Hello all. My wife was browsing the web and a hijacking program downloaded itself and infected my laptop. After much searching of the web, several Spyware removal downloads and re-installing WebRoot Spysweeper, which the hijacking program managed to un-install BTW, and Norton, I finally stumbled on this site which helped greatly in removing the infection. The problem was almost exactly the same as the HotOffers infection only now I've lost almost all capability to access the Display properties. I can't change the theme, wallpaper (Through the display properties control panel that is), and the only tabs I have are the screen saver tab and the settings tab. I'm running WinXP SP1. SP2 and my laptop don't get along. She was using IE, which I've now removed all the shortcuts to and I'm getting her to use Firefox instead. I don't have an actual WinXP Home disc since the laptop just came with Restore discs and I don't want to re-install the entrie system just to fix this. And I won't be able to use my desktop till later or tomorrow. Anyone have any ideas as to what I need to do? Appreciate the help.

That alteration to your Display properties is usually the work of the "smitfraud" infection. See if this fixes the problem:


1. Download the following reg file by right-clicking on the link and choosing Save As. Save this file to your Desktop.

Smitfraud Fix Reg File

2. When it is finished downloading, double-click on the smitfraud.reg file on your Desktop. When it asks if you want to merge the information, allow it to do so.

3. Reboot. You should then be able to change your desktop properties back to the way you want to. If you have trouble with some settings, click on the Themes tab in the display settings and change the theme to Windows XP to use the default settings.

this works to bring the display back bnut does nothing to get rid of the spyware (specialgoods.info) this is a nasty bugger

Hey notryt ,

I had the same thing and I managed to get rid of it. Here's what I did (on Windows 98 SE):

* Install and Run Spyware Guard
* Navigate to C:\Windows\System32 (possibly C:\Windows\System if in Windows XP)
* I deleted any Programs that look like they "shouldn't" be there. They all had icons for the files and ones I had were labelled "Britney Spears", "Monster C*cks" and things to that affect. There must have been about 10 files in all.
* In the same directory, there was also a file called param.dll (or something to that effect - I deleted before noting down what it was but it was the only *.dll file in that directory). If you try and delete it in Windows, it won't let you saying that it is being used.
* I then went into "pure" DOS mode (if you're using a Windows XP, try a Windows 98 SE Boot Disk - You can get one from www.bootdisk.com)
* Once in DOS mode, I navigated to the directory in DOS and typed "attrib -r -a -s -h" to remove any file permissions and then deleted the file manually using "del param.dll" (if that was the file name)
* After this, I rebooted the machine, went to Internet Options and changed the default homepage (a note from Spyguard popped up asking me if I was sure and said "Keep Value".

...and I haven't had any problems since.

I hope that helps. If you not sure or you're having trouble, feel free to drop me a line and I'll see if I can walk you through it in more detail.

tav

Thanx.. anyone using xp the icons are in the system32 directory.. to del param32.dll in xp (Im assuming ntfs) reboot f8 .. safemode command prompt... once you get the prompt.. navigate yourself to the windows/system32 directory and type del param32.dll... reboot and alls good again

Param.dll is indeed one of the bad files associated with this (smitfraud, HotOffers, and a couple of others), and you will most likely need to use the PocketKillbox to get rid of it. There are some other files that should be searched for, and deleted, as well. See post #41 in this thread for more info: http://www.daniweb.com/techtalkforum...hotoffers.html

[QUOTE=tavueni]Hey notryt ,

Thanks a lot , i have kill the maleficus page!!!

hey basically i got that special goods virus and i
> cnt get rid. my screen display settings were able to
> be changed bak and i ve found the param.32 file in
> my systems32. but i cnt get rid of it. i have
> windows xp on my laptop, culd u tell me step by step
> how to get rid coz im preti dumb wiv computers.
> thanks very much

Hi angelus88,

First of all- welcome to TechTalk!

We ask that members not tag their questions on to a thread previously started by another member (regardless of how similar your problem might seem). Not only does it divert the focus of the thread away from the original poster's problem, but it also makes it less likely that you yourself will get the individual attention that you need.

Please start your own thread and post your question there. When you do, please try to give us as much specific info as possible regarding the problem (exact error messages, system specs, etc.).

For a full description of our posting guidelines and general rules of conduct, please see this page:

http://www.daniweb.com/techtalkforum..._faq#faq_rules


Thanks for understanding.

Thank you for the information tavueni, it helped me a lot!! Luckily, in my case, I am running a dual boot system so, deleting the file took nothing more than booting to a clean OS and deleting the file. Oddly, I opted for the FAT32 installation of xp and it paid off. I'm now off to figure out how to get linux, WinMe, and WinXP to boot off the same hard drive. Again, thank you tavueni, as I was ready to format my XP partition to get rid of this nasty bug.

BaLiNkEr