Background message "Warning! Spyware detected [Solved/Closed]

Ask a question Griff - Last answered on Feb 27, 2017 at 08:17 PM by Pota
I let my roomie use my comp while I was away for a few weeks. I returned to find "Warning! Spyware detected on your computer! Install antivirus or spyware remover to clean your computer" as my background message. I tried to place a new background on but this message still appears in the middle. I just bought Norton 360 but it doesn't seem to be detecting it. Also if I leave my computer idle for too long a blue screen pops up with a bunch of computer nomenclature and eg. bogus_driver or something of the sort being the problem. If I hit any button on the keypad it will close that screen and it will no longer pop up until the computer is idle again.
plus moins
Hi I've just had the same problem over the weekend and have had success removing what turned out to be a large number of trojan viruses which found their way in through a fake email ecard I received.
I used the Dr Web Cure it programme which is free
If your computer won't stay on long enough for you to download it off the internet which is what happened to me, then what I did was to download it from another computer onto a cheap disk I bought from asda. I then started my computer in safe mode, inserted the disk, and the Dr Web download icon popped up after about a 20 second wait. Just click on it (it took me about 10 goes before it wanted to activate) and then follow the download instructions.
I would recommend the 'Complete' scan. I ran the express scan first which allowed me delete about 7 viruses but when I ran the complete scan it found even more. The complete scan takes 2 hours.
Hope this helps, Debbie.
PS I'm no computer nerd, in fact I don't have a clue about the things, but I found this process quite simple and more importantly, successful. Good luck!
Was this answer helpful?  
kathryn- Oct 6, 2008 at 07:52 AM
you are brillianttttttttttttttttttttttttttttttttttttttt I had my desktopand screen saver tabs lost after downloading antivirus 2008 from microsoft and have been reading how to fix the problem a lot of the cures went over my head yours was the easist by far to do thank you sooooooooooooooooooooooo much youve made the problem easy to fix
Marco- Mar 24, 2009 at 01:11 PM
You are a star!
Been working on this problem for weeks. Thankyou... my daughter can finally stop nicking my laptop!
I used a pen drive thing instead of a disk.
Top marks.. cheers!
Josettte- Jun 9, 2009 at 02:55 PM
Uhh, I tried to the web cure you suggested and I got it to download on my laptop just fine.But every time I try to run it,it never starts. What should I do? I really messed up my computer.
plus moins
Here is how to do it. Its already been posted, but this is the definitive answer:

-Search your drives for *.bmp
-Find the one that matches your background
-Note the last 3 characters before the .bmp - mine was called phccekj0e3cn.bmp
-Search your drives for the last 3 characters noted in previous step. in my case I searched on *3cn
-This search resulted in 4 files for me.
-Go to your task manager, look under the processes tab, and find the process that matches the name of one of the files you are trying to delete (the .exe file)
-end the process - mine was called lphccekj0e3cn.exe
-delete all files found in your search
-reboot and you should have your display tab back for background right-click -> properties
-if you do then you are good to go. set your background and don't let other people who have no clue (most people) use your computer
TheVinMan- Feb 7, 2009 at 04:55 PM

Let me tell you what happened to me and maybe you can help me and also give a warning to others.
I consider myself to be pretty careful when downloading anything onto my pc. Well it just so happens that a volcano is about to erupt in Alaska so I wanted to find live web cam coverage. So I was lead by Google to what looked like an authentic web site When I went to down load the viewer that was required to view said video the normal Norton warning you could be downloading a virus ect ect ect. came up.
after installing the viewer well you guessed it every Trojan and worm you can imagine. I was majorly infected after many different virus sweeps the system seams to be clear, however I am left with a blue screen and can not load any background or wallpaper and all I have read here and tried to find bmps and check the reg edit for the suggested codes I find none if you can suggest any thing else I would appreciate it.
d- Mar 11, 2009 at 01:22 AM
This isn't working for me!

