Trojan/Spy-ware Virus

Redmeda · Post by **Redmeda** » Thu Dec 15, 2005 2:29 pm

I was just wondering how many people have got this Virus before.

It changes your background to a Banner which says "Your Computer Is Infected With Spy-ware"

Then it tries to get you to accept and activate an anti-virus/spy-ware program which is part of the Virus.

But, the virus then disables your background Settings Not allowing you to change it, to remove the Banner.

And it also Sometimes changes your Home Webpage to a Spy-ware Downloading Page.

I was wondering if anyone has Successfully Removed this virus and if so, Could you give me a hang on this?.. it would be appriciated

Thanks,
Cody

Karchiveur · Post by **Karchiveur** » Thu Dec 15, 2005 5:13 pm

I told you what to do already...

Redmeda · Post by **Redmeda** » Thu Dec 15, 2005 5:20 pm

Well.. you also said, you would come over and do it for me

so... ha!.. i did get rid of all of it accept the background is locked i can't change it.. its just a black screen now.. i got the banner off.. that ewido security suite... worked beautifully..

thanks bud. but i still need the background unlocked.. lol Help?

123cool · Post by **123cool** » Thu Dec 15, 2005 6:19 pm

it doesnt happen to show a little white x in a red circle in the taskbar does it? i have a bit off spyware doing it right now keep uninstalling it but it comes back when i run CS: S or uTorrent... it did manage to change my background at one point but i have that many apps stopping that stuff it only shows up in the taskbar seemingly doing nothing...ive uninstalled it several times using all the norm progs like spybot, MS antispyware, ad-adware etc but it seems to come up when i run the progs listed above.

i looked it up its meant to change my webpage and desktop but like i say all the progs i have stop that stuff so it hasnt and i doubt its sending out any info with my firewall and software protection just annoying me seeing it in the taskbar. first bit of spyware ive had in the last yr or so.

Post by **FlyingPenguin** » Thu Dec 15, 2005 6:20 pm

That's a Smitfraud trojan. Even a full spyware cleaning like the procedure in my Blog won't fix the hijaack of Active Desktop.

This tool removes it though: http://forums.majorgeeks.com/showthread.php?t=74265

I'd do a full spyware cleaning afterwards since Smitfraud allows other crap in. Refer to my spyware removal instructions here: http://theflyingpenguin.com/spyware-removal.shtml

Hope this helps...

impuresoul2k3 · Post by **impuresoul2k3** » Thu Dec 15, 2005 6:46 pm

FP, isn't it just a webpage that's been set as the wallpaper? If you go to Control Panel, Display, Dekstop, click customize desktop, and then go to the "Web" tab, I believe you can delete it...I think...correct me if I'm wrong.

Post by **FlyingPenguin** » Thu Dec 15, 2005 10:25 pm

I've run into several of these impure. You can't disable the active desktop wallpaper. If you go to display properties some of the tabs are missing to prevent you from disabling it. Very insidious.

If it wasn't for the SmitFraud remover tool, you'd have to do a format.

Redmeda · Post by **Redmeda** » Fri Dec 16, 2005 1:04 am

I don't think i would have to format my computer to get rid of it, because i do know of people that have got rid of it, but im not at my place right now at the moment so ill have to get back at you with that "Web Tab" option impuresoul2k3.

It is not a webpage set as a background i did have one of thoughs Virus's before and no, it is not. and no there isn't any "X" buttons hidden anywhere, i have the "Your Computer Is Infected With Spy-ware!" Off at the moment but now its just a black background, and i can not set pictures as background either i tried to just side click a picture and set as background but that did not work.

Thanks for your help so far guys.

impuresoul2k3 · Post by **impuresoul2k3** » Fri Dec 16, 2005 7:25 am

That is some nasty virus then, never had that one.

wvjohn · Post by **wvjohn** » Fri Dec 16, 2005 8:12 am

ran into the m64player.exe on my wife's computer - norton said it was a trojan but couldn't delete it......booted up in safe....when I went to check add/remove programs that one and 2 otheres were listed .... I went to uninstall them...and the requested "copy these numbers - showed a screen like online registration "2Zc45" before I could run install...did that for all three, and of course that didn't uninstall them but at least norton was able to quarantine them in safe mode....sigh

Post by **FlyingPenguin** » Fri Dec 16, 2005 9:10 am

Red, that black background is an Active Desktop web page. That's why you can't turn it off or change the background.

Smitfraud is bad. I can manually remove it to BUT it alters literally HUNDREDS of registry settings that you'd neve be able to restore completely without the removal tool. Nasty stuff.

Redmeda · Post by **Redmeda** » Sat Dec 17, 2005 9:11 pm

So FP, You do know how to remove this program off my computer.... but it would take awhile to do it?.. Do you think it would just be better to format my computer once again?.. lol i just did that not to long ago, luckily i didn't put to much stuff on it yet.

Post by **FlyingPenguin** » Sat Dec 17, 2005 11:23 pm

I recommend using the SmitRem removal tool I posted above. That should get rid of it if it's a SmitFraud trojan which it does sound like.

PCA Forums

Trojan/Spy-ware Virus

Trojan/Spy-ware Virus

and another one