Jump to content

Featured Replies

Posted

More: http://msmvps.com/blogs/spywaresucks/archive/2008/07/24/1641982.aspx

 

PA Bear [MS MVP] wrote:

> The machine remains infected (i.e., ZLOB/Vundo/SDBot, all protected by a

> rootkit) and you've got a lot more work to do (unless you wipe & reload).

>

> cf.

> http://msmvps.com/blogs/harrywaldron/archive/2008/07/16/united-parcel-service-fake-email-for-package-non-delivery.aspx

>

> Unexplained computer behavior may be caused by deceptive software

> http://support.microsoft.com/kb/827315

>

> Run a /thorough/ check for hijackware, including posting your hijackthis

> log

> to an appropriate forum.

>

> Checking for/Help with Hijackware

> http://aumha.org/a/parasite.htm

> http://aumha.org/a/quickfix.htm

> http://aumha.net/viewtopic.php?t=5878

> http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction

> http://mvps.org/winhelp2002/unwanted.htm

> http://inetexplorer.mvps.org/data/prevention.htm

> http://inetexplorer.mvps.org/tshoot.html

> http://www.mvps.org/sramesh2k/Malware_Defence.htm

> http://defendingyourmachine2.blogspot.com/

> http://www.elephantboycomputers.com/page2.html#Removing_Malware

>

> When all else fails, HijackThis v2.0.2

> (http://aumha.org/downloads/hijackthis.exe) is the preferred tool to use

> (in

> conjuction with some other utilities). HijackThis will NOT fix anything

> on

> its own, but it will help you to both identify and remove any

> hijackware/spyware with assistance from an expert. **Post your log to

> http://aumha.net/viewforum.php?f=30,

> http://forums.spybot.info/forumdisplay.php?f=22,

> http://castlecops.com/forum67.html, or other appropriate forums for review

> by an expert in such matters, not here.**

>

> If the procedures look too complex - and there is no shame in admitting

> this

> isn't your cup of tea - take the machine to a local, reputable and

> independent (i.e., not BigBoxStoreUSA or Geek Squad) computer repair shop.

>

> Maurice wrote:

>> One of my users managed to open a spoof email supposedly from UPS which

>> unleashed a trojan - some sort of fake virus warning. I managed to remove

>> the virus which has installed a .bmp file as the desktop image but then

>> managed to turn off a couple of the tabs on desktop properties.

>>

>> When you fire up desk.cpl in Control Panel there are only three tabs:

>>

>> Themes

>> Appearance

>> Settings

>>

>> two missing ones:

>> Desktop

>> ScreenSaver

>>

>> So now I can't reset desktop images or set screensaver properties.

>>

>> I looked in Local Security Policies but couldn't find anything obvious

>> there

>> and can't seem to find a config file for desk.cpl which could have been

>> altered.

>>

>> If anyone has any ideas on where to look I'd be much obliged.

>>

>>

>>

>> ps If you come across any virus writers please kill them.

>>

>> Thanks

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...