Background message "Warning! Spyware detected

Question

Background message "Warning! Spyware detected

Solved/Closed

Griff - Jul 14, 2008 at 04:50 PM
Pota - Feb 27, 2017 at 08:17 PM

I let my roomie use my comp while I was away for a few weeks. I returned to find "Warning! Spyware detected on your computer! Install antivirus or spyware remover to clean your computer" as my background message. I tried to place a new background on but this message still appears in the middle. I just bought Norton 360 but it doesn't seem to be detecting it. Also if I leave my computer idle for too long a blue screen pops up with a bunch of computer nomenclature and eg. bogus_driver or something of the sort being the problem. If I hit any button on the keypad it will close that screen and it will no longer pop up until the computer is idle again.

What is the risk of turning off messages about spyware and related protection
What is the risk of turning off messages about virus protection - Best answers
What is the risk of turning off messages about spyware - Best answers
Adware blocker /spyware ✓ - Forum - Antivirus
Adware/spyware ✓ - Forum - Viruses/Security
'virus protection - the new age of antivirus' ✓ - Forum - Antivirus
Virus/spyware problems - Forum - Windows
Virus protection is turned off - Forum - Windows

84 replies

Answer 2 / 84

Ebomb
Aug 21, 2008 at 05:20 PM

Here is how to do it. Its already been posted, but this is the definitive answer:

-Search your drives for *.bmp
-Find the one that matches your background
-Note the last 3 characters before the .bmp - mine was called phccekj0e3cn.bmp
-Search your drives for the last 3 characters noted in previous step. in my case I searched on *3cn
-This search resulted in 4 files for me.
-Go to your task manager, look under the processes tab, and find the process that matches the name of one of the files you are trying to delete (the .exe file)
-end the process - mine was called lphccekj0e3cn.exe
-delete all files found in your search
-reboot and you should have your display tab back for background right-click -> properties
-if you do then you are good to go. set your background and don't let other people who have no clue (most people) use your computer

pramod
Aug 22, 2008 at 04:34 AM

Hi Ebomb,
Thank you so much man...... thanks a million.... thanks a trillion.... thanks a lot. I could fix the problem completely. Now no virus. I got backthe desktop and screensaver options in desktop properties window. Your method really worked..... Thank you buddy... be in touch..... can I get your personal email id.... mine is attitude_dedication@rediffmail.com.
Thanks once again and take care..

chris
Aug 22, 2008 at 04:58 AM

i wanna kiss you.........your info about blue screen virus worked a treat

bsmon1
Aug 23, 2008 at 12:18 AM

very helpful ebomb, you da man, or woman, or whatever, but thanks, I appreciate your instructions, and it seems to have worked.... it was very frustrating having that crap when I logged on every time, but you saved the day...

thx again, dude...

Elizabeth
Aug 25, 2008 at 08:07 AM

Got the same problem over the weekend; followed your instructions, removed the .bmp file and, voila, problem solved. Wow, that was a REALLY annoying problem. Thanks so much!

Elizabeth
Aug 25, 2008 at 08:08 AM

Got the same problem over the weekend; followed your instructions, removed the .bmp file and, voila, problem solved. Wow, that was a REALLY annoying problem. Thanks so much!

Ana > mikethedike

Posts: 158
Registration date: Saturday August 16, 2008
Status: Member
Last seen: September 22, 2012

Sep 10, 2008 at 12:48 AM

I read the instructions you provided to remove the annoying background screen, however I wish I would have read this before I installed an anti virus software the removed the annoying screen and the pop ups forcing consumers to purchase their product. I now have the screen saver problem that appears when computer is idle advising there was an error in the installation of a new software and it names all these files and suggest a reboot. The computer appears to be rebooting but it is not. Its like some sick persons way to annoy you with a screen saver that is an eye soar. So my question is how do I get rid of this and I know you have posted directions several time sorry if I am not getting it. Each time you posted it you ask that we look for the original file or even a file with bogus numbers. When I do the search for the file .bmp it pulls of 1400 files of pics which I totally understand. What I dont get is which file it could be if it is in that section or did I miss my chance when the anti virus software I installed deleted it. I just want to change the background on my computer and take the screen saver off. I dont have these tabs and maybe I was just fast reading but it appears to be a problem that is linked. Also I dont mean to sound like an air head but a little fix it for dummys instructions would be helpful. I also want to point out this is sad I can not fix it my self as I did get an associates degree in IT. Maybe it was not the major for me but I am very fasinated by it.

View all 37 comments

Answer 3 / 84

murphy
Jul 14, 2008 at 07:53 PM

I got this spyware/trojan also - replaced my picture on screen with same saying. Continually popped up messages saying I was infected, click here for spyware, etc. Changed my privacy settings to accept all cookies. Slammed me with ads. Was a particularly insidious problem. Since I am not techy inclined, I went to Office Max and bought a disk called PC Restoration (save the receipt - you need numbers off it). You plug in the disk, and it takes you to a web site where you get one of their techs. You let him log onto your computer through a process they give you. It took them hours to fix it - but they did. They keep working on it until it is fixed. Cost $99 for the disk. That is the expensive way I guess - but it worked for me.

zahid
Sep 21, 2008 at 12:46 PM

I got this spyware/trojan also - replaced my picture on screen with same saying. Continually popped up messages saying I was infected, click here for spyware, etc. Changed my privacy settings to accept all cookies. Slammed me with ads. Was a particularly insidious problem. Since I am not techy inclined, I went to Office Max and bought a disk called PC Restoration (save the receipt - you need numbers off it). You plug in the disk, and it takes you to a web site where you get one of their techs. You let him log onto your computer through a process they give you. It took them hours to fix it - but they did. They keep working on it until it is fixed. Cost $99 for the disk. That is the expensive way I guess - but it worked for me.

Answer 4 / 84

sunshine
Aug 30, 2008 at 06:02 PM

I located the 3 files but when I went to processes in the task manager, none looked even close. The files were blphcgenj0e95t and phcgenj0e95t. Also NONE of my processes listed have any NUMBERS in them at all! I have had this virus for a week. My young son needs the computer for school work now and I am a novice MOM. Any suggestions would be appreciated.