When I search for *.bmp I don't get anything like what you got, so I can't follow the instructions. no long weird filenames.
Bush_sucks- Apr 5, 2009 at 03:38 PM
Hey, umm Ebomb... yeah I'm pretty sure ur thing works but when I open the display properties I can't change the desktop theme and I can't even click on the wallpapers, so I don't know what the *.bmp thing is so yeah... hope you can reply soon I need help! Thanks
Melonss- Jul 28, 2009 at 02:15 PM
hi . so , obviously , I have the virus stated . and I think your method will work .. it's just , I have a couple of problems ..

for one , when you say look for your wallpaper , do youu mean the 'YOUR SYSTEM IS INFECTED' message which is currently on the background , or do you mean the one before that? because I have found the one before that , but seeing as I have created numerous new accounts to try and rid my computer of the virus , the wallpaper was a default . it was just called 'wallpaper'. when searchingg *per , about 400 results came up , some of them just harmless default games like minesweeper .

secondly , whenever I press ctrl alt del , or try andd get to task manager another way , it comes up with a box saying ' your system is infected ' or , if I continue pressing it ' this has been disabled by your administrator ', making me unable to access it . I am the administrator and I did not disable it.

have any ideas of how I can still fix the virus ? also , when you had this virus , did you experience messages coming up when you tried to get on some websites , saying that the security preference or something , prevented you from being on it ? or did some just close completely ? because thats whats happening with mine .

basically , I have a bad feeling its conkedd , and that there's no going back .
Pota- Feb 27, 2017 at 08:17 PM
tangina mo
plus moins
I got this spyware/trojan also - replaced my picture on screen with same saying. Continually popped up messages saying I was infected, click here for spyware, etc. Changed my privacy settings to accept all cookies. Slammed me with ads. Was a particularly insidious problem. Since I am not techy inclined, I went to Office Max and bought a disk called PC Restoration (save the receipt - you need numbers off it). You plug in the disk, and it takes you to a web site where you get one of their techs. You let him log onto your computer through a process they give you. It took them hours to fix it - but they did. They keep working on it until it is fixed. Cost $99 for the disk. That is the expensive way I guess - but it worked for me.
zahid- Sep 21, 2008 at 12:46 PM
I got this spyware/trojan also - replaced my picture on screen with same saying. Continually popped up messages saying I was infected, click here for spyware, etc. Changed my privacy settings to accept all cookies. Slammed me with ads. Was a particularly insidious problem. Since I am not techy inclined, I went to Office Max and bought a disk called PC Restoration (save the receipt - you need numbers off it). You plug in the disk, and it takes you to a web site where you get one of their techs. You let him log onto your computer through a process they give you. It took them hours to fix it - but they did. They keep working on it until it is fixed. Cost $99 for the disk. That is the expensive way I guess - but it worked for me.
plus moins
I located the 3 files but when I went to processes in the task manager, none looked even close. The files were blphcgenj0e95t and phcgenj0e95t. Also NONE of my processes listed have any NUMBERS in them at all! I have had this virus for a week. My young son needs the computer for school work now and I am a novice MOM. Any suggestions would be appreciated.
SicariuS- Sep 1, 2008 at 05:19 AM
Hi Sunshine,

If you cannot locate the strange files in your process list (any file with a name that doesnt seem like a word or acronym) you might be in luck and able to remove the background without too much problems.

Go to Start> Run> type "Regedit" and press ok (without the " " )
In this registry editor, press ctrl+F on your keyboard.. this is the Find option.

Look for 'NoDispBackgroundPage' and/or 'NoDispScrSavPage' and delete them.
Also look for ScreenSaveActive and put that to 0 (it disables the screensaver)

Then do another check in your process list and close Explorer (you wont have a start bar etc. but dont panic..)
Wait 30 seconds and then press (in the task manager) File > New Task (run...) > type "explorer"

Check the screensaver and set it to a screensaver with a normal name (or keep it off) and change the background and background colour.

