954,168 Members — Technology Publication meets Social Media
Username:
Password:
Lost login information?
Have something to say? Contribute New Article Reply to this Article
7 Years Ago
0

Desktop Background Hijacked-NEW Problem(! Smart Security)




 

pleasehelpme-7
Newbie Poster
8 posts since Oct 2004
Reputation Points: 11
Solved Threads: 0
 
7 Years Ago
0

You should first try booting into Safe Mode and running the programs you mentioned. While in Safe Mode, delete the contents of all Temp and Temporary Internet folders for all users. Also, do a search for *.tmp and delete all those files as well.

Reboot normally and go to this thread and follow any of the recommendations you haven't already tried:
http://daniweb.com/techtalkforums/thread5690.html

After that, post a hijackthis log in the Security forum (even if it doesn't look 'normal').

dlh6213
Posting Maven
Team Colleague
3,117 posts since Jul 2004
Reputation Points: 63
Solved Threads: 214
 
7 Years Ago
0

dlh6213

I have followed your advice but have not had any success.

The following is my HJT log:

Logfile of HijackThis v1.97.7
Scan saved at 9:11:30 PM, on 11/1/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Mr\My Documents\My Videos\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/flash
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\Hotsync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab


I appreciate you taking an interest in my problem.
Thanks again

pleasehelpme-7
Newbie Poster
8 posts since Oct 2004
Reputation Points: 11
Solved Threads: 0
 
7 Years Ago
0

Hi. First of all you need to update hijackthis to version 1.98.2. Run hijackthis & go to *Config\Misc Tools\Check for update on-line*. If the site is down, go here. Remove the old version by deleting the file manually. Unzip the new version into the hijackthis folder.

Looks like that log was done in safe mode? If so, please do this; Hit Start\Run and type in *Msconfig* without the asterix and hit ok. Then go to the startups Tab and make sure that everything there is enabled to start.
Reboot your PC and rescan with hijackthis and post that log here please.

crunchie
Most Valuable Poster
Moderator
20,095 posts since Feb 2004
Reputation Points: 1,142
Solved Threads: 985
 
7 Years Ago
0

Crunchie
I am know you are probably very busy so I really appreciate you taking the time to help me.

Here is my HJT log:
Logfile of HijackThis v1.98.2
Scan saved at 3:20:27 PM, on 11/2/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\DIRECWAY\bin\dpcproxy.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Sony Handheld\Hotsync.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Documents and Settings\Mr\My Documents\My Videos\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/flash
R3 - Default URLSearchHook is missing
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\Hotsync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab


Thanks in advance

pleasehelpme-7
Newbie Poster
8 posts since Oct 2004
Reputation Points: 11
Solved Threads: 0
 
7 Years Ago
0

Do you know what C:\PROGRA~1\DIRECWAY\bin\dpcproxy.exe is?

DaveSW
Master Poster
769 posts since Jul 2004
Reputation Points: 54
Solved Threads: 20
 
7 Years Ago
0

DaveSW
This is an application that I believe came with a satellite ISP that I did not completely get rid of after discontinuing their service. The actual despcription is Webcast Proxy server.

Thanks for your interest.

pleasehelpme-7
Newbie Poster
8 posts since Oct 2004
Reputation Points: 11
Solved Threads: 0
 
7 Years Ago
0

The only thing in your log that requires fixing is;

R3 - Default URLSearchHook is missing

Could be the problem lies elsewhere :(.

crunchie
Most Valuable Poster
Moderator
20,095 posts since Feb 2004
Reputation Points: 1,142
Solved Threads: 985
 
7 Years Ago
0

DaveSW
This is an application that I believe came with a satellite ISP that I did not completely get rid of after discontinuing their service. The actual despcription is Webcast Proxy server.

Thanks for your interest.



I see. there is a trojan of the same filename, but that usually resides in the system32 folder, so I thought this had to be legit.

You could try going to add/remove programs and see if there's any strange entries there, but as crunchie says, it should be under the 04 section if it's loading it.

DaveSW
Master Poster
769 posts since Jul 2004
Reputation Points: 54
Solved Threads: 20
 
7 Years Ago
0

Try this; right-click on a blank area of your desktop (someplace where there are no icons), in the menu that pops up, click on Properties. In the next window, click on the Desktop tab; down near the bottom, click on the Customize Desktop box. Click on the Web tab and let us know what is in the box under 'Web pages:'

dlh6213
Posting Maven
Team Colleague
3,117 posts since Jul 2004
Reputation Points: 63
Solved Threads: 214
 
7 Years Ago
0

DLH6213, DaveSW, and Crunchie
Thank you all for your help. I appreciate you taking the time to assist with my problem. If you are interested JC7 solved my problem with a simple adjustment I evidently had destroyed the original bug but had not got rid of its linking my desktop to a webpage. The thread is under internet explorer.
Thanks again for your help.

pleasehelpme-7
Newbie Poster
8 posts since Oct 2004
Reputation Points: 11
Solved Threads: 0
 
7 Years Ago
0
DLH6213, DaveSW, and Crunchie
Thank you all for your help. I appreciate you taking the time to assist with my problem. If you are interested JC7 solved my problem with a simple adjustment I evidently had destroyed the original bug but had not got rid of its linking my desktop to a webpage. The thread is under internet explorer.
Thanks again for your help.



Who is JC7 and can I get the Instructions?

fran0216
Newbie Poster
1 post since Nov 2004
Reputation Points: 10
Solved Threads: 1
 
7 Years Ago
0

I am having exactly the same problem with eactly the same web page as my desktop background.

joesixpack
Newbie Poster
1 post since Nov 2004
Reputation Points: 10
Solved Threads: 1
 
crunchie
Most Valuable Poster
Moderator
20,095 posts since Feb 2004
Reputation Points: 1,142
Solved Threads: 985
 
7 Years Ago
0
Try this; right-click on a blank area of your desktop (someplace where there are no icons), in the menu that pops up, click on Properties. In the next window, click on the Desktop tab; down near the bottom, click on the Customize Desktop box. Click on the Web tab and let us know what is in the box under 'Web pages:'


just to let you guys know I had the exact same problem and this fix's it. But I had to get to it a different way... Just go to control panels/Display/Desktop/Customize Desktop/ and then to the Web tab and then uncheck the security box there/ Apply now, and problem is solved

Thanks DLH for the info.

jdbaker82
Junior Poster in Training
70 posts since Nov 2004
Reputation Points: 10
Solved Threads: 0
 

This question has already been solved

Post: Markdown Syntax: Formatting Help
You
 
© 2012 DaniWeb® LLC
Home | About Us | Contact Us | Terms of Service | Advertising Opportunities
RSS Feed RSS Feed