SicariuS
Sep 1, 2008 at 05:19 AM

Hi Sunshine,

If you cannot locate the strange files in your process list (any file with a name that doesnt seem like a word or acronym) you might be in luck and able to remove the background without too much problems.

Go to Start> Run> type "Regedit" and press ok (without the " " )
In this registry editor, press ctrl+F on your keyboard.. this is the Find option.

Look for 'NoDispBackgroundPage' and/or 'NoDispScrSavPage' and delete them.
Also look for ScreenSaveActive and put that to 0 (it disables the screensaver)

Then do another check in your process list and close Explorer (you wont have a start bar etc. but dont panic..)
Wait 30 seconds and then press (in the task manager) File > New Task (run...) > type "explorer"

Check the screensaver and set it to a screensaver with a normal name (or keep it off) and change the background and background colour.

If you're unable to do this, I suggest following all the steps I provided earlier.

Good luck!

Answer 5 / 84

unanon
Sep 14, 2008 at 10:02 AM

This is the clearest, most succinct solution to this problem I've found - and it works like a charm! Thanks SO much for the step-by-step instructions on how to rid oneself of this annoying little virus.

Oh desktop settings - I'm so happy to have you back! Never leave me again!

Answer 6 / 84

Keef
Sep 25, 2008 at 07:11 PM

this thing wont let me go to task manager and also I cannt delete the gay files what should I do and I cant roll back because my restore point is after I recieved this shit

Answer 7 / 84

liyakath
Sep 27, 2008 at 03:13 AM

Pls Give Me Sollution on my Problem

Answer 8 / 84

su
Aug 18, 2008 at 01:16 PM

Start the Windows in safe mode and search for .bmp file which shows the same as background. select last fourletters of that .bmp file and search in the windows for all the files. and search in registry also.

once you done restart the computer. Install the you ethernet drivers if you miss any.

gpedit.misc to change the hidden display property to disable in system settings.

Answer 9 / 84

Ebomb
Aug 21, 2008 at 06:04 PM

Ugh! I got ahead of myself in the previous post. If you followed those directions you still will be missing the 'Desktop' and/or 'Screen Saver' tabs in your Display Properties. (right click on background and select properties)

Also, just deleting the background image is not enough! This is a nasty sucker running a process, it may not find the background anymore but its still doing harm. i.e. my computer started blue screening and rebooting over and over after like 20 min

So here is the complete definitive answer: (thank you again for previous posts pointing me in the right direction)

REMOVE THE FILES FROM YOUR HARD-DRIVE:
-Right-Click on My Computer and select Search...
-click All files and folders
-search for *.bmp (all or part of file name)
-Find the one that matches your background
-Note the name of the .bmp file - mine was called phccekj0e3cn.bmp (copy and paste into notepad or something as you weill need this later, or write it down as your computer can reboot)
-Search your drives for the last 3 characters noted in previous step. in my case I searched on *3cn
-This search resulted in 4 files for me.
-Go to your task manager, look under the processes tab, and find the process that matches the name of one of the files you are trying to delete (the .exe file)
-end the process - mine was called lphccekj0e3cn.exe
-delete all files found in your search

REMOVE REGISTRY ENTRIES: (not as important since the files are no longer there but still good idea)
-Start -> Run
-regedit
-Edit -> Find
-I searched on *3cn (the last 3 characters) but this returned some valid registry entries. I suggest you either carefully delete all entries that look they are related. I found 5 or 6 valid entries, but they were obvious to me to not be related.
-typically they will have the full name like "lphccekj0e3cn" In fact you could probably search on whatever the .exe name was (minus the .exe extension) and you can surely delete all those entries.

FIX REGISTRY ENTRIES:
-this is what I missed in the previous post. The first time this thing runs it changes entries in your registry to hide the 'Desktop' and/or 'Screen Saver' tabs
-In the registry navigate to:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
-delete entries 'NoDispBackgroundPage' and/or 'NoDispScrSavPage'

Check out your display properties again, they should be back to normal.

Empty your recycle bin to get rid of it for good

Rebooting at this point is probably a good idea.

Marie
Aug 21, 2008 at 06:12 PM

Hi Ebomb:
Thank you so much for your help. I did not know what to do about this problem. But now it is resolved. Your step by step description worked great for me.
For everyone!
Follow the description and you do not need to install anything.
Thanks again. Marie

Bloody Puppy
Aug 21, 2008 at 09:27 PM

Dude, thank you so much Ebomb. Clear instructions, and they worked perfectly. You rock.

chevy_77
Aug 21, 2008 at 09:50 PM

I got rid of all the viruses and such/background etc.....BUT, I am also having a problem with my computer.....
It show's my Windows Live OneCare antivirus/spyware is working 100% BUTTTTT, whenever my kids/myself are on the computer, it ALSO shuts down to that blue screen with warnings and such////then reboots itself over and over again....till I hit the enter button then it goes back to whatever we were doing on the computer. Why isn't this one fixed???? I'm lost and confused.....

Please help since the LIVECARE ain't fixing up that problem.....

JohnC > chevy_77
Aug 22, 2008 at 12:33 PM

It's not really rebooting -- it's an "evil genius" screen saver. Check your screen saver tab to see if the goofy looking name (as described by Ebomb) is still selected. If so, pick something else (or none), then search for the .scr file with that name and delete it. You could still have the registry entries too, so search for those in regedit and delete them.

