[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Desktop Hijacked

Posted on 2006-03-22
5
Medium Priority
?
232 Views
Last Modified: 2010-04-11
My friend was playing in the internet and clicked on one of the sites and found himself stuck in something. The desktop wallpaper is replaced by a webpage saying that " the personal data successfully tracked...click to protect your privact...". And if the computer is kept idle for soem time another webpage appears saying that a spyware called desktop.hijacker.aacore.ff has been detected and gives various links to click to. I found the first webpage in the temporary folderand try deleting it , the file was called 10595491c.htm. But even though i tried to deleted it , it came back again. I have disconnected the internet. How can i get rid of it. Any suggestions. Thank you.
0
Comment
Question by:scoinzen
3 Comments
 
LVL 44

Accepted Solution

by:
zephyr_hex (Megan) earned 336 total points
ID: 16261369
i would recommend running hijackthis : http://www.majorgeeks.com/download3155.html
then put the log through the analyzer here: http://www.hijackthis.de
after the analyzer runs, you will have a button at the bottom which saves the log.  go ahead and save the log, and then post a link to the saved page here.

also, xcleaner is a very good spyware removal tool:  http://aboutyourbreakup.com/xcleaner.html  (the url and site are weird but the program is very good)
when you run it, select all of the options on the first tab.  if you are prompted to reboot, do NOT.  wait until you have completely finished the scan and then reboot.  run this program/scan in safe mode.
0
 
LVL 47

Assisted Solution

by:rpggamergirl
rpggamergirl earned 332 total points
ID: 16261908
Hi,

1. Download http://noahdfear.geekstogo.com/click%20counter/click.php?id=1
and save the file to your desktop.
Double click on the file to extract it to it's own folder on the desktop.

2. Also download, install, and update the free version of Ewido anti-malware:
http://www.ewido.net/en/download/

3. Next, please reboot your computer in Safe Mode:

Open the "smitRem" folder, then double click the "RunThis.bat" file to start the tool. Follow the prompts on screen.  Your desktop and icons will disappear and then reappear again --- this is normal.
Wait for the tool to complete and Disk Cleanup to finish --- this may take a while; please be patient.

Now open Ewido anti-malware
[*]Click on Scanner
[*]Click on Complete System Scan and the scan will begin.
[*]Save the report to your desktop
[*]Close Ewido

Next go to Start -> Control Panel, click Display -> Desktop -> Customize Desktop -> Web -> Uncheck "Security Info" if present.

Restart your computer in normal mode.

Also, post the link to your Hijackthis log as already suggested.
0
 
LVL 8

Assisted Solution

by:nepostojeci_email
nepostojeci_email earned 332 total points
ID: 16295582
-------
Step 1:
-------

First of all when you start HijackThis, click on the "Open the Misc Tools section" button.
Under "System tools", click "Open process manager" button.
You should see a list of processes currently running on your comp.
Try to kill as much as possible, avoiding svchost.exe. Those which belong to the
Windows would not be able to be terminated. So don't worry. This step is
important, because this way you are shutting down any processes that could
reverse back everything you clean up.

When you have finnished killing all possible processes, you should see in that list only
these processes (sorted by Image Name):
- csrss.exe
- explorer.exe
- HijackThis.exe
- lsass.exe
- services.exe
- smss.exe
- svchost.exe
- System
- System Idle Process
- winlogon.exe
and only "svchost.exe" should be repeated several times.

If you suddenly kill explorer.exe all of the icons from desktop will dissapear, and
your TaskBar will be gone too, but that's not a big deal. Just press Ctrl+Alt+Del,
and Task Manager will pop up, then go to: "File -> New Task (Run...)" and type
"explorer" and click the "Open" button. That will restore your desktop back.

AFTER, and only after you have killed all the other processes, you can start the
next step. If you fail to kill all of the processes (except the above), the chance
of success is somehow lowered.


-------
Step 2:
-------

If HijackThis is started, close it and start it again. Click on the
"Do a system scan only" button, and then select the following items:



Now, click the "Fix checked" button (if any Windows Explorer or Internet Explorer
windows are open, close them before fixing). After the fixing has been done,
reboot your computer. When computer reboots, open HijackThis, click on the
"Do a system scan and save a logfile". Save the log to the Desktop, then connect
to the internet and upload your log to www.hijackthis.de and when you do that,
you should see a link to your log, after successful upload. Copy that link here
for further check to make sure everything went ok.

Greetings.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Tech spooks aren't just for those who are tech savvy, it also happens to those of us running a business. Check out the top tech spooks for business owners.
Let's take a look into the basics of ransomware—how it spreads, how it can hurt us, and why a disaster recovery plan is important.
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…

872 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question