0

my background tab is gone and stuck with a blue screen with a warning on it from some spyware or something my brother did. I cleaned with adaware and spybot S&D, ran AVG there were no viruses, but a ton of adaware. checked hijack this all was ok. I had a program running on the task bar that kept telling my my computer was infected with viruses and spyware. found that program in winnt/system32 intel32.exe.deleted that. but I am still missing the background tab,appearance tab,web tab and the effects tab. this is a windows 2000 pro computer with sp4.

6
Contributors
11
Replies
12
Views
12 Years
Discussion Span
Last Post by theeasiesttorem
0

Open NotePad, and copy the contents of the below "Quote" box:-

regedit /e Info.txt "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies"

Go to File Menu > Save As, and save the file with the name Test.bat and exit from NotePad.

Double-Click on the file Test.bat, a small DOS type window should open and close immediately.
After this, there would be a file called Info.txt in the same location where Test.bat was present. Open the Info.txt and post it's contents here.

Also, download Ewido and install it. Then run, you will receive a warning message saying "Database not found", click "OK" for this. Next in the main screen, click "Update" and click "Start Update". After the update process, exit from Ewido.


Run Ewido, click on the "Scanner" button in the left menu, then click on the "Start" button. If ewido finds anything, it will pop up a notification. You can select "Clean" and check the boxes "Perform action with all infections" and "Create encrypted backup" before clicking on OK.

0

here is what it put in the info.txt file

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoDriveTypeAutoRun"=dword:00000095
"NoActiveDesktopChanges"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoDispBackgroundPage"=dword:00000001
"NoDispAppearancePage"=dword:00000001

0

this is what ewido found. going to kick my brothers butt.
changed my password now so he can't get on.
thanks for your help.

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 10:24:41 PM, 7/13/2005
+ Report-Checksum: 8A403A16

+ Scan result:

HKLM\SOFTWARE\Windows ServeAd -> Spyware.BlazeFind : Cleaned with backup
C:\Documents and Settings\*****\Cookies\*****@adopt.specificclick[2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\*****\Cookies\*****@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\*****\Cookies\*****@fastclick[1].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\*****\Cookies\*****@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\readme.exe -> TrojanDownloader.Delf.ks : Cleaned with backup
C:\WINNT\Downloaded Program Files\WinServAdX.dll -> Spyware.WinAD : Cleaned with backup
C:\WINNT\system32\intel32.exe -> Trojan.Small.eu : Cleaned with backup
C:\WINNT\system32\svcnt.exe -> TrojanDownloader.Delf.ks : Cleaned with backup
C:\WINNT\uninstIU.exe -> Trojan.Agent.ff : Cleaned with backup


::Report End

0

Open NotePad again, and copy the contents of the below "Quote" box:-

Windows Registry Editor Version 5.00


[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoActiveDesktopChanges"=-

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoDispBackgroundPage"=-
"NoDispAppearancePage"=-

Go to File Menu > Save As, and save the file with the name Fix.reg and exit from NotePad.

Double-click on the Fix.reg file, and choose "Yes" to merge it with Registry. After this, restart the PC. Then check whether the background tab is back or not.

0

I have been having the same problem, and have followed the same instructions. Only thing is, once I tried to import the fix registry it told me it wasnt a registry file, is there any other course of action to take to get my active desktop and web tabs back?

0

Hi,

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoActiveDesktopChanges"=-

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoDispBackgroundPage"=-
"NoDispAppearancePage"=-

I think you have Windows 98/ME. Please copy the above text, and save it as Fix.REG and follow the steps provided in my previous post.

0

It accepted the reg but it didnt fix it after the restart. Thanks for your time and help though! Appreciated!

0

Hi,
Right-click on the below provided link, and click "Save As" (or "Save Target As") and when the Save dialog box appears, click "Save" button . The file will be save with the default filename smitfraud.reg.
http://www.bleepingcomputer.com/files/reg/smitfraud.reg
Double-click on this file, and click "Yes" to merge it to Registry. Restart the PC, and check whether Desktop properties are back or not.

0

Hi,
Right-click on the below provided link, and click "Save As" (or "Save Target As") and when the Save dialog box appears, click "Save" button . The file will be save with the default filename smitfraud.reg.
http://www.bleepingcomputer.com/files/reg/smitfraud.reg
Double-click on this file, and click "Yes" to merge it to Registry. Restart the PC, and check whether Desktop properties are back or not.

:idea: :idea: :idea: :mrgreen: This worked great for me!:mrgreen: :idea: :idea: :idea:

I am running XP with SP2 and all the latest updates. Had a blue screen stating my computer was infected when I opened Internet Explorer AND a red circle with a white X in it running in the system tray in the lower right corner. When I tried to change my homepage and it would change right back.

After running the ewido trial software I was notified whenever the
virus attempted to run and was prompted to block and clean it which worked wonderfully. After restarting I blocked and cleaned all of the remaining nasty little bugs one by one as they attempted to run.

Next I ran Swatkat's smitfraud.reg fix to get my background back, restarted and to my amazement everything seems to be back to normal. Thanks a million Swatkat!

0

I'm having exactly the same problem (no desktop background tab) and would like to try Swatkat's fix, but when I click the link it goes to 404 ERROR: Page Not Found!. Swatkat, if you're reading this do you have any idea why the link no longer works?
I've followed loads of forums advice on changing the registry etc but nothing's worked so far.
Thanks in advance for your help!

:idea: :idea: :idea: :mrgreen: This worked great for me!:mrgreen: :idea: :idea: :idea:

Next I ran Swatkat's smitfraud.reg fix to get my background back, restarted and to my amazement everything seems to be back to normal. Thanks a million Swatkat!

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.