If your screen saver tab is still missing, go back to Ebomb's last post above and try again -- you may have missed one of the steps.

monica
Aug 22, 2008 at 08:59 AM

Ebomb - you are a lifesaver!!
Thank you so much for your instructions, I have downloaded so many anti spyware and antivirus programs over the past few hours trying to get rid of this thing. Turns out all I needed to do was follow your simple instructions and voila, the problem is gone!!
SO GRATEFUL!
Everybody follow these instructions and it will be fixed, I can guarantee it!

mikethedike

Posts: 158
Registration date: Saturday August 16, 2008
Status: Member
Last seen: September 22, 2012

40 > johnnyb
Sep 7, 2008 at 08:46 AM

I have already have posted the solution of this problem in my earlier posting

but here it one more time

REMOVE THE FILES FROM YOUR HARD-DRIVE:
-Right-Click on My Computer and select Search...
-click All files and folders
-search for *.bmp (all or part of file name)
-Find the one that matches your background
-Note the name of the .bmp file - mine was called phccekj0e3cn.bmp (copy and paste into notepad or something as you weill need this later, or write it down as your computer can reboot)
-Search your drives for the last 3 characters noted in previous step. in my case I searched on *3cn
-This search resulted in 4 files for me.
-Go to your task manager, look under the processes tab, and find the process that matches the name of one of the files you are trying to delete (the .exe file)
-end the process - mine was called lphccekj0e3cn.exe
-delete all files found in your search

REMOVE REGISTRY ENTRIES: (not as important since the files are no longer there but still good idea)
-Start -> Run
-regedit
-Edit -> Find
-I searched on *3cn (the last 3 characters) but this returned some valid registry entries. I suggest you either carefully delete all entries that look they are related. I found 5 or 6 valid entries, but they were obvious to me to not be related.
-typically they will have the full name like "lphccekj0e3cn" In fact you could probably search on whatever the .exe name was (minus the .exe extension) and you can surely delete all those entries.

FIX REGISTRY ENTRIES:
-this is what I missed in the previous post. The first time this thing runs it changes entries in your registry to hide the 'Desktop' and/or 'Screen Saver' tabs
-In the registry navigate to:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
-delete entries 'NoDispBackgroundPage' and/or 'NoDispScrSavPage'

Check out your display properties again, they should be back to normal.

Empty your recycle bin to get rid of it for good

Rebooting at this point is probably a good idea.

p.s. if u have prob finding the bmp files try to find it as file named as "pch or else try 3cn"

awaiting comments

Regards
Melisio Mascarenhas
India

View all 30 comments

Answer 10 / 84

IanK
Aug 26, 2008 at 07:19 PM

how do I search when my desktop is gone thanks to that bmp file. I have no start menu, I have no desktop. I dont know how to search in DOS. PLease help I want to get rid of this blue screen and get my desktop and start button back.

Thanks

mikethedike

Posts: 158
Registration date: Saturday August 16, 2008
Status: Member
Last seen: September 22, 2012

40
Aug 30, 2008 at 07:04 AM

i already have posted the solution of this problem

but here it one more time

The first time this thing runs it changes entries in your registry to hide the 'Desktop' and/or 'Screen Saver' tabs
-In the registry navigate to:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
-delete entries 'NoDispBackgroundPage' and/or 'NoDispScrSavPage'

Check out your display properties again, they should be back to normal.

Empty your recycle bin to get rid of it for good

Rebooting at this point is probably a good idea.

awaiting comments

Regards
Melisio Mascarenhas
India

alayche > mikethedike

Posts: 158
Registration date: Saturday August 16, 2008
Status: Member
Last seen: September 22, 2012

Oct 19, 2008 at 11:01 PM

(Solved) (Solved)(Solved)(Solved)(Solved)(Solved)(Solved)(Solved)(Solved)(Solved)(Solved)(Solved)(Solved)(Solved)

Just a reply to this approach, I have done this. unfortunately the hijack reinstalled itself once I had rebooted the computer.

i would like to add my 2cents worth thanks. you may need to, remove all accurances of text, strings etc from registry. (regedit) .there is a search engine there which you can use to find the entries, also use F3 to find next etc.

the text strings are as follows [ blphc98pj0elc5 , Lphc98pj0elc5, phc98pj0elc5 ]

there may also be [.exe files] for these in C:windows/system32 folder which you will need to delete once you have deleted register entries.

you will need to shutdown the computer then restart to delete these last 2 [.exe files] as they will be in use by windows system.

thankyou all.

alayche

Answer 11 / 84

Sean
Aug 26, 2008 at 10:36 PM

hey there

the thing is that I have already removed the spyware virus but now my background is just white no words no nothing. putting a new background doesnt seem to work and I cant seem to find the bmp file at all. was wondering if u could help me out

THx heaps

Sean

Answer 12 / 84

Anubislee
Aug 27, 2008 at 08:15 AM

Ok so I had all the symptoms, followed all of ebombs steps, and the steps that sir posted to do after. And I no longer have problems with my desktops backround. But I still have problems with:

My internet being really really really slow.

Websites don't load fully / correctly, the format is way f'd up.

Can't even access my router settings page anymore, it WAS loading f'd up before, now it just times out after a while.

I can't update any of my anti-virus software, they all just error in some strange way.

I can't install anything, install.exe files just error when I double click them, no matter what they are or where they are from, it just says they are corrupt. I'm assuming this is the virus keeping me from getting rid of it? -_-

I triple checked every step, I've done everything. If anyone knows what might still be wrong or what I MAY have missed, please help me out. I'd be more greatful than I can even put into words.

Answer 13 / 84

Blacmale
Aug 27, 2008 at 09:59 AM

I had the same problem. Wallpaper & Screensavor tab missing and fake virus alert. I used this software and it got rid or it, Malwarebytes Anti-Malware.

Here is the link:
https://download.cnet.com/Malwarebytes/3000-8022_4-10804572.html

The free version works just fine. Also if when you reboot you get an "Cannot Display This Video Mode" message. Unplug your monitor then reboot. When you're sure that the log on prompt is up, replug your monitor.

Here is a copy of my Malwarebytes log, The ones labeled "Trojan.FakeAlert" is this perticular spyware. Also it restore the noscreensavor and nobackground that was placed in the RegKey

Malwarebytes' Anti-Malware 1.25
Database version: 1062
Windows 5.1.2600 Service Pack 2

10:34:12 AM 08/27/08
mbam-log-08-27-2008 (10-34-12).txt

Scan type: Full Scan (C:\|)
Objects scanned: 139484
Time elapsed: 1 hour(s), 5 minute(s), 2 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 1
Registry Keys Infected: 12
Registry Values Infected: 7
Registry Data Items Infected: 3
Folders Infected: 3
Files Infected: 10

Memory Processes Infected:
C:\WINDOWS\SYSTEM32\lphcpwej0e741.exe (Trojan.FakeAlert) -> Unloaded process successfully.

