Avatar of james7707
james7707 asked on

Desktop background is white

I recently tried to remove a virus/spyware that was directing me to the site ucleaner and opening multiple windows, it also set background for me on my desktop to white.

Getting current message when rebooting:

Cannot find:///C:/Windows/Privacy-danger?index.htm.  Make sure the path or internet address is correct.

Running XP Pro single user.

Attach is the Hijack file for your reference.




hijackthisCurrent.log
Anti-Virus Apps

Avatar of undefined
Last Comment
rpggamergirl

8/22/2022 - Mon
rpggamergirl

Your hijackthis.exe it seems not the latest version as it's not showing the 024 lines, you would've to just fix the "desktop component" entry below and the error loading will go away and desktop won't be white.
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm


For the white desktop, you can do this instead:
Click "Start", "Settings", and then click "Control Panel". Open the "Display" applet.
Click on "Desktop", "Customise Display..." and "Web".
In the box under "Web pages", select all the checkboxes and click "Delete".


Also run Combofix as other bad files are showing in the log also.
Please download ComboFix by sUBs:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

You must download it to and run it from your Desktop
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log and attach it in your next reply along with a fresh HJT log
Re-enable all the programs that were disabled during the running of ComboFix..


Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
rpggamergirl

Besides vundo and others , there is also an RBot entry showing in your log file --> O4 - HKLM\..\Run: [DelayLoad] C:\Temp\msprint.exe

So, running an SDFix before combofix might be a good idea.

Download SDFix and save it to your desktop.(either one below)
http://downloads.andymanchesta.com/RemovalTools/SDFix.zip
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :

* Restart your computer
* After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
*  Instead of Windows loading as normal, a menu with options should appear;
*  Select the first option, to run Windows in Safe Mode, then press "Enter".
*  Choose your usual account.

*  Open the extracted folder and double click "RunThis.bat" to start the script.
*  Type "Y" to begin the script.
*  It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
*  Press any Key and it will restart the PC.
*  Your system will take longer that normal to restart as the fixtool will be running and removing files.
*  When the desktop loads the Fixtool will complete the removal and display "Finished", then press any key to end the script and load your desktop icons.
*  Finally open the SDFix folder on your desktop and copy and attach the contents of the results file "Report.txt" back

ASKER
james7707

Appears to be back to normal.  Desktop is back however I believe text heading under icons is larger than normal but not sure.  Ran virus detecter, Avast and AVG Spyware no issues.

Here is most current logs you requested.  For some reason RE: Hijackthis not able to find most current
version since only show 23 lines rather than 24 as you stated above.
hijackthis.log52908.txt
ComboFixlog.txt
report.txt
This is the best money I have ever spent. I cannot not tell you how many times these folks have saved my bacon. I learn so much from the contributors.
rwheeler23
rpggamergirl

Thanks for the logs.

Do you recognize all the programs listed in Combofix? I haven't checked them yet, expecially those screensaver files(.scr) i.e.BlueAngel, crusade.scr you know them?
C:\WINDOWS\system32\Tools <-- did you created this folder?

Have you uninstalled some programs like below? just curious.
Messenger
Eyeball


The link below is HijackThis v2.0.2
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

023 entry will only show if you've configured your desktop component or if a hijacker hijacks it. In your case this entry below would've shown, and fixing that entry would've fixed the error "Cannot find:///C:/Windows/Privacy-danger?index.htm"
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm
ASKER
james7707

Do you recognize all the programs listed in Combofix? I haven't checked them yet, expecially those screensaver files(.scr) i.e.BlueAngel - Y

crusade.scr you know them -  Don't recognize this one.
C:\WINDOWS\system32\Tools <-- did you created this folder -  No

Have you uninstalled some programs like below? just curious.
Messenger - Y
Eyeball - Y


The link below is HijackThis v2.0.2
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

023 entry will only show if you've configured your desktop component or if a hijacker hijacks it. In your case this entry below would've shown, and fixing that entry would've fixed the error "Cannot find:///C:/Windows/Privacy-danger?index.htm"
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

This error message has been eliminated!

Only other issue is some of the text on right column of ExpertsExchange is overlapping and shown in large TEXT....wasn't like this before..other website pages are fine so not why this website would be different?

Will try refreshing and google to see if this works.

Thanks for your time!

BTW here is latest HIjack file using current version you noted.


hijackthis.log52908R.txt
rpggamergirl

With the EE overlapping large text; I can create the same problem when I switched to Premium skin if I adjust the text size.
In IE > View > Text size
try adjusting it to medium, smaller or small.

Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
ASKER CERTIFIED SOLUTION
rpggamergirl

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
See how we're fighting big data
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
ASKER
james7707

Thanks RPGGameGirl for your help!
rpggamergirl

No problem.

Thanks!