Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

Author Topic: Bad, bad Malware - "Desktop Hijacker About Your Privacy.  (Read 13901 times)

0 Members and 1 Guest are viewing this topic.

wilmsp

    Topic Starter


    Beginner

    Re: Bad, bad Malware - "Desktop Hijacker About Your Privacy.
    « Reply #15 on: March 15, 2008, 02:37:45 PM »
    I am now downloading Smitfraudfix.  I should mention though that otmoveit.exe seems to be a dead link, taking me only to "Problem loading page..." plus the same for "Spybot Searchand Destroy"

    evilfantasy

    • Malware Removal Specialist
    • Moderator


    • Genius
    • Calm like a bomb
    • Thanked: 489
    • Experience: Familiar
    • OS: Windows 10
    Re: Bad, bad Malware - "Desktop Hijacker About Your Privacy.
    « Reply #16 on: March 15, 2008, 02:41:47 PM »
    All links fixed.

    wilmsp

      Topic Starter


      Beginner

      Re: Bad, bad Malware - "Desktop Hijacker About Your Privacy.
      « Reply #17 on: March 15, 2008, 03:33:38 PM »

      Uh - as far as I can tell, they are all dead links.  Tried 'em all - I remain in idle.

      Bill  By the way, I downloaded SmitFraudFix and can't seem to open it.  The icon is there but it doesn't go anywhere.  It toes to a "message" stating "Process exe file missing."

      Bill.

      evilfantasy

      • Malware Removal Specialist
      • Moderator


      • Genius
      • Calm like a bomb
      • Thanked: 489
      • Experience: Familiar
      • OS: Windows 10
      Re: Bad, bad Malware - "Desktop Hijacker About Your Privacy.
      « Reply #18 on: March 15, 2008, 03:57:10 PM »
      I just now opened each link.

      Lets try this instead of smitfraudfix Bill, I'm Kevin.

      Please download Malwarebytes' Anti-Malware (MBAM) to your desktop from either of these two links.
      • Double-click mbam-setup.exe and follow the prompts to install the program.
      • At the end, be sure a checkmark is placed next to
        • Update Malwarebytes' Anti-Malware
        • Launch Malwarebytes' Anti-Malware
        • Click Finish.
        • If an update is found, it will download and install the latest version.
        • Once the program has loaded, select Perform full scan, then click Scan.
        • When the scan is complete, click OK, then Show Results to view the results.
        • Be sure that everything is checked, and click Remove Selected.
        • When completed, a log will open in Notepad.
        • Please  copy and paste the log into your next reply
          • If you accidently close it, the log file is saved here and will be named like this:
          • C:\Documents and Settings\Username\Application Data\\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

        wilmsp

          Topic Starter


          Beginner

          Re: Bad, bad Malware - "Desktop Hijacker About Your Privacy.
          « Reply #19 on: March 15, 2008, 05:07:17 PM »
          I ran MBAM and it did a nice job - extensive.  However, I still have that pesky and very questionable icon which returns.  I think now I will [and you too Kevin] leave things to at least tomorrow afternoon, if not maybe Monday even.  I will repost on this thread then, but meanwhile thanks ever so much for your assistance so far.  Here's the MBAM report and which I deleted all of.

          Malwarebytes' Anti-Malware 1.08
          Database version: 471

          Scan type: Full Scan (C:\|)
          Objects scanned: 59742
          Time elapsed: 13 minute(s), 18 second(s)

          Memory Processes Infected: 0
          Memory Modules Infected: 0
          Registry Keys Infected: 6
          Registry Values Infected: 0
          Registry Data Items Infected: 0
          Folders Infected: 11
          Files Infected: 32

          Memory Processes Infected:
          (No malicious items detected)

          Memory Modules Infected:
          (No malicious items detected)

          Registry Keys Infected:
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\the weather channel desktop (Adware.Hotbar) -> Quarantined and deleted successfully.
          HKEY_CURRENT_USER\Software\AdwareAlert (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
          HKEY_LOCAL_MACHINE\SOFTWARE\Classes\etlrlws.brxd (Trojan.FakeAlert) -> Quarantined and deleted successfully.
          HKEY_LOCAL_MACHINE\SOFTWARE\Classes\etlrlws.ToolBar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
          HKEY_CURRENT_USER\Software\Sammsoft (Rogue.Advanced.Registry.Optimizer) -> Quarantined and deleted successfully.
          HKEY_CURRENT_USER\Software\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.

