desktop stolen by advert

Warning!
Spyware detected on your computer!Install an antivirus or spyware remover
to clean your computer.
→ View the list of top spyware removers here ←
The above is now my desktop on a black background and i cannot get rid of it
i have used ad-aware,, spybot,, avg anti virus,,
all have found spyware but obviously not the right one
has anyone any ideas for removal

TIA
Mike T

 

i would follow the instructions here. for simple instructions, i would give ewido a try. its very good at detecting and removing malware.

 

WSFuser has given you a great link.

I'd try to see if it is possible first to short-cut the process and target this specific problem more directly before going on to do a wider audit ?

I'm assuming this message has come from a program you didn't purposely download & indicates an unexpected link of some-sort has appeared ?

Without actually going to the address at the link if you could right click & give us the properties/address it might be an indicator of the originator of your problem. Alternatively information such as the names of the spyware it says is detected may help us identify the source.

Often these things are documented and there is already a targetted approach.

Be aware this is often a way of tricking you into going to a specific site & enticing you to download even more malware under the guise of anti-spyware.

regards
eyes-open

 

I had this happen to a friend, ewido and others would be benificial, start in safe mode, and run the cleaners, get hijackthis, and use autoruns to remove the malware from running, and if your an admin, try making a new account after running them cleaners, delete the old account, before you delete (if you can) get everything you want from the old account that was hijacked, dont grab anything that you dont need otherwise you risk infecting the new account..

 

try to use a trial of pestpatrol or ewido

 

EWIDO!!! PLS as suggested!!

Thanks

 

Here is the actual HTML from the page --

<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Strict//EN' 'http://www.w3.org/tr/xhtml1/dtd/xhtml1-strict.dtd'>
<html>

<head>
<meta http-equiv='content-type' content='text/html;charset=windows-1251' />
<style type='text/css'>
body{background:#000;padding:0;margin:0;height:100%}
div.body{text-align:center;font-family:tahoma;font-size:90%}
.w100{width:100%}
.h100{height:100%}
h1{font-size:250%;color:#000;margin:0}
.left{float:left}
.cl{clear:both}
.heading{width:746px;padding:10px 15px;background:#fc0;border:2px solid #fc0;margin:auto }
.info{width:746px;padding:60px 15px 20px 15px;border:2px solid #fc0;font-size:270%;color:#fff;height:120px;margin:auto}
a{color:#f00;font-size:250%}
.arrow{font-size:250%;color:#fc0}
.link{margin:1em 0}
</style>
<title>Warning! Spyware detected on your computer!</title>
</head>

<body><div class='abs w100 body h100'>
<table cellpadding='0' cellspacing='0' class='h100'><tr><td class='h100'>
<div class='heading'><h1>Warning!<br />Spyware detected on your computer!</h1></div>
<div class='info'>Install an antivirus or spyware remover<br />to clean your computer.</div>
<div class='link'><span class='arrow'>&rarr;</span>&nbsp;&nbsp;&nbsp;<a href='http://www.hypoteches.com/search.php?wmid=93&sub=0&q=Removers'>View the list of top spyware removers here</a>&nbsp;&nbsp;&nbsp;<span class='arrow'>&larr;</span></div>
</td></tr></table>
</div></body>
</html>

 

These are (obviously) all scams. "Winhound" was the first using the wmf exploit to get installed: in fact, the first wmf exploit known to the world (it was posted on BugTraq) installed winhound. This might help: http://www.geekstogo.com/forum/How-...ike-SpySheriff-Winhound-Smitfraud-t91731.html (haven't tried it, but it seems reasonable).

 

Okay miket here's where your last post sent me

It contained this URL/address

Googling hypoteches isn't very fruitful but there is a cached page that references the problem:-

Okay so assuming that isn't a red herring then as TNT pointed out it looks like this is a new variant of an old annoyance that generates under different names - including spyaxe, spyfalcon and now from this February alfacleaner.

So with reference to the targetted approach this site will walk you through it:- how to remove alfacleaner

It may seem daunting - but they will support you through the hijackthis process.

Another site that offers a similar guide - including using Ewido is:-

.myantispyware.com - how-to-remove-alfacleaner

Now you may feel that you'd rather go in reverse. In which case as has been suggested check here in the Ewido Forum to see if it can help and what advice they give. Just post & ask.

Just take it steady - a step at a time and you will get there.

regards
eyes-open

 

Thanks everyone for all help and suggestions and links
as it turned out i went the drastic way and reformatted the drive
this whole incident had happened because of re-downloading security programs includeing zone alarm and this problem snuck in under it
so i just reformatted and setup zone alarm first and then got the programs i wanted

Thanks Again Everyone
Miket