spybot-alexa-windows active desktop

Discussion in 'other anti-malware software' started by europanorama, Feb 27, 2006.

Thread Status:
Not open for further replies.
  1. europanorama

    europanorama Registered Member

    Joined:
    Jun 14, 2003
    Posts:
    29
    i cannot delete alexa related and windows active desktop. even after reboot. it is still sitting there.
     
  2. Alphalutra1

    Alphalutra1 Registered Member

    Joined:
    Dec 17, 2005
    Posts:
    1,160
    Location:
    127.0.0.0/255.0.0.0
    Follow these instructions Here and then post back ;)

    Alphalutra1
     
  3. europanorama

    europanorama Registered Member

    Joined:
    Jun 14, 2003
    Posts:
    29
    Re: spybot-alexa related-windows active desktop

    these are my standard instructions. i have done everything. spybot is showing me the two every time. last time with the same problem i deinstalled and reinstalled. but later they came back. i cannot see them elsewhere. only in spybot.
    somewhere i have read alexa is part of windows...??!!
    but mine is alexa related(correction made in title).

    in addition to the instructions i am using escan( in safe mode). with a result-application(findbat) from a german forum trojaner-board or derbilk.de.
     
  4. europanorama

    europanorama Registered Member

    Joined:
    Jun 14, 2003
    Posts:
    29
    Re: spybot-alexa-related+windows active desktop

    i have win2k.
     
  5. StevieO

    StevieO Registered Member

    Joined:
    Feb 2, 2006
    Posts:
    1,067
    Here's a very simple quick and easy fix that i've done and works for Alexa Related.

    Do a windows search/find for RELATED.HTM right click on it and rename it to RELATED.HTMold.

    You shouldn't see it again !


    StevieO
     
  6. europanorama

    europanorama Registered Member

    Joined:
    Jun 14, 2003
    Posts:
    29
    c:\winnt\web\related was found. i cannot see the ending htm.

    i cannot rename it. i already tried to delete in safe mode.
     
  7. Alphalutra1

    Alphalutra1 Registered Member

    Joined:
    Dec 17, 2005
    Posts:
    1,160
    Location:
    127.0.0.0/255.0.0.0
    Register and post a hijackthis log at www.malwareremoval.com and they will help you. They are members of ASAP and also many of there members are Microsoft MVPs. They'll get you cleaned up

    Alphalutra1
     
  8. europanorama

    europanorama Registered Member

    Joined:
    Jun 14, 2003
    Posts:
    29
    ok, will do. but hjt does not show anything related to my problem. thank you very much.
     
  9. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    Ok....assuming for the moment there is nothing in your HJT log and these are possibly questionable finds on Spybots part....would you mind posting the Spybot check log found in the Logs folder that references these finds Please. Also....did the Alexa related look like the below pic ?

    C:\Documents\All Users\Application Data\Spybot - Search & Destroy\Logs
     

    Attached Files:

  10. europanorama

    europanorama Registered Member

    Joined:
    Jun 14, 2003
    Posts:
    29
    exactly what i found. i de- and reinstalled ssd and hjt. did not help. i can see two errors at start of hjt. i will try to attach. second one follows. only one/message.

    --- Report generated: 2006-02-28 16:21 ---

    Windows.ActiveDesktop: Benutzer-Einstellungen (Registrierungsdatenbank-Änderung, fixing failed)
    HKEY_USERS\S-1-5-21-1085031214-117609710-839522115-1000\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoHTMLWallPaper!=W=1

    Alexa Related: Verknüpfung (Datei austauschen, fixing failed)
    C:\WINNT\Web\RELATED.HTM


