 |  |  |  |  |  |  |  |
unable to change desktop background
Thread Solved |
•
•
Join Date: May 2005
Posts: 3,204
Reputation: 
Solved Threads: 188
Pinki, to allow the fix to be made, temporarily disable TeaTimer:
Open Spybot, click Mode, select Advanced Mode, click Yes in new window, click on Tools in bottom left hand corner.
Click the Resident icon and uncheck Teatimer box.
=In Normal mode, start hijackthis and select Scan Only. Check these two entries and press Fix Checked.
O4 - HKCU\..\Run: [dzrfwrbk] C:\ProgramData\dzrfwrbk\uditkjcp.exe
O4 - HKCU\..\Run: [mZAHXfkXDR] C:\ProgramData\apmnyvkr\wbyhojgp.exe
Good. Now delete these two files:
C:\ProgramData\dzrfwrbk\uditkjcp.exe
C:\ProgramData\apmnyvkr\wbyhojgp.exe
and delete these two folders:
C:\ProgramData\dzrfwrbk\
C:\ProgramData\apmnyvkr\
Done it? Great. Now...
==Download SDFix from here: http://downloads.andymanchesta.com/R...ools/SDFix.exe
and save it to your desktop. Dclick SDFix.exe and choose Run to extract it to %systemdrive%, which commonly will be C:\
==Download this temp file cleaner from http://www.atribune.org/ccount/click.php?id=1 --click in the download window to run it, and when ATF Cleaner opens go Select all, and then Empty Selected.
Next click Firefox [if you have that browser..] at the top, Select All again, and Empty Selected again. Follow that procedure also if you have Opera.
Close ATF.
=You must restart your computer in Safe Mode:
=Open the extracted SDFix folder, C:\SDFix and double click RunThis.bat to start the script. Type Y to begin the cleanup.
You will be prompted to press any key to Reboot - the pc will then restart.
The tool will run again and complete the removal process then display Finished; press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
Restart the pc in normal mode. Post the contents of the file Report.txt here, along with the log of a fresh hijackthis scan run in normal mode.
***** Instead of ATF you may wish to substitue this cleaner.. it is the one I use regularly.
==Get CCleaner from http://www.ccleaner.com/ - and install it in a new folder. You should keep this one for general use. I set the installation checkboxes only to open from the recycle bin. It's neater that way.
Now run CCleaner from the recycle bin rclick menu using its default settings [if you set up CCleaner as i suggested, rclicking the bin icon should give you the Open CCleaner option...].
If you have FireFox open the Applications tab and ensure at least that Cookies and Cache are checked.
Select the Cleaner icon, press Run Cleaner.
..and then SDFix.
Open Spybot, click Mode, select Advanced Mode, click Yes in new window, click on Tools in bottom left hand corner.
Click the Resident icon and uncheck Teatimer box.
=In Normal mode, start hijackthis and select Scan Only. Check these two entries and press Fix Checked.
O4 - HKCU\..\Run: [dzrfwrbk] C:\ProgramData\dzrfwrbk\uditkjcp.exe
O4 - HKCU\..\Run: [mZAHXfkXDR] C:\ProgramData\apmnyvkr\wbyhojgp.exe
Good. Now delete these two files:
C:\ProgramData\dzrfwrbk\uditkjcp.exe
C:\ProgramData\apmnyvkr\wbyhojgp.exe
and delete these two folders:
C:\ProgramData\dzrfwrbk\
C:\ProgramData\apmnyvkr\
Done it? Great. Now...
==Download SDFix from here: http://downloads.andymanchesta.com/R...ools/SDFix.exe
and save it to your desktop. Dclick SDFix.exe and choose Run to extract it to %systemdrive%, which commonly will be C:\
==Download this temp file cleaner from http://www.atribune.org/ccount/click.php?id=1 --click in the download window to run it, and when ATF Cleaner opens go Select all, and then Empty Selected.
Next click Firefox [if you have that browser..] at the top, Select All again, and Empty Selected again. Follow that procedure also if you have Opera.
Close ATF.
=You must restart your computer in Safe Mode:
=Open the extracted SDFix folder, C:\SDFix and double click RunThis.bat to start the script. Type Y to begin the cleanup.
You will be prompted to press any key to Reboot - the pc will then restart.
