User Name Password Register
DaniWeb IT Discussion Community
Home
Forums
Tutorials
Blogs
Link Directory
All
What is DaniWeb IT Discussion Community?
You're currently browsing the Viruses, Spyware and other Nasties section within the Tech Talk category of DaniWeb, a massive community of 425,890 software developers, web developers, Internet marketers, and tech gurus who are all enthusiastic about making contacts, networking, and learning from each other. In fact, there are 2,139 IT professionals currently interacting right now! Registration is free, only takes a minute and lets you enjoy all of the interactive features of the site.
Join our community!
Please support our Viruses, Spyware and other Nasties advertiser: Programming Forums

Unable To Right Click Desktop

Join Date: Apr 2005
Posts: 7
Reputation: negativgain is an unknown quantity at this point 
Rep Power: 0
Solved Threads: 0
negativgain's Avatar
negativgain negativgain is offline Offline
Newbie Poster

Re: Unable To Right Click Desktop

  #6  
Apr 12th, 2005
Ok, ready for this headache? I just MOSTLY finished dealing with this problem. I've gotten everything back to normal except my desktop icons are gone (except the basic 4) and my wallpaper is unchangable (BTW, if anyone knows how to fix that, PLEASE TELL ME!!!!). Now, here's the solutions I've found/discovered on my own:

1 - I found out exactly when the file came in, and searched my hard drives for any files modified at that time/date. I deleted every one of them. You can do this by doing a search for these: bargains.exe, wintools (folder), WSupA.exe. This thing produces a LOT of files, so find one of them, check the date modified, then search for files by date modified. anything with the same time stamp or a minute or so after should be deleted.

2 - I found instructions on how to use programs like Hijack This to remove any unwanted registry keys. I will post what I found at the bottom of this.

3 - Follow the directions in this MS link.
http://www.microsoft.com/resources/d...ntry/93790.asp
That should fix the right click issue.

Make sure you have run an updated virus scan on your entire system. When I finally got around to it, I had 28 files infected by 14 different viruses. All because I didn't update the scan. Run Ad-Aware and Hijack This and get rid of anything that shouldn't be there. The directions I found DID NOT have everything that Hijack This found. When you run it, look for any DNS entry that is numerical followed by lettering. (example: 177.0.0.0/someletters.htm). Check those and click fix.

Now, here are the directions I found:

Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions.

Before you do anything else, please create a folder for HijackThis and put it in a permanent folder (like C:\HJT) instead of the Temp folder. This is required because HijackThis will create backups and we don't want them to be deleted.

Turn off System Restore by doing the following:

Click Start > Right Click My Computer > Properties. Click the System Restore tab and Check "Turn off System Restore" or "Turn off System Restore on all drives". Click Apply. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this then Click OK.

Go to My Computer >Tools >Folder Options >View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing / visible. Uncheck the Hide protected operating system files option.

Download CWShredder and click on 'Fix' (it will automatically fix anything it finds for you). If it asks if you want to delete a certain random file, choose No and post that filename here.

If you have a fast internet connection (broadband), run an online scan at Trend Micro or RAV Antivirus.
Please select the autoclean option when using Trend Micro.

Reboot into Safe Mode (hit F8 key until menu shows up). Make sure to close any open browsers. Go into HijackThis->Config->Misc. Tools->Open process manager. Select the following and click Kill process for each one if they are still listed (they shouldn't be - but double check it):

C:\WINDOWS\vsnpstd3.exe
C:\WINDOWS\System32\Services\{F43D4813-DAAF-4643-9385-9BC8D3FE0576}\SVCHOST.EXE

Open Hijack This and click on Scan. Check the following entries, if they are still there.(make sure you do not miss any)

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://daosearch.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://daosearch.com
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [Service Host] C:\WINDOWS\System32\Services\{F43D4813-DAAF-4643-9385-9BC8D3FE0576}\SVCHOST.EXE
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)

Please remember to close all other windows, including browsers then click Fix checked.

Delete the following Files and Folders if they still exist.

C:\WINDOWS\vsnpstd3.exe
C:\WINDOWS\System32\Services\{F43D4813-DAAF-4643-9385-9BC8D3FE0576}\SVCHOST.EXE -- Make sure it is svchost.exe from this folder, not the one in system32 folder

Reboot into Normal Mode and run new HijackThis scan. If there were some entries that didn't show up in Safe Mode, you may check and fix those that appear now in normal mode (if you do that, make sure to run a new scan again). Save the log file and run KRC HijackThis Analyzer in the same folder to get the result.txt log.


I'm new to this site, and this is my first post, But I will keep checking up on this. Anyone have any more questions about it or know the answer to my problem, post it up.
Reply With Quote  
Advertising Opportunities on DaniWeb
Contact Us - Newsletter Archive - Sitemap - Privacy Statement
All times are GMT -4. The time now is 6:57 pm.
Forum system based on vBulletin Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
©2003 - 2008 DaniWeb® LLC