Memory Modules Infected:
C:\WINDOWS\SYSTEM32\blphcpwej0e741.scr (Trojan.FakeAlert) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/windows/downloaded program files/popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sysrest.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sysrest.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sysrest.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysrest32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphcpwej0e741 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\dynamic toolbar (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\GSIM (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\GSIM\Cache (Adware.2020search) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\GSIM\Cache\T10312.tmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\sysrest32.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\vdo_g.ini (Stolen.Data) -> Quarantined and deleted successfully.
C:\Program Files\Internet Explorer\setupapi.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\blphcpwej0e741.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\lphcpwej0e741.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\phcpwej0e741.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sysrest.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\amegino\Local Settings\Temp\.ttF.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

Answer 14 / 84

Des
Aug 27, 2008 at 03:23 PM

Thanks to all that provided the valuable information on this thread...

I have had this problem as well and have sucessfully got rid of it...using your advice
My IT guys was about to wipe my drive and re-install windows when I found this thread...

Again...Thanks...U ALL rock...!!!

Answer 15 / 84

SicariuS
Aug 28, 2008 at 07:35 AM

Hi there people,

Seen as to how I cant reply to the mail I got through this site, i'm hoping to do that here..

I received some questions as to how to reach the search option when this virus is active..

I have to warn you though.. this particular bug downloads other viruses that change more stuff on reboot.. thats why it is VERY VERY important to remove the network cable, and not reboot unless its impossible to continue working before a reboot.

If you have done all the steps that Ebomb and I have provided (or cannot do some of the steps since it hijacked your explorer) and still have problems, here are some more tips.

Don't pin me down on this though, I don't know whether this helps.

Do NOT use your computer like normal when the virus is still there, you risk infecting other people and even being shut down by your ISP, and in the worst cases you risk being prosecuted for spreading spam/malware

Never download an "antivirus program" or "malware remover" unless you know it works (or one of the following: NOD32, Kaspersky, Norton/symantec, AVG and some other premium brands)

you MUST boot in safe mode (press f8 a couple of times right after you turn on your computer and get the black screen with the text stuff, that means BEFORE the windows logo with the moving bars) when youre in safe mode, you'll get a message about system restore.. this cannot be used since the virus could have infected a restore point.

When Safe Mode fully loaded, you should not get the warning message and blue/white background, if you do, press ctrl+alt+del, do task manager and look in your process list.

- If you see any weird processes in there, try to end them manually, but dont try too hard cause theyll probably stay.
Write the names of the processes (all that you dont trust) and look them up in google on a comp that is not infected, here you should eb able to find the meaning of most of them.. if not, its probably a virus, or a program you dont need.

- If you dont see a start bar, or icons: Try to manually start Explorer by doing CTRL+ALT+DEL, task manager, File > New task> explorer [enter]
If you cant get task manager to work, you have a problem that surpasses my knowledge, and its time to either use a recovery disk, re-install windows, or bring the computer to a specialist.

- If you cant start Explorer (the start bar and icons), theres another method to get it to work. Which requires some extra labour:

Go on a computer that is not infected and follow this link:
https://download.cnet.com/Trend-Micro-HijackThis/3001-8022_4-10781312.html?spi=a9bfc7c9b036de3f980fb8a30b2ee5ad (if possible)
Or look for hijackthis.

You can then put it on a usb stick or CD/DVD and open it in the infected computer by inserting it and browsing to the drive through CTRL+ALT+DEL, task manager, File > New task>[drive letter]:\hijackthis
This program helps you opening an alternative task manager and file explorer/basic scanner

With this program you can analyze the startup sequence and save a logfile to show other people, do this, and post the logfile on this forum (or multiple to get quicker help)

You can also use this program to open your task manager list in case you can't, or dont trust the windows one (some viruses have been known to alter it)

This "manual" has become quite a mess now, but if you go over it a couple times, I hope you get what I mean...

So here's what I expect you to do:
- Follow all the instructions (Ebomb and mine, and read the other people's too ofcourse)
- If these dont work, get Hijackthis
- FIRST follow your own intuition, find all processes on google, try to manually remove stuff with hijackthis after researching them
- Try premium antivirus trial packages
- Post your Hijackthis log on this forum and tell us your symptoms in one message, if we can help, we will!
- If all else fails (and I mean everything) Think about re-installing windows over this infected one.
Then back up everything on a dvd or usb stick (documents, pictures, saved games, every important possession)

IMPORTANT: Take your time for backing up, the windows that is installed now will not have the virus installed but your harddrive will be a mess (imagine post-apocalyptic new york on rush hour) and it still does contain the virus file on it.
When youre absolutely positive that you backed up every valuable file, it is time to do a system format.
You can do this by letting the windows installation make a new file system (theres plenty of tutorials about this and im not going in-depth on this)
Do know that upon doing a format, you will delete everything on the computer, and you will not be able to recover anything after the format.

nngg4

Posts: 1
Registration date: Sunday September 14, 2008
Status: Member
Last seen: September 14, 2008

Sep 14, 2008 at 07:31 PM

Really appreciate all the suggestions. I'm by no means a computer expert but managed to follow the process and eliminated the warning message. However, after re-booting, my desktop loaded up with a bunch of "notepad" tabs (iaanotif, OSA9, OLG, yahoo messenger, issch, cxyrgzqh, and many others) further, each desktop application icon I clicked on (EX: Firefox) opened a notepad of misc symbols, not the actual application. additionally, when I tried to reset my desktop image through the start>control panel>appearance and themes, another notepad full of symbols opened. Obviously, I've screwed something up. How do I fix it?

Answer 16 / 84

SicariuS
Aug 28, 2008 at 03:26 PM

Ok, so I thought I had everything gone, but it seems like my browsers are being hijacked by this virus, look out for the results you find on google..