The tool will run again and complete the removal process then display Finished; press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
Restart the pc in normal mode. Post the contents of the file Report.txt here, along with the log of a fresh hijackthis scan run in normal mode.
***** Instead of ATF you may wish to substitue this cleaner.. it is the one I use regularly.
==Get CCleaner from http://www.ccleaner.com/ - and install it in a new folder. You should keep this one for general use. I set the installation checkboxes only to open from the recycle bin. It's neater that way.
Now run CCleaner from the recycle bin rclick menu using its default settings [if you set up CCleaner as i suggested, rclicking the bin icon should give you the Open CCleaner option...].
If you have FireFox open the Applications tab and ensure at least that Cookies and Cache are checked.
Select the Cleaner icon, press Run Cleaner.
..and then SDFix.
Last edited by gerbil; May 6th, 2008 at 11:26 pm.
Deep, deep in the woods, but walking about.
•
•
Join Date: Jul 2007
Posts: 70
Reputation:
Solved Threads: 0
Junior Poster in Training
I did rename it as digitalfix.exe on my desktop but still I cannot fix some of the requested items.. I duno why?\
can you tell me why?
can you tell me why?
•
•
Join Date: Jul 2007
Posts: 70
Reputation:
Solved Threads: 0
Junior Poster in Training
•
•
•
•
Originally Posted by gerbil 
Pinki, to allow the fix to be made, temporarily disable TeaTimer:
Open Spybot, click Mode, select Advanced Mode, click Yes in new window, click on Tools in bottom left hand corner.
Click the Resident icon and uncheck Teatimer box.
=In Normal mode, start hijackthis and select Scan Only. Check these two entries and press Fix Checked.
O4 - HKCU\..\Run: [dzrfwrbk] C:\ProgramData\dzrfwrbk\uditkjcp.exe
O4 - HKCU\..\Run: [mZAHXfkXDR] C:\ProgramData\apmnyvkr\wbyhojgp.exe
Good. Now delete these two files:
C:\ProgramData\dzrfwrbk\uditkjcp.exe
C:\ProgramData\apmnyvkr\wbyhojgp.exe
and delete these two folders:
C:\ProgramData\dzrfwrbk\
C:\ProgramData\apmnyvkr\
Done it? Great. Now...
==Download SDFix from here: http://downloads.andymanchesta.com/R...ools/SDFix.exe
and save it to your desktop. Dclick SDFix.exe and choose Run to extract it to %systemdrive%, which commonly will be C:\
==Download this temp file cleaner from http://www.atribune.org/ccount/click.php?id=1 --click in the download window to run it, and when ATF Cleaner opens go Select all, and then Empty Selected.
Next click Firefox [if you have that browser..] at the top, Select All again, and Empty Selected again. Follow that procedure also if you have Opera.
Close ATF.
=You must restart your computer in Safe Mode:
=Open the extracted SDFix folder, C:\SDFix and double click RunThis.bat to start the script. Type Y to begin the cleanup.
You will be prompted to press any key to Reboot - the pc will then restart.
The tool will run again and complete the removal process then display Finished; press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
Restart the pc in normal mode. Post the contents of the file Report.txt here, along with the log of a fresh hijackthis scan run in normal mode.
***** Instead of ATF you may wish to substitue this cleaner.. it is the one I use regularly.
==Get CCleaner from http://www.ccleaner.com/ - and install it in a new folder. You should keep this one for general use. I set the installation checkboxes only to open from the recycle bin. It's neater that way.
Now run CCleaner from the recycle bin rclick menu using its default settings [if you set up CCleaner as i suggested, rclicking the bin icon should give you the Open CCleaner option...].
If you have FireFox open the Applications tab and ensure at least that Cookies and Cache are checked.
Select the Cleaner icon, press Run Cleaner.
..and then SDFix.
•
•
Join Date: May 2005
Posts: 3,204
Reputation:
Solved Threads: 188
Pinki, no, I cannot tell you why that is so, it is new to me. Possibly a new form of attack/hiding to avoid being Fixed by hijackthis...? But we have their names, and so they have no place to hide...
==Please copy the text in the box to a notepad [format/wordwrap unchecked] and save as fixkey.reg, as type "all files", to your desktop; dclick it to run... agree; if it opens in notepad instead rclick the icon [file], choose Open with, Registry editor....