    --- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

    2005-05-31 blindman.exe (1.0.0.1)
    2005-05-31 SpybotSD.exe (1.4.0.3)
    2005-05-31 TeaTimer.exe (1.4.0.2)
    2006-02-28 unins000.exe (51.41.0.0)
    2005-05-31 Update.exe (1.4.0.0)
    2005-05-31 advcheck.dll (1.0.2.0)
    2005-05-31 aports.dll (2.1.0.0)
    2005-05-31 borlndmm.dll (7.0.4.453)
    2005-05-31 delphimm.dll (7.0.4.453)
    2005-05-31 SDHelper.dll (1.4.0.0)
    2005-05-31 Tools.dll (2.0.0.2)
    2005-05-31 UnzDll.dll (1.73.1.1)
    2005-05-31 ZipDll.dll (1.73.2.0)
    2006-02-24 Includes\Cookies.sbi (*)
    2006-02-24 Includes\Dialer.sbi (*)
    2006-02-24 Includes\Hijackers.sbi (*)
    2006-02-24 Includes\Keyloggers.sbi (*)
    2004-11-29 Includes\LSP.sbi (*)
    2006-02-24 Includes\Malware.sbi (*)
    2006-02-24 Includes\PUPS.sbi (*)
    2006-02-24 Includes\Revision.sbi (*)
    2006-02-24 Includes\Security.sbi (*)
    2006-02-24 Includes\Spybots.sbi (*)
    2005-02-17 Includes\Tracks.uti
    2006-02-24 Includes\Trojans.sbi (*)

    -more logs will follow.
     

    Attached Files:

    • HYT1.jpg
      HYT1.jpg
      File size:
      60.1 KB
      Views:
      443
  11. europanorama

    europanorama Registered Member

    Joined:
    Jun 14, 2003
    Posts:
    29
    seond image of hjt plus second logfile of ssd.

    --- Report generated: 2006-02-28 16:15 ---

    Windows.ActiveDesktop: Benutzer-Einstellungen (Registrierungsdatenbank-Änderung, nothing done)
    HKEY_USERS\S-1-5-21-1085031214-117609710-839522115-1000\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoHTMLWallPaper!=W=1

    Alexa Related: Verknüpfung (Datei austauschen, nothing done)
    C:\WINNT\Web\RELATED.HTM


    --- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

    2005-05-31 blindman.exe (1.0.0.1)
    2005-05-31 SpybotSD.exe (1.4.0.3)
    2005-05-31 TeaTimer.exe (1.4.0.2)
    2006-02-28 unins000.exe (51.41.0.0)
    2005-05-31 Update.exe (1.4.0.0)
    2005-05-31 advcheck.dll (1.0.2.0)
    2005-05-31 aports.dll (2.1.0.0)
    2005-05-31 borlndmm.dll (7.0.4.453)
    2005-05-31 delphimm.dll (7.0.4.453)
    2005-05-31 SDHelper.dll (1.4.0.0)
    2005-05-31 Tools.dll (2.0.0.2)
    2005-05-31 UnzDll.dll (1.73.1.1)
    2005-05-31 ZipDll.dll (1.73.2.0)
    2006-02-24 Includes\Cookies.sbi (*)
    2006-02-24 Includes\Dialer.sbi (*)
    2006-02-24 Includes\Hijackers.sbi (*)
    2006-02-24 Includes\Keyloggers.sbi (*)
    2004-11-29 Includes\LSP.sbi (*)
    2006-02-24 Includes\Malware.sbi (*)
    2006-02-24 Includes\PUPS.sbi (*)
    2006-02-24 Includes\Revision.sbi (*)
    2006-02-24 Includes\Security.sbi (*)
    2006-02-24 Includes\Spybots.sbi (*)
    2005-02-17 Includes\Tracks.uti
    2006-02-24 Includes\Trojans.sbi (*)
     

    Attached Files:

    • HYT2.jpg
      HYT2.jpg
      File size:
      69.8 KB
      Views:
      441
  12. europanorama

    europanorama Registered Member

    Joined:
    Jun 14, 2003
    Posts:
    29
    third log from ssd:
    28.02.2006 16:12:01 - ##### check started #####
    28.02.2006 16:12:01 - ### Version: 1.4
    28.02.2006 16:12:01 - ### Date: 28.02.2006 16:12:01
    28.02.2006 16:12:04 - ##### checking bots #####
    28.02.2006 16:14:34 - found: Windows.ActiveDesktop Benutzer-Einstellungen
    28.02.2006 16:14:39 - found: Alexa Related Verknüpfung
    28.02.2006 16:15:30 - ##### check finished #####
    -

    it seems its related to the real windows.active desktop.
    benutzer-einstellungen=user-settings
    -
    pls tell me also what i can do with the hjt-errors. or do i have to go to the malware-forum? i cleaned the system. what i could not get rid of were entries in the recycler. c:\recycler.
    -
    i could once delete a file only in explorer. i will now try to do this with the related.html.
     
