Bad, bad Malware - "Desktop Hijacker About Your Privacy.

[wilmsp]

I am now downloading Smitfraudfix.  I should mention though that otmoveit.exe seems to be a dead link, taking me only to "Problem loading page..." plus the same for "Spybot Searchand Destroy"

[evilfantasy]

All links fixed.

[wilmsp]

Uh - as far as I can tell, they are all dead links.  Tried 'em all - I remain in idle.

Bill  By the way, I downloaded SmitFraudFix and can't seem to open it.  The icon is there but it doesn't go anywhere.  It toes to a "message" stating "Process exe file missing."

Bill.

[evilfantasy]

I just now opened each link.

Lets try this instead of smitfraudfix Bill, I'm Kevin.

Please download Malwarebytes' Anti-Malware (MBAM) to your desktop from either of these two links.

• Link 1
  
• Link 2

• Double-click mbam-setup.exe and follow the prompts to install the program.
  
• At the end, be sure a checkmark is placed next to
• Update Malwarebytes' Anti-Malware
  
• Launch Malwarebytes' Anti-Malware

• Click Finish.
  
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform full scan, then click Scan.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Be sure that everything is checked, and click Remove Selected.
  
• When completed, a log will open in Notepad.
• Please  copy and paste the log into your next reply
  • If you accidently close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

[wilmsp]

I ran MBAM and it did a nice job - extensive.  However, I still have that pesky and very questionable icon which returns.  I think now I will [and you too Kevin] leave things to at least tomorrow afternoon, if not maybe Monday even.  I will repost on this thread then, but meanwhile thanks ever so much for your assistance so far.  Here's the MBAM report and which I deleted all of.

Malwarebytes' Anti-Malware 1.08
Database version: 471

Scan type: Full Scan (C:\|)
Objects scanned: 59742
Time elapsed: 13 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 11
Files Infected: 32

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\the weather channel desktop (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\AdwareAlert (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\etlrlws.brxd (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\etlrlws.ToolBar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Sammsoft (Rogue.Advanced.Registry.Optimizer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\All Users\Start Menu\Programs\Advanced Registry Optimizer (Rogue.Advanced.Registry.Optimizer) -> Quarantined and deleted successfully.
C:\Program Files\Advanced Registry Optimizer (Rogue.Advanced.Registry.Optimizer) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\AdwareAlert (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\AdwareAlert\Log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\AdwareAlert\Settings (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Sammsoft (Rogue.Advanced.Registry.Optimizer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Sammsoft\Advanced Registry Optimizer (Rogue.Advanced.Registry.Optimizer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Sammsoft\Advanced Registry Optimizer\Version 50 (Rogue.Advanced.Registry.Optimizer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Sammsoft\Advanced Registry Optimizer\Version 50\Partial Backups (Rogue.Advanced.Registry.Optimizer) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{633899DE-AE4D-4DF3-AA36-7E143BF52292}\RP28\A0002279.exe (Rogue.BugDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Advanced Registry Optimizer\Advanced Registry Optimizer.lnk (Rogue.Advanced.Registry.Optimizer) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Advanced Registry Optimizer\Uninstall Advanced Registry Optimizer.lnk (Rogue.Advanced.Registry.Optimizer) -> Quarantined and deleted successfully.
C:\Program Files\Advanced Registry Optimizer\ARO.chm (Rogue.Advanced.Registry.Optimizer) -> Quarantined and deleted successfully.
C:\Program Files\Advanced Registry Optimizer\ARO.exe (Rogue.Advanced.Registry.Optimizer) -> Quarantined and deleted successfully.
C:\Program Files\Advanced Registry Optimizer\AROSS.dll (Rogue.Advanced.Registry.Optimizer) -> Quarantined and deleted successfully.
C:\Program Files\Advanced Registry Optimizer\CheckForV4.dll (Rogue.Advanced.Registry.Optimizer) -> Quarantined and deleted successfully.
C:\Program Files\Advanced Registry Optimizer\CleanSchedule.exe (Rogue.Advanced.Registry.Optimizer) -> Quarantined and deleted successfully.
C:\Program Files\Advanced Registry Optimizer\EmailAddressCapture.hta (Rogue.Advanced.Registry.Optimizer) -> Quarantined and deleted successfully.
C:\Program Files\Advanced Registry Optimizer\NoSpam.jpg (Rogue.Advanced.Registry.Optimizer) -> Quarantined and deleted successfully.
C:\Program Files\Advanced Registry Optimizer\RCBanner.jpg (Rogue.Advanced.Registry.Optimizer) -> Quarantined and deleted successfully.
C:\Program Files\Advanced Registry Optimizer\soref.dll (Rogue.Advanced.Registry.Optimizer) -> Quarantined and deleted successfully.
C:\Program Files\Advanced Registry Optimizer\unins000.dat (Rogue.Advanced.Registry.Optimizer) -> Quarantined and deleted successfully.
C:\Program Files\Advanced Registry Optimizer\unins000.exe (Rogue.Advanced.Registry.Optimizer) -> Quarantined and deleted successfully.
C:\Program Files\Advanced Registry Optimizer\uninstall.hta (Rogue.Advanced.Registry.Optimizer) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\eula.html (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\INSTALL.LOG (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\TheWeatherChannelCustomUninstall.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\uninstall.bat (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\UNWISE.EXE (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\AdwareAlert\rs.dat (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\AdwareAlert\Log\2008 Jan 01 - 05_38_05 PM_218.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\AdwareAlert\Log\2008 Jan 01 - 05_38_08 PM_515.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\AdwareAlert\Settings\ScanResults.pie (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Sammsoft\Advanced Registry Optimizer\Version 50\1204819820.reg (Rogue.Advanced.Registry.Optimizer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Sammsoft\Advanced Registry Optimizer\Version 50\backup.bin (Rogue.Advanced.Registry.Optimizer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Sammsoft\Advanced Registry Optimizer\Version 50\ExcludeList.aro (Rogue.Advanced.Registry.Optimizer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Sammsoft\Advanced Registry Optimizer\Version 50\results.aro (Rogue.Advanced.Registry.Optimizer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Sammsoft\Advanced Registry Optimizer\Version 50\Partial Backups\00000001.rmb (Rogue.Advanced.Registry.Optimizer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Sammsoft\Advanced Registry Optimizer\Version 50\Partial Backups\00000001.rmi (Rogue.Advanced.Registry.Optimizer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Check PC For Errors.lnk (Rogue.Link) -> Quarantined and deleted successfully.

[evilfantasy]

Try restarting the computer in safe mode and deleting it.

 Also try this if safe mode doesn't work.

Go to start -> control panel -> Display properties -> Desktop -> Customize Desktop... -> Web tab, then uncheck and delete everything you find in there (except for "My current home page"),

Also remove the checkmark from the the Lock Desktop Items box if it is checked.
Apply.
Apply and Exit Display properties.

[wilmsp]

As the cliche goes - "Been there, did that" and couldn't find the blame thing, but it wasn't on normal desktop when I rebooted back to it.  If it shows up tomorrow, I will follows the above routine again.  I have kept you long enough - mucho gracias from Buckhorn, ON and I will likely touch base with this thread Monday, so have a really good weekend - or what's left of it.

Thanks,
Bill S.

[evilfantasy]

Hopefully it stays gone.....

You have a good weekend as well.

[wilmsp]

Good Morning:

All seems well - even the mysterious icon I mentioned is now gone.  I will now download a couple of the "stay-clean' programs you mentioned.

Thanks so much for all your help!

Bill S.

[evilfantasy]

Sounds good.

Safe surfing....