 Kixtart scripts, one Link
(.LNK) file, a PDF instruction file and two utilities; UNZIP.EXE and WGET.EXE. It will
simplify the process of using; Sophos, Trend, Kaspersky and McAfee Anti Virus Command
Line Scanners to remove viruses, Trojans and various other malware.
C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.
You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.
When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file.
To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close
Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }
NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.
* * * Please report back your results * * *
David said:From: "Ted_E_Bear" (e-mail address removed)
| Hi David. Thanks for responding. I have deleted all of the infections
and
| re-ran the scanner software and the infections are gone but I am left
with
| the screen under my icons on the desktop which states that "Spyware
| Infection. The system is infected with spyware etc." It has
overwritten my
| blue background with the message and I can not get rid of it. I am
unable to
| change backgrounds.
|
Copy and paste the below text between the dashes (--------------) and
save it as a file on
the desktop called; FixReg.REG
Double Click on the FixReg.REG file and allow the contents to be merged
into your Registry.
NOTE: It is possible that one or more lines may get "wrapped" and for
teh REG file to
worlk, the lines will need to be unwrapped in the .REG file.
--------------
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Start_EnableDragDrop"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet
Explorer\Desktop\General]
"WallpaperFileTime"=-
"WallpaperLocalFileTime"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoDispAppearancePage"=-
"Wallpaper"=-
"WallpaperStyle"=-
"NoDispBackgroundPage"=-
"DisableRegistryTools"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoActiveDesktopChanges"=-
"ForceActiveDesktopOn"=-
"NoSaveSettings"=dword:00000000
"NoChangeStartMenu"=dword:00000000
"NoSetTaskbar"=dword:00000000
"NoStartMenuSubFolders"=dword:00000000
"NoStartMenuMFUprogramsList"=dword:00000000
"NoStartMenuMorePrograms"=dword:00000000
"NoToolbarsOnTaskbar"=dword:00000000
[HKEY_CURRENT_USER\Control Panel\Desktop]
"Wallpaper"=-
"WallpaperStyle"=-
[HKEY_CURRENT_USER\Control Panel\Colors]
"Background"="0 78 152"
David H. Lipman said:From: "Ted_E_Bear" <[email protected]>
| I have received a notice on my desktop stating "Your system is infected with
| spyware" . Does anyone know how to clear the message from the desktop?
| --
| Ted
For non-viral malware...
Please download, install and update the following software...
Ad-aware SE v1.06
http://www.lavasoft.de/
http://www.lavasoftusa.com/
SpyBot Search and Destroy v1.4
http://security.kolla.de/
After the software is updated, I suggest scanning the system in Safe Mode.
I also suggest downloading, installing and updating BHODemon for any Browser Helper Objects
that may be on the PC.
BHODemon
http://www.definitivesolutions.com/bhodemon.htm
For viral malware...
Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe
It is a self-extracting ZIP file that contains the Kixtart Script Interpreter {
http://kixtart.org Kixtart is CareWare } 4 batch files, 6 Kixtart scripts, one Link
(.LNK) file, a PDF instruction file and two utilities; UNZIP.EXE and WGET.EXE. It will
simplify the process of using; Sophos, Trend, Kaspersky and McAfee Anti Virus Command
Line Scanners to remove viruses, Trojans and various other malware.
C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.
You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.
When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file.
To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close
Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }
NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.
* * * Please report back your results * * *
Rooster said:I'm at my wit's end. If been fighting this d**n Spyware Strike for 2 days
and I've tried everything I've found on here and nothing seems to be working.
Here's what I've tried that I can remember...
Ad-Aware
SpyBot Search and Destroy
SmithFraud
SmithRem
Multi_AV
and about a half a million combinations of everything above. Everything is
up to date,.. I've followed every different set of instructions i could find
on here and frankly, for the number of freakin hours I've put into it, i
might as well have just reloaded windows. Any body have any new ideas before
I wipe the hard drive?
David H. Lipman said:From: "Ted_E_Bear" <[email protected]>
| I have received a notice on my desktop stating "Your system is infected with
| spyware" . Does anyone know how to clear the message from the desktop?
| --
| Ted
For non-viral malware...
Please download, install and update the following software...
Ad-aware SE v1.06
http://www.lavasoft.de/
http://www.lavasoftusa.com/
SpyBot Search and Destroy v1.4
http://security.kolla.de/
After the software is updated, I suggest scanning the system in Safe Mode.
I also suggest downloading, installing and updating BHODemon for any Browser Helper Objects
that may be on the PC.
BHODemon
http://www.definitivesolutions.com/bhodemon.htm
For viral malware...
Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe
It is a self-extracting ZIP file that contains the Kixtart Script Interpreter {
http://kixtart.org Kixtart is CareWare } 4 batch files, 6 Kixtart scripts, one Link
(.LNK) file, a PDF instruction file and two utilities; UNZIP.EXE and WGET.EXE. It will
simplify the process of using; Sophos, Trend, Kaspersky and McAfee Anti Virus Command
Line Scanners to remove viruses, Trojans and various other malware.
C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.
You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.
When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file.
To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close
Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }
NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.
* * * Please report back your results * * *