Good. Now browse to [or search] and delete these two files in an explorer window:
C:\ProgramData\dzrfwrbk\uditkjcp.exe
C:\ProgramData\apmnyvkr\wbyhojgp.exe
....and delete these two folders:
C:\ProgramData\dzrfwrbk\
C:\ProgramData\apmnyvkr\
They should be gone now.
==Please copy the text in the box to a notepad [format/wordwrap unchecked] and save as fixkey.reg, as type "all files", to your desktop; dclick it to run... agree; if it opens in notepad instead rclick the icon [file], choose Open with, Registry editor....
Windows Registry Editor Version 5.00 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "dzrfwrbk"=- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "mZAHXfkXDR"=-
Good. Now browse to [or search] and delete these two files in an explorer window:
C:\ProgramData\dzrfwrbk\uditkjcp.exe
C:\ProgramData\apmnyvkr\wbyhojgp.exe
....and delete these two folders:
C:\ProgramData\dzrfwrbk\
C:\ProgramData\apmnyvkr\
They should be gone now.
Last edited by gerbil; May 7th, 2008 at 9:24 am.
Deep, deep in the woods, but walking about.
•
•
Join Date: Jul 2007
Posts: 70
Reputation:
Solved Threads: 0
Junior Poster in Training
ok.. the folders are deleted and i added the fixreg to my registry.. do i boot into safe mode and do the instructions you posted before?
i still cannot fix those items in hijackthis
i still cannot fix those items in hijackthis
•
•
Join Date: May 2005
Posts: 3,204
Reputation:
Solved Threads: 188
What? these two entries
O4 - HKCU\..\Run: [dzrfwrbk] C:\ProgramData\dzrfwrbk\uditkjcp.exe
O4 - HKCU\..\Run: [mZAHXfkXDR] C:\ProgramData\apmnyvkr\wbyhojgp.exe
are still showing up in the notepad log of hijackthis? That reg file should have removed them..?
PLease finish the remainder of my previous post [from Done it? Great. Now...].
O4 - HKCU\..\Run: [dzrfwrbk] C:\ProgramData\dzrfwrbk\uditkjcp.exe
O4 - HKCU\..\Run: [mZAHXfkXDR] C:\ProgramData\apmnyvkr\wbyhojgp.exe
are still showing up in the notepad log of hijackthis? That reg file should have removed them..?
PLease finish the remainder of my previous post [from Done it? Great. Now...].
Deep, deep in the woods, but walking about.
•
•
Join Date: Jul 2007
Posts: 70
Reputation:
Solved Threads: 0
Junior Poster in Training
yep its still showing in the hijackthis log
•
•
Join Date: May 2005
Posts: 3,204
Reputation:
Solved Threads: 188
I'll check back in a bit for that SDFix log....
Deep, deep in the woods, but walking about.
 |
Similar Threads
- Unable To Right Click Desktop (Viruses, Spyware and other Nasties)
- Desktop background now white and unable to change (Viruses, Spyware and other Nasties)
- Spyware attack - Unable to change desktop background (Viruses, Spyware and other Nasties)
- Desktop background locked out (Viruses, Spyware and other Nasties)
- Desktop background hijacked-NEW Problem (Web Browsers)
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: Ghostsurf wont let me acces IE and msn messenger, why ?
- Next Thread: Verizon denial of service through router
Views: 6171 | Replies: 44
| Thread Tools | Search this Thread |
Latest Viruses, Spyware and other Nasties Posts
Related Forum Features
Tag cloud for Viruses, Spyware and other Nasties
adobe adware anti-malware anti-virussitesaccessissue antivirus attack audio avg backtoschoolspeech bar blackhat botnet botnets censorship china combofix commercial commercials conficker connect control crosssitescripting cyber cybercrime ddos domains e-mafia education email europe exam exploit explorer facebook fake fancheckvirus firefox gaming gumblar hijack hosting internet kaspersky legal logfiles mail malware mcafee mega-d messagelabs microsoft mobile news norton obama panel parents patch pc phishing police policeprovirusmba-mblockedinternetaccess president privacy pro problem redirect redirecting reliability report research risk rogueantivirus rootkit scareware school search security seopoisoning software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec system threat trojan unwanted update usa virus viruses vista volume warning web windows worm zero-day