If anyone can help find out where this comes from, I very much appreciate it

So: Whenever I do a search on Google, on both IE and FireFox, google wants to redirect me to some page called "youreverydayhealth.com" and something with blogs.

I checked all my harddrives (2 TB) with all known anti spyware/adware/cvs programs, hijackthis, I dont have files in my process list that could do harm, I deleted all BHO's, I let my router determine the DNS, not my computer, I have no other virus symptoms, no bad cookies, an empty cache, https://www.google.nl/?gws_rd=ssl is my basic search provider and starting page and my hosts file is alright (empty).

I scanned my registry to anything with blogs or health, and all I could find was the high secured area of iexplorer (all the websites with security = 4 -means blocked- rating)

Also every tracert shows up legit addresses.

Any suggestions would be appreciated.

Answer 17 / 84

mikethedike

Posts: 158
Registration date: Saturday August 16, 2008
Status: Member
Last seen: September 22, 2012

40
Aug 28, 2008 at 11:34 PM

unplug ur system from the net connection

delete the history, cookies, and temp files from ur iinternet explorer

check in any new software has been intalled in
startmenu/programs/"check in any new software has been intalled itself here " unintall it if it doent allo to delete it

emplty ur recyler bin

awaiting comments

also check out

Melisio Mascarenhas
India

SicariuS
Sep 1, 2008 at 05:08 AM

I actually deleted my entire cookies directories and temp dir to prevent any hidden/encrypted files to be missed.. and I believe I already stated that in my previous post.

The problem is that I could not detect anything on my computer.. even a virusscanner couldnt.

I re-installed windows and got it over with.

Answer 18 / 84

stevie
Aug 29, 2008 at 08:08 AM

mine went away after I renewed a $39.95 one year norton plan. however, I had to download new updates to norton to get the message "spyware detected on your computer" to go away. so, just be patient and download the updates. hope this helps.

Answer 19 / 84

Tommet
Sep 1, 2008 at 01:46 PM

I was having this same problem and had to reformat 2x. All was fine until this past Friday, and this same virus started taking over again. Now, I got past all the screesaver issues, I was able to delete some files before it got to the "screensaver" changing part. But now here are my issues. 1) Task Manager will not come up because the admin rights have been taken over by this virus. 2) When I go to "Start" Ctrl Panel, My Computer, none of those items are available 3) I get into "My Computer" by backdooring it, and my C:/ and D:/ drives are not available. I have to manually type them in to view them. The virus has gotten into my external hard drives as well, which the free version of avast is picking up, but the virus will not let me delete these files after being found through avast. When I go into the drive, I do not see these files. I am running programs that were mentioned earlier in this post, trying to get rid of this thing. Also, where the "Time" is, in the bottom right had corner, it has "VIRUS ALERT!" displaying all the time. Any help would be appreciated. Thanks!

Answer 20 / 84

Flordeli
Sep 1, 2008 at 09:50 PM

Ebomb, I was able to followed your detail instructions and resolve this problem. Thanks you very much for sharing your knowledge with us................regards!

Ask a question

Hi Ebomb,
Thank you so much man...... thanks a million.... thanks a trillion.... thanks a lot. I could fix the problem completely. Now no virus. I got backthe desktop and screensaver options in desktop properties window. Your method really worked..... Thank you buddy... be in touch..... can I get your personal email id.... mine is attitude_dedication@rediffmail.com.
Thanks once again and take care.. — pramod
i wanna kiss you.........your info about blue screen virus worked a treat — chris
very helpful ebomb, you da man, or woman, or whatever, but thanks, I appreciate your instructions, and it seems to have worked.... it was very frustrating having that crap when I logged on every time, but you saved the day...

thx again, dude... — bsmon1
Got the same problem over the weekend; followed your instructions, removed the .bmp file and, voila, problem solved. Wow, that was a REALLY annoying problem. Thanks so much! — Elizabeth
Hey dude Thanks for the advice but im still stuck:'(
Basically I can see the file in the *.bmp place where im searching but whenver I go to delete it
it says cannot delete: cannot read from the source or disk or sumut
any suggestions dude
any help would be greatly appreciated xx:( — cal
Hello, I've been googling everything, I've done all the instructions given out there, except for downloading anysoftware, because I can't get to the internet, I've done the tskmgr instructions and deleted the files, I've restarted in safe mood and disabled turn off system restore, I've run avg after deleting from registry files and search my entire computer and it found those trojans even after I deleted from registry and taskmgr. So when it showed that AVG asked if I wanted to remove I said remove, so I'm thinking it's gone, I can't find anymore of those files. However I did the policies thing for desktop to be enabled again, I changed my desktop and my screensaver went back to what I had before Antivirus, I restarted my pc and boom that message in the middle of my desktop is still there.

It wont go away, I can't connect to internet or anything.

What am I missing what am I doing wrong???? — Frustrated
Hey ebomb, thnks mate for the solution. Although I did find a solution earlier where u had to change the registry value , it was just a temporary solution and every time I restarted the problem would resurface. but with ur solution the problem has been solved for good. Thanks once again. — 3@NiL
i did everything.. but when I got to the task mgr part.. I couldnt find the process to turn off. Nothing fit the searches I found. But I deleted everything in the search that came up. However, my Background tab still does not show. What do I do? — Ann
ok Ann, pls follow the below given info

The first time this thing runs it changes entries in your registry to hide the 'Desktop' and/or 'Screen Saver' tabs
-In the registry navigate to:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
-delete entries 'NoDispBackgroundPage' and/or 'NoDispScrSavPage'

Check out your display properties again, they should be back to normal.

Empty your recycle bin to get rid of it for good

Rebooting at this point is probably a good idea.

