Help! Desktop replaced with a webpage advert!

Discussion in 'adware, spyware & hijack cleaning' started by Mord, Jun 20, 2004.

Thread Status:
Not open for further replies.
  1. Mord

    Mord Registered Member

    Joined:
    Jun 10, 2004
    Posts:
    13
    Yesterday i was browsing the web when i had a popup window that downloaded some spyware to mm machine.

    My desktoo then turned into a web page saying "You have been compomised by blaa blaa, click here to download some sort of secuirty sweet to remove it".

    Right clicked on the webpage and found it was sitting in c:\windows\web\
    so i deleted all the files in tehre and now windows loads a blank white webpage over my desktop that i cant close or remove.

    I also got infected by 106 items of spyware which through use of Adware, Spybot s&d, CWShredder and spyware docter i removed.

    Heres my Hijackthis log:


    Logfile of HijackThis v1.97.7
    Scan saved at 10:35:38, on 20/06/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\WINDOWS\System32\LckFldService.exe
    C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
    C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
    C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\System32\DRIVERS\WtSrv.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Motherboard Monitor 5\MBM5.EXE
    C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
    C:\Program Files\Microsoft IntelliPoint\point32.exe
    C:\Program Files\Microsoft IntelliType Pro\type32.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Spyware Doctor\spydoctor.exe
    C:\Program Files\Crazy Browser\Crazy Browser.exe
    C:\Program Files\Norton SystemWorks\Norton Antivirus\OPScan.exe
    D:\My Downloads\Misc\Tools\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
    O4 - HKLM\..\Run: [MBM 5] "C:\Program Files\Motherboard Monitor 5\MBM5.EXE"
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
    O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
    O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKCU\..\Run: [Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID {DA9935BA-22F7-44ee-BD12-BD8B87700BEA}

    Please help, I want my desktopback :(
     
    Mord, Jun 20, 2004
    #1
  2. Mord

    Mord Registered Member

    Joined:
    Jun 10, 2004
    Posts:
    13
    Can no one help? ive looked at my registary but its all double duch to me, ive used Mscofig but i dont see anything that needs disabling there. Ive run all my scanners and unitlies 3 times and i look clean. I really dont know what to do :(
     
    Mord, Jun 20, 2004
    #2
  3. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Hi there Mord, i'm not one of the HJT experts, but it appears to me your HJT log is very short! Did you really check all the options to be shown in the log?
    And rightclick on the desktop doesn't enable to get back to no wallpaper?
    System restore , if the experts have no better option? But wait till they tell you so,
     
    Jooske, Jun 20, 2004
    #3
  4. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,491
    Location:
    Netherlands
    Hi Mord,

    The first place I'd check is:
    Open the Control Panel.
    Open Display Properties.
    Click the Desktop tab.
    Click the Web tab in the Desktop Items window.

    Regards,

    Pieter
     
    Pieter_Arntz, Jun 20, 2004
    #4
  5. Mord

    Mord Registered Member

    Joined:
    Jun 10, 2004
    Posts:
    13
    :D thanks, I dont belive i dindt check the web tab *slaps forehead*, well its fixed now thats what matters.

    Oh as for my HJthis log, i went a bit podantic and removed everything i dindt need.
     
    Mord, Jun 20, 2004
    #5
  6. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Glad Pieter's advice is right again, as always.
    In the parts you removed could have been / could be indications of your downloads etc. But i'm no expert in that part.
     
    Jooske, Jun 20, 2004
    #6
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...