If you're unable to do this, I suggest following all the steps I provided earlier.

Good luck!
plus moins
This is the clearest, most succinct solution to this problem I've found - and it works like a charm! Thanks SO much for the step-by-step instructions on how to rid oneself of this annoying little virus.

Oh desktop settings - I'm so happy to have you back! Never leave me again!
plus moins
this thing wont let me go to task manager and also I cannt delete the gay files what should I do and I cant roll back because my restore point is after I recieved this shit
plus moins
Pls Give Me Sollution on my Problem
plus moins
Start the Windows in safe mode and search for .bmp file which shows the same as background. select last fourletters of that .bmp file and search in the windows for all the files. and search in registry also.

once you done restart the computer. Install the you ethernet drivers if you miss any.

gpedit.misc to change the hidden display property to disable in system settings.
plus moins
Ugh! I got ahead of myself in the previous post. If you followed those directions you still will be missing the 'Desktop' and/or 'Screen Saver' tabs in your Display Properties. (right click on background and select properties)

Also, just deleting the background image is not enough! This is a nasty sucker running a process, it may not find the background anymore but its still doing harm. i.e. my computer started blue screening and rebooting over and over after like 20 min

So here is the complete definitive answer: (thank you again for previous posts pointing me in the right direction)

-Right-Click on My Computer and select Search...
-click All files and folders
-search for *.bmp (all or part of file name)
-Find the one that matches your background
-Note the name of the .bmp file - mine was called phccekj0e3cn.bmp (copy and paste into notepad or something as you weill need this later, or write it down as your computer can reboot)
-Search your drives for the last 3 characters noted in previous step. in my case I searched on *3cn
-This search resulted in 4 files for me.
-Go to your task manager, look under the processes tab, and find the process that matches the name of one of the files you are trying to delete (the .exe file)
-end the process - mine was called lphccekj0e3cn.exe
-delete all files found in your search

REMOVE REGISTRY ENTRIES: (not as important since the files are no longer there but still good idea)
-Start -> Run
-Edit -> Find
-I searched on *3cn (the last 3 characters) but this returned some valid registry entries. I suggest you either carefully delete all entries that look they are related. I found 5 or 6 valid entries, but they were obvious to me to not be related.
-typically they will have the full name like "lphccekj0e3cn" In fact you could probably search on whatever the .exe name was (minus the .exe extension) and you can surely delete all those entries.

-this is what I missed in the previous post. The first time this thing runs it changes entries in your registry to hide the 'Desktop' and/or 'Screen Saver' tabs
-In the registry navigate to:
-delete entries 'NoDispBackgroundPage' and/or 'NoDispScrSavPage'

Check out your display properties again, they should be back to normal.

Empty your recycle bin to get rid of it for good

Rebooting at this point is probably a good idea.
dex- Oct 11, 2008 at 12:05 PM
The bmp file doesn't show up in my search? I'm not sure why
Plyer69- Oct 16, 2008 at 11:58 AM
Thanks so much. I was able to remove the trojan but was unable to change the background. after I followed your steps everything is fine.

LP3- Feb 1, 2009 at 03:35 PM
What if none of the ".bmp" files are the image of the virused wallpaper? Thanks!
pablo- Feb 26, 2009 at 01:52 AM
Did you find any files named "buritos" associated with this
antivirus 2008 infection??
k8 care- Jul 29, 2009 at 09:06 PM
Thank you so much! worked awesome I could handle all of it on my own except the simplest part. finding the background. thank you thank you thank you.
plus moins
how do I search when my desktop is gone thanks to that bmp file. I have no start menu, I have no desktop. I dont know how to search in DOS. PLease help I want to get rid of this blue screen and get my desktop and start button back.

mikethedike 166Posts Saturday August 16, 2008Registration date September 22, 2012 Last seen - Aug 30, 2008 at 07:04 AM
i already have posted the solution of this problem

but here it one more time

The first time this thing runs it changes entries in your registry to hide the 'Desktop' and/or 'Screen Saver' tabs
-In the registry navigate to:
-delete entries 'NoDispBackgroundPage' and/or 'NoDispScrSavPage'

Check out your display properties again, they should be back to normal.