          Registry Values Infected:
          (No malicious items detected)

          Registry Data Items Infected:
          (No malicious items detected)

          Folders Infected:
          C:\Documents and Settings\All Users\Start Menu\Programs\Advanced Registry Optimizer (Rogue.Advanced.Registry.Optimizer) -> Quarantined and deleted successfully.
          C:\Program Files\Advanced Registry Optimizer (Rogue.Advanced.Registry.Optimizer) -> Quarantined and deleted successfully.
          C:\Program Files\The Weather Channel FW (Adware.Hotbar) -> Quarantined and deleted successfully.
          C:\Program Files\The Weather Channel FW\Desktop Weather (Adware.Hotbar) -> Quarantined and deleted successfully.
          C:\Documents and Settings\Owner\Application Data\AdwareAlert (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
          C:\Documents and Settings\Owner\Application Data\AdwareAlert\Log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
          C:\Documents and Settings\Owner\Application Data\AdwareAlert\Settings (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
          C:\Documents and Settings\Owner\Application Data\Sammsoft (Rogue.Advanced.Registry.Optimizer) -> Quarantined and deleted successfully.
          C:\Documents and Settings\Owner\Application Data\Sammsoft\Advanced Registry Optimizer (Rogue.Advanced.Registry.Optimizer) -> Quarantined and deleted successfully.
          C:\Documents and Settings\Owner\Application Data\Sammsoft\Advanced Registry Optimizer\Version 50 (Rogue.Advanced.Registry.Optimizer) -> Quarantined and deleted successfully.
          C:\Documents and Settings\Owner\Application Data\Sammsoft\Advanced Registry Optimizer\Version 50\Partial Backups (Rogue.Advanced.Registry.Optimizer) -> Quarantined and deleted successfully.

          Files Infected:
          C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
          C:\System Volume Information\_restore{633899DE-AE4D-4DF3-AA36-7E143BF52292}\RP28\A0002279.exe (Rogue.BugDoctor) -> Quarantined and deleted successfully.
          C:\Documents and Settings\All Users\Start Menu\Programs\Advanced Registry Optimizer\Advanced Registry Optimizer.lnk (Rogue.Advanced.Registry.Optimizer) -> Quarantined and deleted successfully.
          C:\Documents and Settings\All Users\Start Menu\Programs\Advanced Registry Optimizer\Uninstall Advanced Registry Optimizer.lnk (Rogue.Advanced.Registry.Optimizer) -> Quarantined and deleted successfully.
          C:\Program Files\Advanced Registry Optimizer\ARO.chm (Rogue.Advanced.Registry.Optimizer) -> Quarantined and deleted successfully.
          C:\Program Files\Advanced Registry Optimizer\ARO.exe (Rogue.Advanced.Registry.Optimizer) -> Quarantined and deleted successfully.
          C:\Program Files\Advanced Registry Optimizer\AROSS.dll (Rogue.Advanced.Registry.Optimizer) -> Quarantined and deleted successfully.
          C:\Program Files\Advanced Registry Optimizer\CheckForV4.dll (Rogue.Advanced.Registry.Optimizer) -> Quarantined and deleted successfully.
          C:\Program Files\Advanced Registry Optimizer\CleanSchedule.exe (Rogue.Advanced.Registry.Optimizer) -> Quarantined and deleted successfully.
          C:\Program Files\Advanced Registry Optimizer\EmailAddressCapture.hta (Rogue.Advanced.Registry.Optimizer) -> Quarantined and deleted successfully.
          C:\Program Files\Advanced Registry Optimizer\NoSpam.jpg (Rogue.Advanced.Registry.Optimizer) -> Quarantined and deleted successfully.
          C:\Program Files\Advanced Registry Optimizer\RCBanner.jpg (Rogue.Advanced.Registry.Optimizer) -> Quarantined and deleted successfully.
          C:\Program Files\Advanced Registry Optimizer\soref.dll (Rogue.Advanced.Registry.Optimizer) -> Quarantined and deleted successfully.
          C:\Program Files\Advanced Registry Optimizer\unins000.dat (Rogue.Advanced.Registry.Optimizer) -> Quarantined and deleted successfully.
          C:\Program Files\Advanced Registry Optimizer\unins000.exe (Rogue.Advanced.Registry.Optimizer) -> Quarantined and deleted successfully.
          C:\Program Files\Advanced Registry Optimizer\uninstall.hta (Rogue.Advanced.Registry.Optimizer) -> Quarantined and deleted successfully.
          C:\Program Files\The Weather Channel FW\Desktop Weather\eula.html (Adware.Hotbar) -> Quarantined and deleted successfully.
          C:\Program Files\The Weather Channel FW\Desktop Weather\INSTALL.LOG (Adware.Hotbar) -> Quarantined and deleted successfully.
          C:\Program Files\The Weather Channel FW\Desktop Weather\TheWeatherChannelCustomUninstall.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
          C:\Program Files\The Weather Channel FW\Desktop Weather\uninstall.bat (Adware.Hotbar) -> Quarantined and deleted successfully.
          C:\Program Files\The Weather Channel FW\Desktop Weather\UNWISE.EXE (Adware.Hotbar) -> Quarantined and deleted successfully.
          C:\Documents and Settings\Owner\Application Data\AdwareAlert\rs.dat (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
          C:\Documents and Settings\Owner\Application Data\AdwareAlert\Log\2008 Jan 01 - 05_38_05 PM_218.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
          C:\Documents and Settings\Owner\Application Data\AdwareAlert\Log\2008 Jan 01 - 05_38_08 PM_515.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
          C:\Documents and Settings\Owner\Application Data\AdwareAlert\Settings\ScanResults.pie (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
          C:\Documents and Settings\Owner\Application Data\Sammsoft\Advanced Registry Optimizer\Version 50\1204819820.reg (Rogue.Advanced.Registry.Optimizer) -> Quarantined and deleted successfully.
          C:\Documents and Settings\Owner\Application Data\Sammsoft\Advanced Registry Optimizer\Version 50\backup.bin (Rogue.Advanced.Registry.Optimizer) -> Quarantined and deleted successfully.
          C:\Documents and Settings\Owner\Application Data\Sammsoft\Advanced Registry Optimizer\Version 50\ExcludeList.aro (Rogue.Advanced.Registry.Optimizer) -> Quarantined and deleted successfully.
          C:\Documents and Settings\Owner\Application Data\Sammsoft\Advanced Registry Optimizer\Version 50\results.aro (Rogue.Advanced.Registry.Optimizer) -> Quarantined and deleted successfully.
          C:\Documents and Settings\Owner\Application Data\Sammsoft\Advanced Registry Optimizer\Version 50\Partial Backups\00000001.rmb (Rogue.Advanced.Registry.Optimizer) -> Quarantined and deleted successfully.
          C:\Documents and Settings\Owner\Application Data\Sammsoft\Advanced Registry Optimizer\Version 50\Partial Backups\00000001.rmi (Rogue.Advanced.Registry.Optimizer) -> Quarantined and deleted successfully.
          C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Check PC For Errors.lnk (Rogue.Link) -> Quarantined and deleted successfully.



