Desktop Hijacked

Posted on 2006-03-22
Last Modified: 2010-04-11
My friend was playing in the internet and clicked on one of the sites and found himself stuck in something. The desktop wallpaper is replaced by a webpage saying that " the personal data successfully to protect your privact...". And if the computer is kept idle for soem time another webpage appears saying that a spyware called desktop.hijacker.aacore.ff has been detected and gives various links to click to. I found the first webpage in the temporary folderand try deleting it , the file was called 10595491c.htm. But even though i tried to deleted it , it came back again. I have disconnected the internet. How can i get rid of it. Any suggestions. Thank you.
Question by:scoinzen
    LVL 42

    Accepted Solution

    i would recommend running hijackthis :
    then put the log through the analyzer here:
    after the analyzer runs, you will have a button at the bottom which saves the log.  go ahead and save the log, and then post a link to the saved page here.

    also, xcleaner is a very good spyware removal tool:  (the url and site are weird but the program is very good)
    when you run it, select all of the options on the first tab.  if you are prompted to reboot, do NOT.  wait until you have completely finished the scan and then reboot.  run this program/scan in safe mode.
    LVL 47

    Assisted Solution


    1. Download
    and save the file to your desktop.
    Double click on the file to extract it to it's own folder on the desktop.

    2. Also download, install, and update the free version of Ewido anti-malware:

    3. Next, please reboot your computer in Safe Mode:

    Open the "smitRem" folder, then double click the "RunThis.bat" file to start the tool. Follow the prompts on screen.  Your desktop and icons will disappear and then reappear again --- this is normal.
    Wait for the tool to complete and Disk Cleanup to finish --- this may take a while; please be patient.

    Now open Ewido anti-malware
    [*]Click on Scanner
    [*]Click on Complete System Scan and the scan will begin.
    [*]Save the report to your desktop
    [*]Close Ewido

    Next go to Start -> Control Panel, click Display -> Desktop -> Customize Desktop -> Web -> Uncheck "Security Info" if present.

    Restart your computer in normal mode.

    Also, post the link to your Hijackthis log as already suggested.
    LVL 8

    Assisted Solution

    Step 1:

    First of all when you start HijackThis, click on the "Open the Misc Tools section" button.
    Under "System tools", click "Open process manager" button.
    You should see a list of processes currently running on your comp.
    Try to kill as much as possible, avoiding svchost.exe. Those which belong to the
    Windows would not be able to be terminated. So don't worry. This step is
    important, because this way you are shutting down any processes that could
    reverse back everything you clean up.

    When you have finnished killing all possible processes, you should see in that list only
    these processes (sorted by Image Name):
    - csrss.exe
    - explorer.exe
    - HijackThis.exe
    - lsass.exe
    - services.exe
    - smss.exe
    - svchost.exe
    - System
    - System Idle Process
    - winlogon.exe
    and only "svchost.exe" should be repeated several times.

    If you suddenly kill explorer.exe all of the icons from desktop will dissapear, and
    your TaskBar will be gone too, but that's not a big deal. Just press Ctrl+Alt+Del,
    and Task Manager will pop up, then go to: "File -> New Task (Run...)" and type
    "explorer" and click the "Open" button. That will restore your desktop back.

    AFTER, and only after you have killed all the other processes, you can start the
    next step. If you fail to kill all of the processes (except the above), the chance
    of success is somehow lowered.

    Step 2:

    If HijackThis is started, close it and start it again. Click on the
    "Do a system scan only" button, and then select the following items:

    Now, click the "Fix checked" button (if any Windows Explorer or Internet Explorer
    windows are open, close them before fixing). After the fixing has been done,
    reboot your computer. When computer reboots, open HijackThis, click on the
    "Do a system scan and save a logfile". Save the log to the Desktop, then connect
    to the internet and upload your log to and when you do that,
    you should see a link to your log, after successful upload. Copy that link here
    for further check to make sure everything went ok.


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    IT, Stop Being Called Into Every Meeting

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    Don’t let your business fall victim to the coming apocalypse – use our Survival Guide for the Fax Apocalypse to identify the risks and signs of zombie fax activities at your business.
    Container Orchestration platforms empower organizations to scale their apps at an exceptional rate. This is the reason numerous innovation-driven companies are moving apps to an appropriated datacenter wide platform that empowers them to scale at a …
    how to add IIS SMTP to handle application/Scanner relays into office 365.
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…

    761 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    11 Experts available now in Live!

    Get 1:1 Help Now