Desktop has been taken over...



psweeney44
07-09-2005, 11:42 PM
Help! Here is the situation. A friend got a pop-up message saying her pc
had spyware, click here for removal. I think what happened was a program was
downloaded to her pc. Her desktop now has an overlaid page (can't get to
desktop properties), her icons show up but don't execute. The message on her
desktop has the spyware warning, and click here for removal, and clicking
doesn't go anywhere. The overlaying page does not come in in Safe Mode. I
ran Spybot (will only run in Safemode), found lots of spyware, but, booting
up normally still has this overlaying desktop. How can I clear this up? We
used to be able to boot up one command at a time so we could see what is
loading. Is that still available? Thanks for any help!

andy smart
07-09-2005, 11:42 PM
psweeney44 wrote:
> Help! Here is the situation. A friend got a pop-up message saying her pc
> had spyware, click here for removal. I think what happened was a program was
> downloaded to her pc.
Almost certainly

Her desktop now has an overlaid page (can't get to
> desktop properties), her icons show up but don't execute. The message on her
> desktop has the spyware warning, and click here for removal, and clicking
> doesn't go anywhere.

Never click on anything generated by pages like this would be my advice

The overlaying page does not come in in Safe Mode. I
> ran Spybot (will only run in Safemode), found lots of spyware, but, booting
> up normally still has this overlaying desktop. How can I clear this up? We
> used to be able to boot up one command at a time so we could see what is
> loading. Is that still available? Thanks for any help!

Which pieces of spyware is it finding?

Boot it into safe mode and run Sypbot again - and make sure you tell it
to remove the spyware it finds. Then do the same with AdAware (I think
it will run fine in safemode) to make sure. Dump the temporary Internet
files. Run a very thoughrough AV scan on the machine too.

You might need to run some more powerful anti-spyware software like
Hijack This. There is a dedicated anti-spyware newsgroup
(alt.privacy.spyware) where you will get aditional advice too

Patti MacLeod
07-09-2005, 11:42 PM
Hi psweeney44,

Your friend's PC might be infected with the trojan that TrendMicro calls
TROJ_DLOAD.H:
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ%5FDLOAD%2EH&VSect=T
If so, here is a detailed fix that was provided by Lawrence Abrams, MS MVP
Windows-Security:
http://www.bleepingcomputer.com/forums/How_to_remove_the_Smitfraud_or_Wpexe_WindowsFY-t17258.html



Regards,

--
Patti MacLeod
Microsoft MVP - Windows Shell/User

"psweeney44" <psweeney44@discussions.microsoft.com> wrote in message
news:B3E0B5F2-0DC1-49AB-AB5E-A94AB477A8EA@microsoft.com...
> Help! Here is the situation. A friend got a pop-up message saying her pc
> had spyware, click here for removal. I think what happened was a program
was
> downloaded to her pc. Her desktop now has an overlaid page (can't get to
> desktop properties), her icons show up but don't execute. The message on
her
> desktop has the spyware warning, and click here for removal, and clicking
> doesn't go anywhere. The overlaying page does not come in in Safe Mode.
I
> ran Spybot (will only run in Safemode), found lots of spyware, but,
booting
> up normally still has this overlaying desktop. How can I clear this up?
We
> used to be able to boot up one command at a time so we could see what is
> loading. Is that still available? Thanks for any help!


Desktop has been taken over...