Desktop Hijacked

My friend was playing in the internet and clicked on one of the sites and found himself stuck in something. The desktop wallpaper is replaced by a webpage saying that " the personal data successfully to protect your privact...". And if the computer is kept idle for soem time another webpage appears saying that a spyware called desktop.hijacker.aacore.ff has been detected and gives various links to click to. I found the first webpage in the temporary folderand try deleting it , the file was called 10595491c.htm. But even though i tried to deleted it , it came back again. I have disconnected the internet. How can i get rid of it. Any suggestions. Thank you.
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

zephyr_hex (Megan)DeveloperCommented:
i would recommend running hijackthis :
then put the log through the analyzer here:
after the analyzer runs, you will have a button at the bottom which saves the log.  go ahead and save the log, and then post a link to the saved page here.

also, xcleaner is a very good spyware removal tool:  (the url and site are weird but the program is very good)
when you run it, select all of the options on the first tab.  if you are prompted to reboot, do NOT.  wait until you have completely finished the scan and then reboot.  run this program/scan in safe mode.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial

1. Download
and save the file to your desktop.
Double click on the file to extract it to it's own folder on the desktop.

2. Also download, install, and update the free version of Ewido anti-malware:

3. Next, please reboot your computer in Safe Mode:

Open the "smitRem" folder, then double click the "RunThis.bat" file to start the tool. Follow the prompts on screen.  Your desktop and icons will disappear and then reappear again --- this is normal.
Wait for the tool to complete and Disk Cleanup to finish --- this may take a while; please be patient.

Now open Ewido anti-malware
[*]Click on Scanner
[*]Click on Complete System Scan and the scan will begin.
[*]Save the report to your desktop
[*]Close Ewido

Next go to Start -> Control Panel, click Display -> Desktop -> Customize Desktop -> Web -> Uncheck "Security Info" if present.

Restart your computer in normal mode.

Also, post the link to your Hijackthis log as already suggested.
Step 1:

First of all when you start HijackThis, click on the "Open the Misc Tools section" button.
Under "System tools", click "Open process manager" button.
You should see a list of processes currently running on your comp.
Try to kill as much as possible, avoiding svchost.exe. Those which belong to the
Windows would not be able to be terminated. So don't worry. This step is
important, because this way you are shutting down any processes that could
reverse back everything you clean up.

When you have finnished killing all possible processes, you should see in that list only
these processes (sorted by Image Name):
- csrss.exe
- explorer.exe
- HijackThis.exe
- lsass.exe
- services.exe
- smss.exe
- svchost.exe
- System
- System Idle Process
- winlogon.exe
and only "svchost.exe" should be repeated several times.

If you suddenly kill explorer.exe all of the icons from desktop will dissapear, and
your TaskBar will be gone too, but that's not a big deal. Just press Ctrl+Alt+Del,
and Task Manager will pop up, then go to: "File -> New Task (Run...)" and type
"explorer" and click the "Open" button. That will restore your desktop back.

AFTER, and only after you have killed all the other processes, you can start the
next step. If you fail to kill all of the processes (except the above), the chance
of success is somehow lowered.

Step 2:

If HijackThis is started, close it and start it again. Click on the
"Do a system scan only" button, and then select the following items:

Now, click the "Fix checked" button (if any Windows Explorer or Internet Explorer
windows are open, close them before fixing). After the fixing has been done,
reboot your computer. When computer reboots, open HijackThis, click on the
"Do a system scan and save a logfile". Save the log to the Desktop, then connect
to the internet and upload your log to and when you do that,
you should see a link to your log, after successful upload. Copy that link here
for further check to make sure everything went ok.

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.