spybot-alexa-windows active desktop

i cannot delete alexa related and windows active desktop. even after reboot. it is still sitting there.

 

Follow these instructions Here and then post back

Alphalutra1

 

Re: spybot-alexa related-windows active desktop

these are my standard instructions. i have done everything. spybot is showing me the two every time. last time with the same problem i deinstalled and reinstalled. but later they came back. i cannot see them elsewhere. only in spybot.
somewhere i have read alexa is part of windows...??!!
but mine is alexa related(correction made in title).

in addition to the instructions i am using escan( in safe mode). with a result-application(findbat) from a german forum trojaner-board or derbilk.de.

 

Re: spybot-alexa-related+windows active desktop

i have win2k.

 

Here's a very simple quick and easy fix that i've done and works for Alexa Related.

Do a windows search/find for RELATED.HTM right click on it and rename it to RELATED.HTMold.

You shouldn't see it again !


StevieO

 

c:\winnt\web\related was found. i cannot see the ending htm.

i cannot rename it. i already tried to delete in safe mode.

 

Register and post a hijackthis log at www.malwareremoval.com and they will help you. They are members of ASAP and also many of there members are Microsoft MVPs. They'll get you cleaned up

Alphalutra1

 

ok, will do. but hjt does not show anything related to my problem. thank you very much.

 

Ok....assuming for the moment there is nothing in your HJT log and these are possibly questionable finds on Spybots part....would you mind posting the Spybot check log found in the Logs folder that references these finds Please. Also....did the Alexa related look like the below pic ?

C:\Documents\All Users\Application Data\Spybot - Search & Destroy\Logs

 

exactly what i found. i de- and reinstalled ssd and hjt. did not help. i can see two errors at start of hjt. i will try to attach. second one follows. only one/message.

--- Report generated: 2006-02-28 16:21 ---

Windows.ActiveDesktop: Benutzer-Einstellungen (Registrierungsdatenbank-Änderung, fixing failed)
HKEY_USERS\S-1-5-21-1085031214-117609710-839522115-1000\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoHTMLWallPaper!=W=1

Alexa Related: Verknüpfung (Datei austauschen, fixing failed)
C:\WINNT\Web\RELATED.HTM


--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2006-02-28 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2005-05-31 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2005-05-31 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2006-02-24 Includes\Cookies.sbi (*)
2006-02-24 Includes\Dialer.sbi (*)
2006-02-24 Includes\Hijackers.sbi (*)
2006-02-24 Includes\Keyloggers.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2006-02-24 Includes\Malware.sbi (*)
2006-02-24 Includes\PUPS.sbi (*)
2006-02-24 Includes\Revision.sbi (*)
2006-02-24 Includes\Security.sbi (*)
2006-02-24 Includes\Spybots.sbi (*)
2005-02-17 Includes\Tracks.uti
2006-02-24 Includes\Trojans.sbi (*)

-more logs will follow.

 

seond image of hjt plus second logfile of ssd.

--- Report generated: 2006-02-28 16:15 ---

Windows.ActiveDesktop: Benutzer-Einstellungen (Registrierungsdatenbank-Änderung, nothing done)
HKEY_USERS\S-1-5-21-1085031214-117609710-839522115-1000\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoHTMLWallPaper!=W=1

Alexa Related: Verknüpfung (Datei austauschen, nothing done)
C:\WINNT\Web\RELATED.HTM


--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2006-02-28 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2005-05-31 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2005-05-31 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2006-02-24 Includes\Cookies.sbi (*)
2006-02-24 Includes\Dialer.sbi (*)
2006-02-24 Includes\Hijackers.sbi (*)
2006-02-24 Includes\Keyloggers.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2006-02-24 Includes\Malware.sbi (*)
2006-02-24 Includes\PUPS.sbi (*)
2006-02-24 Includes\Revision.sbi (*)
2006-02-24 Includes\Security.sbi (*)
2006-02-24 Includes\Spybots.sbi (*)
2005-02-17 Includes\Tracks.uti
2006-02-24 Includes\Trojans.sbi (*)

 

third log from ssd:
28.02.2006 16:12:01 - ##### check started #####
28.02.2006 16:12:01 - ### Version: 1.4
28.02.2006 16:12:01 - ### Date: 28.02.2006 16:12:01
28.02.2006 16:12:04 - ##### checking bots #####
28.02.2006 16:14:34 - found: Windows.ActiveDesktop Benutzer-Einstellungen
28.02.2006 16:14:39 - found: Alexa Related Verknüpfung
28.02.2006 16:15:30 - ##### check finished #####
-

it seems its related to the real windows.active desktop.
benutzer-einstellungen=user-settings
-
pls tell me also what i can do with the hjt-errors. or do i have to go to the malware-forum? i cleaned the system. what i could not get rid of were entries in the recycler. c:\recycler.
-
i could once delete a file only in explorer. i will now try to do this with the related.html.

 

getting rid of recycler-content: set it to zero temporarly and reboot, right?

 

i could rename related to related.htmold(with administrators rights. but: i could not see the ending htm. is this ok?

i will now check if recycler-entries are gone by reusing pandasoftware activescan . plus ssd(alexa related)

 

Europanoma, you haven't posted your HJT log at malwareremoval, they will get you cleaned a lot faster and ensure you are clean. Trust me, it will be a lot more painless than what you are attempting to do now. HJT log analyizing is difficult, and unless you have undergone a lot of training, it is virtually impossible to declare that "My log is clean".

Just my advice, you don't have to follow it though

Alphalutra1

 

1. sorry if i didnt yet do that. i was busy doing all the above steps.

2. spybot now shows only windows.activedesktop

Windows.ActiveDesktop: Benutzer-Einstellungen (Registrierungsdatenbank-Änderung, nothing done)
HKEY_USERS\S-1-5-21-1085031214-117609710-839522115-1000\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoHTMLWallPaper!=W=1


--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2006-02-28 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2005-05-31 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2005-05-31 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2006-02-24 Includes\Cookies.sbi (*)
2006-02-24 Includes\Dialer.sbi (*)
2006-02-24 Includes\Hijackers.sbi (*)
2006-02-24 Includes\Keyloggers.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2006-02-24 Includes\Malware.sbi (*)
2006-02-24 Includes\PUPS.sbi (*)
2006-02-24 Includes\Revision.sbi (*)
2006-02-24 Includes\Security.sbi (*)
2006-02-24 Includes\Spybots.sbi (*)
2005-02-17 Includes\Tracks.uti
2006-02-24 Includes\Trojans.sbi (*)
-
pandasoftware and escan did not find anything.

 

No disrespect intended and I am sure not advocating that europanorama does not visit a HJT cleaning service but given the fact those volunteers are working their buns off these 2 finds in unto themselves by Spybot do not constitute a HJT log review IMHO.

That is another legit key that SpyBot will target if it's a dword of 1

NoHTMLWallPaper

recent thread @ Official Spybot Forum:
Desktop.ActiveDesktop

 

thank you very much. i dont understand why there is no link to that forum on the download-site. i will go there.

 

http://forums.spybot.info/showthread.php?t=680&page=3

i ran the fixme.reg (use unicode when saving).

 

fixme.reg is the solution. but i had to reboot and rerun spybot. or running it as administrator and reboot. since i did not know i have done the latter.