  13. europanorama

    europanorama Registered Member

    Joined:
    Jun 14, 2003
    Posts:
    29
    getting rid of recycler-content: set it to zero temporarly and reboot, right?
     
  14. europanorama

    europanorama Registered Member

    Joined:
    Jun 14, 2003
    Posts:
    29
    i could rename related to related.htmold(with administrators rights. but: i could not see the ending htm. is this ok?

    i will now check if recycler-entries are gone by reusing pandasoftware activescan . plus ssd(alexa related)
     
  15. Alphalutra1

    Alphalutra1 Registered Member

    Joined:
    Dec 17, 2005
    Posts:
    1,160
    Location:
    127.0.0.0/255.0.0.0
    Europanoma, you haven't posted your HJT log at malwareremoval, they will get you cleaned a lot faster and ensure you are clean. Trust me, it will be a lot more painless than what you are attempting to do now. HJT log analyizing is difficult, and unless you have undergone a lot of training, it is virtually impossible to declare that "My log is clean".

    Just my advice, you don't have to follow it though :D

    Alphalutra1
     
  16. europanorama

    europanorama Registered Member

    Joined:
    Jun 14, 2003
    Posts:
    29
    1. sorry if i didnt yet do that. i was busy doing all the above steps.

    2. spybot now shows only windows.activedesktop

    Windows.ActiveDesktop: Benutzer-Einstellungen (Registrierungsdatenbank-Änderung, nothing done)
    HKEY_USERS\S-1-5-21-1085031214-117609710-839522115-1000\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoHTMLWallPaper!=W=1


    --- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

    2005-05-31 blindman.exe (1.0.0.1)
    2005-05-31 SpybotSD.exe (1.4.0.3)
    2005-05-31 TeaTimer.exe (1.4.0.2)
    2006-02-28 unins000.exe (51.41.0.0)
    2005-05-31 Update.exe (1.4.0.0)
    2005-05-31 advcheck.dll (1.0.2.0)
    2005-05-31 aports.dll (2.1.0.0)
    2005-05-31 borlndmm.dll (7.0.4.453)
    2005-05-31 delphimm.dll (7.0.4.453)
    2005-05-31 SDHelper.dll (1.4.0.0)
    2005-05-31 Tools.dll (2.0.0.2)
    2005-05-31 UnzDll.dll (1.73.1.1)
    2005-05-31 ZipDll.dll (1.73.2.0)
    2006-02-24 Includes\Cookies.sbi (*)
    2006-02-24 Includes\Dialer.sbi (*)
    2006-02-24 Includes\Hijackers.sbi (*)
    2006-02-24 Includes\Keyloggers.sbi (*)
    2004-11-29 Includes\LSP.sbi (*)
    2006-02-24 Includes\Malware.sbi (*)
    2006-02-24 Includes\PUPS.sbi (*)
    2006-02-24 Includes\Revision.sbi (*)
    2006-02-24 Includes\Security.sbi (*)
    2006-02-24 Includes\Spybots.sbi (*)
    2005-02-17 Includes\Tracks.uti
    2006-02-24 Includes\Trojans.sbi (*)
    -
    pandasoftware and escan did not find anything.
     
  17. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    No disrespect intended and I am sure not advocating that europanorama does not visit a HJT cleaning service but given the fact those volunteers are working their buns off these 2 finds in unto themselves by Spybot do not constitute a HJT log review IMHO.

    That is another legit key that SpyBot will target if it's a dword of 1

    NoHTMLWallPaper
    recent thread @ Official Spybot Forum:
    Desktop.ActiveDesktop
     
  18. europanorama

    europanorama Registered Member

    Joined:
    Jun 14, 2003
    Posts:
    29
    thank you very much. i dont understand why there is no link to that forum on the download-site. i will go there.
     
  19. europanorama

    europanorama Registered Member

    Joined:
    Jun 14, 2003
    Posts:
    29
  20. europanorama

    europanorama Registered Member

    Joined:
    Jun 14, 2003
    Posts:
    29
    fixme.reg is the solution. but i had to reboot and rerun spybot. or running it as administrator and reboot. since i did not know i have done the latter.
     
Loading...
Thread Status:
Not open for further replies.