Posted July 25, 200816 yr More: http://msmvps.com/blogs/spywaresucks/archive/2008/07/24/1641982.aspx PA Bear [MS MVP] wrote: > The machine remains infected (i.e., ZLOB/Vundo/SDBot, all protected by a > rootkit) and you've got a lot more work to do (unless you wipe & reload). > > cf. > http://msmvps.com/blogs/harrywaldron/archive/2008/07/16/united-parcel-service-fake-email-for-package-non-delivery.aspx > > Unexplained computer behavior may be caused by deceptive software > http://support.microsoft.com/kb/827315 > > Run a /thorough/ check for hijackware, including posting your hijackthis > log > to an appropriate forum. > > Checking for/Help with Hijackware > http://aumha.org/a/parasite.htm > http://aumha.org/a/quickfix.htm > http://aumha.net/viewtopic.php?t=5878 > http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction > http://mvps.org/winhelp2002/unwanted.htm > http://inetexplorer.mvps.org/data/prevention.htm > http://inetexplorer.mvps.org/tshoot.html > http://www.mvps.org/sramesh2k/Malware_Defence.htm > http://defendingyourmachine2.blogspot.com/ > http://www.elephantboycomputers.com/page2.html#Removing_Malware > > When all else fails, HijackThis v2.0.2 > (http://aumha.org/downloads/hijackthis.exe) is the preferred tool to use > (in > conjuction with some other utilities). HijackThis will NOT fix anything > on > its own, but it will help you to both identify and remove any > hijackware/spyware with assistance from an expert. **Post your log to > http://aumha.net/viewforum.php?f=30, > http://forums.spybot.info/forumdisplay.php?f=22, > http://castlecops.com/forum67.html, or other appropriate forums for review > by an expert in such matters, not here.** > > If the procedures look too complex - and there is no shame in admitting > this > isn't your cup of tea - take the machine to a local, reputable and > independent (i.e., not BigBoxStoreUSA or Geek Squad) computer repair shop. > > Maurice wrote: >> One of my users managed to open a spoof email supposedly from UPS which >> unleashed a trojan - some sort of fake virus warning. I managed to remove >> the virus which has installed a .bmp file as the desktop image but then >> managed to turn off a couple of the tabs on desktop properties. >> >> When you fire up desk.cpl in Control Panel there are only three tabs: >> >> Themes >> Appearance >> Settings >> >> two missing ones: >> Desktop >> ScreenSaver >> >> So now I can't reset desktop images or set screensaver properties. >> >> I looked in Local Security Policies but couldn't find anything obvious >> there >> and can't seem to find a config file for desk.cpl which could have been >> altered. >> >> If anyone has any ideas on where to look I'd be much obliged. >> >> >> >> ps If you come across any virus writers please kill them. >> >> Thanks
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.