Melisio Mascarenhas
India — Ann
I read the instructions you provided to remove the annoying background screen, however I wish I would have read this before I installed an anti virus software the removed the annoying screen and the pop ups forcing consumers to purchase their product. I now have the screen saver problem that appears when computer is idle advising there was an error in the installation of a new software and it names all these files and suggest a reboot. The computer appears to be rebooting but it is not. Its like some sick persons way to annoy you with a screen saver that is an eye soar. So my question is how do I get rid of this and I know you have posted directions several time sorry if I am not getting it. Each time you posted it you ask that we look for the original file or even a file with bogus numbers. When I do the search for the file .bmp it pulls of 1400 files of pics which I totally understand. What I dont get is which file it could be if it is in that section or did I miss my chance when the anti virus software I installed deleted it. I just want to change the background on my computer and take the screen saver off. I dont have these tabs and maybe I was just fast reading but it appears to be a problem that is linked. Also I dont mean to sound like an air head but a little fix it for dummys instructions would be helpful. I also want to point out this is sad I can not fix it my self as I did get an associates degree in IT. Maybe it was not the major for me but I am very fasinated by it. — Ann
Thanks, I followed Ebomb and your instructions and I got rid of it completelly....after 3 days of downloading all sort of crap.

Thanks again!!! — Ann
Thank you sooooo much I had this damned thing for a few days before I finally found it, but still had the issue with the background you made it sooo simple, but one last thing. Every time I click anything in an webbrowser I am redirected to other pages that have nothing to do with what im searching for. any clues?

Thanks
Robert S — Ann
I tried to do the following:

-In the registry navigate to:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ÂPolicies\System
-delete entries 'NoDispBackgroundPage' and/or 'NoDispScrSavPage'

and now I have no desktop just a blue screen. Can anyone help? — Ann
Click Start -> Run -> Type regedit

Be careful. You can screw your entire computer up. — Ann
Thanks, had the same problem. I followed your instructions and was able to get rid off the stupid virus!!!

Thanks AGain — Gratefull !!! Very
Hi EBomb
So far so good but I cannot see the file in task manager.

i have deleted the files from search. But it is still on my desktop.

Please help there are no similar files in Task Manager and I dont want to stop something that I am not sure of.

Nomad — nomad
hey I had the same problem and ebomb your directions helped me thx.
but now something strange has happened with my browser
anytime I Google search something
and click on one of the search links it redirects me and takes me to some worthless shady website
the only way I can access websites is by typing in the url
my internet is also running very slow now
i get the feeling some form of spyware is still in my comp and using my net
any help would be greatly apreciated !!!
thank you!!!!!! verymuch — matt022
just wanna thank u SOO much it really scared me when I got that BSOD! thought I had a scaryyyy viruss!!! but following ur step by step instructions couldnt have been easierr to remove that stupid screensaver! you're a legendd!! thanks again!!! — taniaaaaa
PLEASE HELP!! im having the same problems as everyone else. I think I may have a virus. my screen savers is now all white. last week it said the same message that the other people were talking about. I AM VERY NEW to computers and have no clue what you are talking about. is there any way you could give a bit more detailed instructions? I have tried searching in drives for .bmp & the only thing that comes up are pictures of different screen savers and other s. savers things ive never seen. I dont see any.bmp after the files. please help — jenn
You resolution would probably be great, but my task manager is disabled. Happen at the same time this lovely virus appeared. Any suggestions? — retfam
hye I just got the same mssg as others. now my problem is I duno wer to start...wer do I find the drive...i mean wer to click got im so helpless nw...just got this notebook 2 month ago n now it's damn slow!! please helpppp — psha84
Ebomb

Let me tell you what happened to me and maybe you can help me and also give a warning to others.
I consider myself to be pretty careful when downloading anything onto my pc. Well it just so happens that a volcano is about to erupt in Alaska so I wanted to find live web cam coverage. So I was lead by Google to what looked like an authentic web site When I went to down load the viewer that was required to view said video the normal Norton warning you could be downloading a virus ect ect ect. came up.
after installing the viewer well you guessed it every Trojan and worm you can imagine. I was majorly infected after many different virus sweeps the system seams to be clear, however I am left with a blue screen and can not load any background or wallpaper and all I have read here and tried to find bmps and check the reg edit for the suggested codes I find none if you can suggest any thing else I would appreciate it. — TheVinMan
This isn't working for me!

When I search for *.bmp I don't get anything like what you got, so I can't follow the instructions. no long weird filenames. — d
Hey, umm Ebomb... yeah I'm pretty sure ur thing works but when I open the display properties I can't change the desktop theme and I can't even click on the wallpapers, so I don't know what the *.bmp thing is so yeah... hope you can reply soon I need help! Thanks — Bush_sucks
hi . so , obviously , I have the virus stated . and I think your method will work .. it's just , I have a couple of problems ..

for one , when you say look for your wallpaper , do youu mean the 'YOUR SYSTEM IS INFECTED' message which is currently on the background , or do you mean the one before that? because I have found the one before that , but seeing as I have created numerous new accounts to try and rid my computer of the virus , the wallpaper was a default . it was just called 'wallpaper'. when searchingg *per , about 400 results came up , some of them just harmless default games like minesweeper .

secondly , whenever I press ctrl alt del , or try andd get to task manager another way , it comes up with a box saying ' your system is infected ' or , if I continue pressing it ' this has been disabled by your administrator ', making me unable to access it . I am the administrator and I did not disable it.

have any ideas of how I can still fix the virus ? also , when you had this virus , did you experience messages coming up when you tried to get on some websites , saying that the security preference or something , prevented you from being on it ? or did some just close completely ? because thats whats happening with mine .

basically , I have a bad feeling its conkedd , and that there's no going back . — Melonss
I got this spyware/trojan also - replaced my picture on screen with same saying. Continually popped up messages saying I was infected, click here for spyware, etc. Changed my privacy settings to accept all cookies. Slammed me with ads. Was a particularly insidious problem. Since I am not techy inclined, I went to Office Max and bought a disk called PC Restoration (save the receipt - you need numbers off it). You plug in the disk, and it takes you to a web site where you get one of their techs. You let him log onto your computer through a process they give you. It took them hours to fix it - but they did. They keep working on it until it is fixed. Cost $99 for the disk. That is the expensive way I guess - but it worked for me. — zahid
Hi Sunshine,

If you cannot locate the strange files in your process list (any file with a name that doesnt seem like a word or acronym) you might be in luck and able to remove the background without too much problems.

