Link to home
Create AccountLog in
Avatar of brsprin
brsprin

asked on

Desktop properties disabled after spyware infection clean up.

I have a Dell dimension 4600 desktop that was infected with some sort of desktop hijacking spyware. I removed the HD and booted into an alternate OS (windows 2000 pro) in my test machine. I then proceeded to run scans with my MSRTs and the machine seems to be cleared of any infections. I also ran smitfraudfix.exe which gave me access to the desktop again.  The only lingering problem I have is that I cannot change the desktop properties. The background selection window is "greyed-out" as is the "browse" button. My hijack this log looks clear, so I believe the problem is damage cuased by the infection that wasn't repaired by removal. I've attempted to create a new administrator account, but no user can access the desktop properties. Any tips or ideas are appreciated. I can also post a hijack this log if needed.
Avatar of TheMetrix
TheMetrix
Flag of United States of America image

ASKER CERTIFIED SOLUTION
Avatar of IndiGenus
IndiGenus
Flag of United States of America image

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
I fixed the same issue for a friend last week. combination of a couple of things did it for me. Firstly, removing some registry entries (disclaimer - read the whole thing before deleting anything!! do not, I repeat do not delete the keys listed below - just the entry suggested on the next line!!!!! Screwing your registry can cause you to have a seriously bad day!!) -

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System

Look in the right pane for a value called Wallpaper.  If it exists, right click it and select Delete.

and then a full scan with Spybot S&D ; if you dont have it already get it from
http://www.safer-networking.org/en/spybotsd/index.html

Im trying to remember the particular nasty... I think it might have been called spysir ?
Avatar of orangutang
orangutang

Avatar of brsprin

ASKER

Im sorry for the delayed response, I've been out of the office due to inclement weather. I will attempt everyone's solutions and respond accordingly.
Avatar of brsprin

ASKER

SDfix worked for me. Thank you Indigenus. Ive attched the sdfix log and an updated hijack this log. My only lingering problem is that I cannot access the Device manager through control panel or the "My Computer" properties. If I need to post a new question concerning access to the device manager I will do so. Thanks again. If i don't get a response within a few hours, I'll accept Indigenus's solution and post a new question. Thank you all.
Report.txt
hijackthis.log
What error do you get when you go to start, run, type devmgmt.msc <hit enter>?
Avatar of brsprin

ASKER

Thank you for the quick response. I get no error message, the device manager windows will open it just wont display the device list. The window is blank.
SOLUTION
Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Avatar of brsprin

ASKER

Thank you And235100, Plug and play was disabled. I will accept multiple solutions, raise the point value of the post and split accordingly. I appreciate everyones help.
Hi,
Thanks for the points. From you latest HJT log...this BHO can be fixed with HijackThis. The file appears to be gone.

O2 - BHO: (no name) - {BE053E52-2CA4-488E-BC0F-28A848802E74} - C:\WINDOWS\system32\cscdl.dll (file missing)

Also, looks like you have no Antivirus or Antispyware software on there. Did you have Norton/Symantec at one point? Looks like it...I would recommend looking into that before too long.

Good luck,
Dave