          evilfantasy

          • Malware Removal Specialist
          • Moderator


          • Genius
          • Calm like a bomb
          • Thanked: 489
          • Experience: Familiar
          • OS: Windows 10
          Re: Bad, bad Malware - "Desktop Hijacker About Your Privacy.
          « Reply #20 on: March 15, 2008, 05:14:07 PM »
          Try restarting the computer in safe mode and deleting it.

           Also try this if safe mode doesn't work.

          Go to start -> control panel -> Display properties -> Desktop -> Customize Desktop... -> Web tab, then uncheck and delete everything you find in there (except for "My current home page"),

          Also remove the checkmark from the the Lock Desktop Items box if it is checked.
          Apply.
          Apply and Exit Display properties.

          wilmsp

            Topic Starter


            Beginner

            Re: Bad, bad Malware - "Desktop Hijacker About Your Privacy.
            « Reply #21 on: March 15, 2008, 06:53:16 PM »
            As the cliche goes - "Been there, did that" and couldn't find the blame thing, but it wasn't on normal desktop when I rebooted back to it.  If it shows up tomorrow, I will follows the above routine again.  I have kept you long enough - mucho gracias from Buckhorn, ON and I will likely touch base with this thread Monday, so have a really good weekend - or what's left of it.

            Thanks,
            Bill S.

            evilfantasy

            • Malware Removal Specialist
            • Moderator


            • Genius
            • Calm like a bomb
            • Thanked: 489
            • Experience: Familiar
            • OS: Windows 10
            Re: Bad, bad Malware - "Desktop Hijacker About Your Privacy.
            « Reply #22 on: March 15, 2008, 08:47:46 PM »
            Hopefully it stays gone.....

            You have a good weekend as well.

            wilmsp

              Topic Starter


              Beginner

              Re: Bad, bad Malware - "Desktop Hijacker About Your Privacy.
              « Reply #23 on: March 18, 2008, 07:30:52 AM »

              Good Morning:

              All seems well - even the mysterious icon I mentioned is now gone.  I will now download a couple of the "stay-clean' programs you mentioned.

              Thanks so much for all your help!

              Bill S.

              evilfantasy

              • Malware Removal Specialist
              • Moderator


              • Genius
              • Calm like a bomb
              • Thanked: 489
              • Experience: Familiar
              • OS: Windows 10
              Re: Bad, bad Malware - "Desktop Hijacker About Your Privacy.
              « Reply #24 on: March 18, 2008, 10:05:05 AM »
              Sounds good.

              Safe surfing....