P
PA Bear [MS MVP]
Guest
Re: Desktop settings tabs disappear after virus attack.
More: http://msmvps.com/blogs/spywaresucks/archive/2008/07/24/1641982.aspx
PA Bear [MS MVP] wrote:
> The machine remains infected (i.e., ZLOB/Vundo/SDBot, all protected by a
> rootkit) and you've got a lot more work to do (unless you wipe & reload).
>
> cf.
> http://msmvps.com/blogs/harrywaldro...vice-fake-email-for-package-non-delivery.aspx
>
> Unexplained computer behavior may be caused by deceptive software
> http://support.microsoft.com/kb/827315
>
> Run a /thorough/ check for hijackware, including posting your hijackthis
> log
> to an appropriate forum.
>
> Checking for/Help with Hijackware
> http://aumha.org/a/parasite.htm
> http://aumha.org/a/quickfix.htm
> http://aumha.net/viewtopic.php?t=5878
> http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction
> http://mvps.org/winhelp2002/unwanted.htm
> http://inetexplorer.mvps.org/data/prevention.htm
> http://inetexplorer.mvps.org/tshoot.html
> http://www.mvps.org/sramesh2k/Malware_Defence.htm
> http://defendingyourmachine2.blogspot.com/
> http://www.elephantboycomputers.com/page2.html#Removing_Malware
>
> When all else fails, HijackThis v2.0.2
> (http://aumha.org/downloads/hijackthis.exe) is the preferred tool to use
> (in
> conjuction with some other utilities). HijackThis will NOT fix anything
> on
> its own, but it will help you to both identify and remove any
> hijackware/spyware with assistance from an expert. **Post your log to
> http://aumha.net/viewforum.php?f=30,
> http://forums.spybot.info/forumdisplay.php?f=22,
> http://castlecops.com/forum67.html, or other appropriate forums for review
> by an expert in such matters, not here.**
>
> If the procedures look too complex - and there is no shame in admitting
> this
> isn't your cup of tea - take the machine to a local, reputable and
> independent (i.e., not BigBoxStoreUSA or Geek Squad) computer repair shop.
>
> Maurice wrote:
>> One of my users managed to open a spoof email supposedly from UPS which
>> unleashed a trojan - some sort of fake virus warning. I managed to remove
>> the virus which has installed a .bmp file as the desktop image but then
>> managed to turn off a couple of the tabs on desktop properties.
>>
>> When you fire up desk.cpl in Control Panel there are only three tabs:
>>
>> Themes
>> Appearance
>> Settings
>>
>> two missing ones:
>> Desktop
>> ScreenSaver
>>
>> So now I can't reset desktop images or set screensaver properties.
>>
>> I looked in Local Security Policies but couldn't find anything obvious
>> there
>> and can't seem to find a config file for desk.cpl which could have been
>> altered.
>>
>> If anyone has any ideas on where to look I'd be much obliged.
>>
>>
>>
>> ps If you come across any virus writers please kill them.
>>
>> Thanks
More: http://msmvps.com/blogs/spywaresucks/archive/2008/07/24/1641982.aspx
PA Bear [MS MVP] wrote:
> The machine remains infected (i.e., ZLOB/Vundo/SDBot, all protected by a
> rootkit) and you've got a lot more work to do (unless you wipe & reload).
>
> cf.
> http://msmvps.com/blogs/harrywaldro...vice-fake-email-for-package-non-delivery.aspx
>
> Unexplained computer behavior may be caused by deceptive software
> http://support.microsoft.com/kb/827315
>
> Run a /thorough/ check for hijackware, including posting your hijackthis
> log
> to an appropriate forum.
>
> Checking for/Help with Hijackware
> http://aumha.org/a/parasite.htm
> http://aumha.org/a/quickfix.htm
> http://aumha.net/viewtopic.php?t=5878
> http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction
> http://mvps.org/winhelp2002/unwanted.htm
> http://inetexplorer.mvps.org/data/prevention.htm
> http://inetexplorer.mvps.org/tshoot.html
> http://www.mvps.org/sramesh2k/Malware_Defence.htm
> http://defendingyourmachine2.blogspot.com/
> http://www.elephantboycomputers.com/page2.html#Removing_Malware
>
> When all else fails, HijackThis v2.0.2
> (http://aumha.org/downloads/hijackthis.exe) is the preferred tool to use
> (in
> conjuction with some other utilities). HijackThis will NOT fix anything
> on
> its own, but it will help you to both identify and remove any
> hijackware/spyware with assistance from an expert. **Post your log to
> http://aumha.net/viewforum.php?f=30,
> http://forums.spybot.info/forumdisplay.php?f=22,
> http://castlecops.com/forum67.html, or other appropriate forums for review
> by an expert in such matters, not here.**
>
> If the procedures look too complex - and there is no shame in admitting
> this
> isn't your cup of tea - take the machine to a local, reputable and
> independent (i.e., not BigBoxStoreUSA or Geek Squad) computer repair shop.
>
> Maurice wrote:
>> One of my users managed to open a spoof email supposedly from UPS which
>> unleashed a trojan - some sort of fake virus warning. I managed to remove
>> the virus which has installed a .bmp file as the desktop image but then
>> managed to turn off a couple of the tabs on desktop properties.
>>
>> When you fire up desk.cpl in Control Panel there are only three tabs:
>>
>> Themes
>> Appearance
>> Settings
>>
>> two missing ones:
>> Desktop
>> ScreenSaver
>>
>> So now I can't reset desktop images or set screensaver properties.
>>
>> I looked in Local Security Policies but couldn't find anything obvious
>> there
>> and can't seem to find a config file for desk.cpl which could have been
>> altered.
>>
>> If anyone has any ideas on where to look I'd be much obliged.
>>
>>
>>
>> ps If you come across any virus writers please kill them.
>>
>> Thanks