Empty your recycle bin to get rid of it for good

Rebooting at this point is probably a good idea.

awaiting comments

Melisio Mascarenhas
alayche- Oct 19, 2008 at 11:01 PM
(Solved) (Solved)(Solved)(Solved)(Solved)(Solved)(Solved)(Solved)(Solved)(Solved)(Solved)(Solved)(Solved)(Solved)

Just a reply to this approach, I have done this. unfortunately the hijack reinstalled itself once I had rebooted the computer.

i would like to add my 2cents worth thanks. you may need to, remove all accurances of text, strings etc from registry. (regedit) .there is a search engine there which you can use to find the entries, also use F3 to find next etc.

the text strings are as follows [ blphc98pj0elc5 , Lphc98pj0elc5, phc98pj0elc5 ]

there may also be [.exe files] for these in C:windows/system32 folder which you will need to delete once you have deleted register entries.

you will need to shutdown the computer then restart to delete these last 2 [.exe files] as they will be in use by windows system.

thankyou all.

plus moins
hey there

the thing is that I have already removed the spyware virus but now my background is just white no words no nothing. putting a new background doesnt seem to work and I cant seem to find the bmp file at all. was wondering if u could help me out

THx heaps

plus moins
Ok so I had all the symptoms, followed all of ebombs steps, and the steps that sir posted to do after. And I no longer have problems with my desktops backround. But I still have problems with:

My internet being really really really slow.

Websites don't load fully / correctly, the format is way f'd up.

Can't even access my router settings page anymore, it WAS loading f'd up before, now it just times out after a while.

I can't update any of my anti-virus software, they all just error in some strange way.

I can't install anything, install.exe files just error when I double click them, no matter what they are or where they are from, it just says they are corrupt. I'm assuming this is the virus keeping me from getting rid of it? -_-

I triple checked every step, I've done everything. If anyone knows what might still be wrong or what I MAY have missed, please help me out. I'd be more greatful than I can even put into words.
plus moins
I had the same problem. Wallpaper & Screensavor tab missing and fake virus alert. I used this software and it got rid or it, Malwarebytes Anti-Malware.

Here is the link:

The free version works just fine. Also if when you reboot you get an "Cannot Display This Video Mode" message. Unplug your monitor then reboot. When you're sure that the log on prompt is up, replug your monitor.

Here is a copy of my Malwarebytes log, The ones labeled "Trojan.FakeAlert" is this perticular spyware. Also it restore the noscreensavor and nobackground that was placed in the RegKey

Malwarebytes' Anti-Malware 1.25
Database version: 1062
Windows 5.1.2600 Service Pack 2

10:34:12 AM 08/27/08
mbam-log-08-27-2008 (10-34-12).txt

Scan type: Full Scan (C:\|)
Objects scanned: 139484
Time elapsed: 1 hour(s), 5 minute(s), 2 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 1
Registry Keys Infected: 12
Registry Values Infected: 7
Registry Data Items Infected: 3
Folders Infected: 3
Files Infected: 10

Memory Processes Infected:
C:\WINDOWS\SYSTEM32\lphcpwej0e741.exe (Trojan.FakeAlert) -> Unloaded process successfully.

Memory Modules Infected:
C:\WINDOWS\SYSTEM32\blphcpwej0e741.scr (Trojan.FakeAlert) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/windows/downloaded program files/popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sysrest.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sysrest.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sysrest.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysrest32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphcpwej0e741 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\dynamic toolbar (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\GSIM (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\GSIM\Cache (Adware.2020search) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\GSIM\Cache\T10312.tmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\sysrest32.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\vdo_g.ini (Stolen.Data) -> Quarantined and deleted successfully.
C:\Program Files\Internet Explorer\setupapi.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\blphcpwej0e741.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\lphcpwej0e741.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\phcpwej0e741.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sysrest.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\amegino\Local Settings\Temp\.ttF.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
plus moins
Thanks to all that provided the valuable information on this thread...