Go to Start> Run> type "Regedit" and press ok (without the " " )
In this registry editor, press ctrl+F on your keyboard.. this is the Find option.

Look for 'NoDispBackgroundPage' and/or 'NoDispScrSavPage' and delete them.
Also look for ScreenSaveActive and put that to 0 (it disables the screensaver)

Then do another check in your process list and close Explorer (you wont have a start bar etc. but dont panic..)
Wait 30 seconds and then press (in the task manager) File > New Task (run...) > type "explorer"

Check the screensaver and set it to a screensaver with a normal name (or keep it off) and change the background and background colour.

If you're unable to do this, I suggest following all the steps I provided earlier.

Good luck! — SicariuS
Hi Ebomb:
Thank you so much for your help. I did not know what to do about this problem. But now it is resolved. Your step by step description worked great for me.
For everyone!
Follow the description and you do not need to install anything.
Thanks again. Marie — Marie
Dude, thank you so much Ebomb. Clear instructions, and they worked perfectly. You rock. — Bloody Puppy
I got rid of all the viruses and such/background etc.....BUT, I am also having a problem with my computer.....
It show's my Windows Live OneCare antivirus/spyware is working 100% BUTTTTT, whenever my kids/myself are on the computer, it ALSO shuts down to that blue screen with warnings and such////then reboots itself over and over again....till I hit the enter button then it goes back to whatever we were doing on the computer. Why isn't this one fixed???? I'm lost and confused.....

Please help since the LIVECARE ain't fixing up that problem..... — chevy_77
It's not really rebooting -- it's an "evil genius" screen saver. Check your screen saver tab to see if the goofy looking name (as described by Ebomb) is still selected. If so, pick something else (or none), then search for the .scr file with that name and delete it. You could still have the registry entries too, so search for those in regedit and delete them.

If your screen saver tab is still missing, go back to Ebomb's last post above and try again -- you may have missed one of the steps. — chevy_77
Ebomb - you are a lifesaver!!
Thank you so much for your instructions, I have downloaded so many anti spyware and antivirus programs over the past few hours trying to get rid of this thing. Turns out all I needed to do was follow your simple instructions and voila, the problem is gone!!
SO GRATEFUL!
Everybody follow these instructions and it will be fixed, I can guarantee it! — monica
Thanks, Ebomb! Worked perfectly, VERY clear instructions.

You DA MAN! — JohnC
Hi!!! THANK YOU SOOOO MUCH for those EASY STEPS to go by. The other replies were kinda confusing, but yours WAS GREAT AND SEOOO EASY!!!!

BUT>>>>>>>>>>I went to where you stated this: FIX REGISTRY ENTRIES:
-this is what I missed in the previous post. The first time this thing runs it changes entries in your registry to hide the 'Desktop' and/or 'Screen Saver' tabs
-In the registry navigate to:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
-delete entries 'NoDispBackgroundPage' and/or 'NoDispScrSavPage'

I did do that and I was able to have my properties back/able to change my settings for screen saver.......BUT>>>>>that file is STILL THERE AND I DONT KNOW HOW TO DELETE IT FROM MY SCREEN SAVER LIST......
I clicked on it but this box pops up and is very ODD looking...don't wanna click anything on it as I'm scared it may just come back to attack me...lol. The file that came up in my pc that won't delete from my screensavers list is called: blphc11pj0ep57

HOW DO I DELETE THAT??????

Please and THANK YOU SO MUCH!!!!!!!!!! — chevy_77
E-Fizzle,

I owe you big time! No more gutter surfing for me :-) — Perm
ebomb ...........THANK YOU SOOOOOO MUCH you are the coolest. I wish you the best. — bigjeff
Hey Thanks a lot.....

I was so terrified of what was happening.... being a computer illiterate and all. Thank you so much for those detailed steps....
Cheers — amrearoz
Ebomb,

I tried everything you did in the first step and restarted my computer and now my screen is just blue and still I cannot change it. So I went back and you created new steps and I thought "great! my answer!" but you asked my to get my last three characters which I had deleted and forgotten, but I know they are not the same as yours were. I emptied my recycling bin so there is no way to find them. what should I do? — Daniel
Hi Ebomb! You're a starrrrrrrrrrr! Totally noviss like I jus followd yr step bistep . It WORKED !!!!!!!!!!!!!! — Noviss
Hey,

Your info was great!... everything worked just as you said except when I tried to delete the files access was denied... I must have a more advanced version of this virus.. Do you have any suggestions?

Thanks!
Kristy — Kristy
wait

1) which method did you use ??

2) the scan spyware method??

or the other ones (search sepecific files one)

if the spyware method

then the software hasnt been installed properly

try uninstalling and reintall it once more

follow the steps again

then try to fix it

if its the second method then u have to run ur system in safe mode, then delete it

awaiting comments

Melisio Mascarenhas — Kristy
Hey Ebomb! You are the BEST! I really apriciate your job! I believe you saved many many people!
Although I have a question to make and I would be thankful if you reply me. Before I read your post I tried Superantispyware which I think removed the bmp files and the exe that you refer to be found in taskbar menu>proccesses. I believe it worked because I didn't find neither the bmp files nor the exe. So the only I had to do was to clean my registry...well hopefully, I made a search but I found nothing. Finally I deleted the 2 files that hide the desktop and screensaver tabs. Right now, everthing seem to be working good. My question is: Do you think I have to do something else? I had the bad idea to restore my system at the point before using superantispyware (which means the point in total chaos), but I didn't do it. Should I do it and follow your help from the start or not?
I'm looking forward for your reply! Thank you again! — CyberKid
Dude, Thank you so much. I could seriously kiss you.. LOLLL

Thanks alot man, Keep it real.

- Jon — Jon
Hi ebomb,

It is great that you provided a step by step instructions, of which I will confirm work.

I would also recommend people to install a virus scanner to go with this. I am running Avast 4.8 home addition, it is free and it found this for me. and fixed it on a machine I was working on. The only thing it didn't do is delete the back ground and bring back the tabs on the display setting.