I have had this problem as well and have sucessfully got rid of it...using your advice
My IT guys was about to wipe my drive and re-install windows when I found this thread...

Again...Thanks...U ALL rock...!!!
plus moins
Hi there people,

Seen as to how I cant reply to the mail I got through this site, i'm hoping to do that here..

I received some questions as to how to reach the search option when this virus is active..

I have to warn you though.. this particular bug downloads other viruses that change more stuff on reboot.. thats why it is VERY VERY important to remove the network cable, and not reboot unless its impossible to continue working before a reboot.

If you have done all the steps that Ebomb and I have provided (or cannot do some of the steps since it hijacked your explorer) and still have problems, here are some more tips.

Don't pin me down on this though, I don't know whether this helps.

Do NOT use your computer like normal when the virus is still there, you risk infecting other people and even being shut down by your ISP, and in the worst cases you risk being prosecuted for spreading spam/malware

Never download an "antivirus program" or "malware remover" unless you know it works (or one of the following: NOD32, Kaspersky, Norton/symantec, AVG and some other premium brands)

you MUST boot in safe mode (press f8 a couple of times right after you turn on your computer and get the black screen with the text stuff, that means BEFORE the windows logo with the moving bars) when youre in safe mode, you'll get a message about system restore.. this cannot be used since the virus could have infected a restore point.

When Safe Mode fully loaded, you should not get the warning message and blue/white background, if you do, press ctrl+alt+del, do task manager and look in your process list.

- If you see any weird processes in there, try to end them manually, but dont try too hard cause theyll probably stay.
Write the names of the processes (all that you dont trust) and look them up in google on a comp that is not infected, here you should eb able to find the meaning of most of them.. if not, its probably a virus, or a program you dont need.

- If you dont see a start bar, or icons: Try to manually start Explorer by doing CTRL+ALT+DEL, task manager, File > New task> explorer [enter]
If you cant get task manager to work, you have a problem that surpasses my knowledge, and its time to either use a recovery disk, re-install windows, or bring the computer to a specialist.

- If you cant start Explorer (the start bar and icons), theres another method to get it to work. Which requires some extra labour:

Go on a computer that is not infected and follow this link: (if possible)
Or look for hijackthis.

You can then put it on a usb stick or CD/DVD and open it in the infected computer by inserting it and browsing to the drive through CTRL+ALT+DEL, task manager, File > New task>[drive letter]:\hijackthis
This program helps you opening an alternative task manager and file explorer/basic scanner

With this program you can analyze the startup sequence and save a logfile to show other people, do this, and post the logfile on this forum (or multiple to get quicker help)

You can also use this program to open your task manager list in case you can't, or dont trust the windows one (some viruses have been known to alter it)

This "manual" has become quite a mess now, but if you go over it a couple times, I hope you get what I mean...

So here's what I expect you to do:
- Follow all the instructions (Ebomb and mine, and read the other people's too ofcourse)
- If these dont work, get Hijackthis
- FIRST follow your own intuition, find all processes on google, try to manually remove stuff with hijackthis after researching them
- Try premium antivirus trial packages
- Post your Hijackthis log on this forum and tell us your symptoms in one message, if we can help, we will!
- If all else fails (and I mean everything) Think about re-installing windows over this infected one.
Then back up everything on a dvd or usb stick (documents, pictures, saved games, every important possession)

IMPORTANT: Take your time for backing up, the windows that is installed now will not have the virus installed but your harddrive will be a mess (imagine post-apocalyptic new york on rush hour) and it still does contain the virus file on it.
When youre absolutely positive that you backed up every valuable file, it is time to do a system format.
You can do this by letting the windows installation make a new file system (theres plenty of tutorials about this and im not going in-depth on this)
Do know that upon doing a format, you will delete everything on the computer, and you will not be able to recover anything after the format.
nngg4 1Posts Sunday September 14, 2008Registration date September 14, 2008 Last seen - Sep 14, 2008 at 07:31 PM
Really appreciate all the suggestions. I'm by no means a computer expert but managed to follow the process and eliminated the warning message. However, after re-booting, my desktop loaded up with a bunch of "notepad" tabs (iaanotif, OSA9, OLG, yahoo messenger, issch, cxyrgzqh, and many others) further, each desktop application icon I clicked on (EX: Firefox) opened a notepad of misc symbols, not the actual application. additionally, when I tried to reset my desktop image through the start>control panel>appearance and themes, another notepad full of symbols opened. Obviously, I've screwed something up. How do I fix it?
plus moins
Ok, so I thought I had everything gone, but it seems like my browsers are being hijacked by this virus, look out for the results you find on google..

If anyone can help find out where this comes from, I very much appreciate it

So: Whenever I do a search on Google, on both IE and FireFox, google wants to redirect me to some page called "" and something with blogs.

I checked all my harddrives (2 TB) with all known anti spyware/adware/cvs programs, hijackthis, I dont have files in my process list that could do harm, I deleted all BHO's, I let my router determine the DNS, not my computer, I have no other virus symptoms, no bad cookies, an empty cache, is my basic search provider and starting page and my hosts file is alright (empty).

I scanned my registry to anything with blogs or health, and all I could find was the high secured area of iexplorer (all the websites with security = 4 -means blocked- rating)

Also every tracert shows up legit addresses.

Any suggestions would be appreciated.
plus moins
unplug ur system from the net connection

delete the history, cookies, and temp files from ur iinternet explorer

check in any new software has been intalled in
startmenu/programs/"check in any new software has been intalled itself here " unintall it if it doent allo to delete it

emplty ur recyler bin

awaiting comments

also check out

Melisio Mascarenhas
SicariuS- Sep 1, 2008 at 05:08 AM
I actually deleted my entire cookies directories and temp dir to prevent any hidden/encrypted files to be missed.. and I believe I already stated that in my previous post.

The problem is that I could not detect anything on my computer.. even a virusscanner couldnt.

I re-installed windows and got it over with.
plus moins
mine went away after I renewed a $39.95 one year norton plan. however, I had to download new updates to norton to get the message "spyware detected on your computer" to go away. so, just be patient and download the updates. hope this helps.
plus moins
I was having this same problem and had to reformat 2x. All was fine until this past Friday, and this same virus started taking over again. Now, I got past all the screesaver issues, I was able to delete some files before it got to the "screensaver" changing part. But now here are my issues. 1) Task Manager will not come up because the admin rights have been taken over by this virus. 2) When I go to "Start" Ctrl Panel, My Computer, none of those items are available 3) I get into "My Computer" by backdooring it, and my C:/ and D:/ drives are not available. I have to manually type them in to view them. The virus has gotten into my external hard drives as well, which the free version of avast is picking up, but the virus will not let me delete these files after being found through avast. When I go into the drive, I do not see these files. I am running programs that were mentioned earlier in this post, trying to get rid of this thing. Also, where the "Time" is, in the bottom right had corner, it has "VIRUS ALERT!" displaying all the time. Any help would be appreciated. Thanks!
plus moins
Ebomb, I was able to followed your detail instructions and resolve this problem. Thanks you very much for sharing your knowledge with us................regards!
1 2 3 4 5 Next

Member requests are more likely to be responded to.

Members can monitor the statuses of their requests from their account pages.

A CCM membership gives you access to additional options.

Not a member yet?

Sign up now. It takes less than a minute and is completely free!