Nice post,

Regards

-LS — LostSteak
Thank you ebomb! Your instructions were so easy to follow and they worked perfectly! — thanks!
I too have the same virus. I tried your fix but when I search for the *.bmp file, none show the virus backround. Where do I go from here? — johnnyb
I was so thrilled with your instructions & I did everything. It took the spyware message off. I rebooted,
and then it said, malicious spyware was taken off computer. I was so thrilled, I thought I fixed it.

But, when I try to click on the internet, it
tries to & flips back off. What else can I do?

You've been very helpful. Thank you & I hope maybe you can help with this.

Thanks — johnnyb
i know this is an old thread, but the problem of spyware changing wallpaper is still around. however, it now is using a .html file, rather than a .bmp file, and it is named 'critical warning.html' and is in the system32 folder, so do you happen to have another solution to restore the wallpaper? I do have the desktop tab showing, I just cannot click on any of the wallpapers, so I am sure it is just a setting somewhere that I have yet to find....thanks buddy — johnnyb
Hi,

I followed all of your directions, and it seemed to work. But now internet explorer redirects me to weird sites that are obviously still part of this virus anytime I try to search using any search engine. I have been trying to download spybot hoping that would take care of it, but I can't even get to the sites because it redirects me everytime or says internet explorer cannot display blah, blah, blah, you know. Also, my computer has started freezing up to the point I can't do ANYTHING! Please help me. — MelisAva
I get the same thing! I dont know what to do.. Please help someone.. I thought about reformatting my computer. But I wonder if there's another way — MelisAva
Thanks so much. I was able to remove the trojan but was unable to change the background. after I followed your steps everything is fine.

Thanks — Plyer69
What if none of the ".bmp" files are the image of the virused wallpaper? Thanks! — LP3
Hi
Did you find any files named "buritos" associated with this
antivirus 2008 infection?? — pablo
Thank you so much! worked awesome I could handle all of it on my own except the simplest part. finding the background. thank you thank you thank you. — k8 care
i already have posted the solution of this problem

but here it one more time

The first time this thing runs it changes entries in your registry to hide the 'Desktop' and/or 'Screen Saver' tabs
-In the registry navigate to:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
-delete entries 'NoDispBackgroundPage' and/or 'NoDispScrSavPage'

Check out your display properties again, they should be back to normal.

Empty your recycle bin to get rid of it for good

Rebooting at this point is probably a good idea.

awaiting comments

Regards
Melisio Mascarenhas
India — mikethedike
(Solved) (Solved)(Solved)(Solved)(Solved)(Solved)(Solved)(Solved)(Solved)(Solved)(Solved)(Solved)(Solved)(Solved)

Just a reply to this approach, I have done this. unfortunately the hijack reinstalled itself once I had rebooted the computer.

i would like to add my 2cents worth thanks. you may need to, remove all accurances of text, strings etc from registry. (regedit) .there is a search engine there which you can use to find the entries, also use F3 to find next etc.

the text strings are as follows [ blphc98pj0elc5 , Lphc98pj0elc5, phc98pj0elc5 ]

there may also be [.exe files] for these in C:windows/system32 folder which you will need to delete once you have deleted register entries.

you will need to shutdown the computer then restart to delete these last 2 [.exe files] as they will be in use by windows system.

thankyou all.

alayche — mikethedike
Really appreciate all the suggestions. I'm by no means a computer expert but managed to follow the process and eliminated the warning message. However, after re-booting, my desktop loaded up with a bunch of "notepad" tabs (iaanotif, OSA9, OLG, yahoo messenger, issch, cxyrgzqh, and many others) further, each desktop application icon I clicked on (EX: Firefox) opened a notepad of misc symbols, not the actual application. additionally, when I tried to reset my desktop image through the start>control panel>appearance and themes, another notepad full of symbols opened. Obviously, I've screwed something up. How do I fix it? — nngg4
I actually deleted my entire cookies directories and temp dir to prevent any hidden/encrypted files to be missed.. and I believe I already stated that in my previous post.

The problem is that I could not detect anything on my computer.. even a virusscanner couldnt.

I re-installed windows and got it over with. — SicariuS

Debbie · Accepted Answer · 2008-08-19T04:23:06-0400

Answer 1 / 84

Debbie
Aug 19, 2008 at 04:23 AM

Hi I've just had the same problem over the weekend and have had success removing what turned out to be a large number of trojan viruses which found their way in through a fake email ecard I received.
I used the Dr Web Cure it programme which is free www.freedrweb.com/
If your computer won't stay on long enough for you to download it off the internet which is what happened to me, then what I did was to download it from another computer onto a cheap disk I bought from asda. I then started my computer in safe mode, inserted the disk, and the Dr Web download icon popped up after about a 20 second wait. Just click on it (it took me about 10 goes before it wanted to activate) and then follow the download instructions.
I would recommend the 'Complete' scan. I ran the express scan first which allowed me delete about 7 viruses but when I ran the complete scan it found even more. The complete scan takes 2 hours.
Hope this helps, Debbie.
PS I'm no computer nerd, in fact I don't have a clue about the things, but I found this process quite simple and more importantly, successful. Good luck!

kathryn
Oct 6, 2008 at 07:52 AM

you are brillianttttttttttttttttttttttttttttttttttttttt I had my desktopand screen saver tabs lost after downloading antivirus 2008 from microsoft and have been reading how to fix the problem a lot of the cures went over my head yours was the easist by far to do thank you sooooooooooooooooooooooo much youve made the problem easy to fix

Marco
Mar 24, 2009 at 01:11 PM

You are a star!
Been working on this problem for weeks. Thankyou... my daughter can finally stop nicking my laptop!
I used a pen drive thing instead of a disk.
Top marks.. cheers!

Josettte
Jun 9, 2009 at 02:55 PM

Uhh, I tried to the web cure you suggested and I got it to download on my laptop just fine.But every time I try to run it,it never starts. What should I do? I really messed up my computer.

Background message "Warning! Spyware detected

84 replies

Your reply

On the same themes

Subscribe To Our Newsletter!