Background message "Warning! Spyware detected

Solved/Closed
Griff - Jul 14, 2008 at 04:50 PM
 Pota - Feb 27, 2017 at 08:17 PM
I let my roomie use my comp while I was away for a few weeks. I returned to find "Warning! Spyware detected on your computer! Install antivirus or spyware remover to clean your computer" as my background message. I tried to place a new background on but this message still appears in the middle. I just bought Norton 360 but it doesn't seem to be detecting it. Also if I leave my computer idle for too long a blue screen pops up with a bunch of computer nomenclature and eg. bogus_driver or something of the sort being the problem. If I hit any button on the keypad it will close that screen and it will no longer pop up until the computer is idle again.

84 replies

I appear to have been infected with this problem. I could not find the link to which you refer. I went to the web site you listed, and did a search for the string of letters and numbers you mention to identify the entry that was supposed to contain the needed fix. My search for that string did not yield any result. Can you confirm that you had a correct listing to find the fix, or can you copy the instructions and send them to me by email? I am desperate, and have worked on this problem for over a week without success. I simply cannot get the bogus message to disappear.
-1
Paul,

The characters that E-bomb referenced were randomly generated by the trojan virus. It will be different for every one. Do a Windows Search of *.bmp files, and fine the file that is your background image. It should be a somewhat random sequence of letters and numbers. It is this sequence that you should use.
0
hey ebomb! thanks so much for the info! it worked..... However I am still having problems with my internet explorer and firefox.

For example whenever I search something on google, if I click on any of the links that my search brings up, I will be taken to a different page. Theses pages are always some stupid advertising for random antivirus or anti-spyware software. I cant seem to get rid of this problem. If anyone can help me fix this, I would greatly appreciate it!
-1
Ebom is the greatest !!!.
Worked for me too, thanks.
Also delete Rich Video Codec in IE
Thanks again
-1
Hi people,
Ive been havin problems with this one just now.. its very vague as per how I got it, my fiance tells me she didnt do anything out of the ordinairy..

Anyway, I caught the bugger in a very early stadium, where it hasnt altered my security settings.
I have had this one with various workstations at work and I can tell you that it isnt over by doing the steps Ebomb provided.
Although when you get it in the early stage (be sure that the screensaver didnt enable itself yet) you can remove it with those steps.

When you did them (In safe mode!! with the network cable unplugged!!) do NOT reboot until you have checked the following:

Before you do anything, Start > Run > regedit [Enter]
look for ScreenSaveActive and put that to 0 (it disables the screensaver)

Check Msconfig (start > Run > Msconfig [Enter] ) and go to the startup tab, check if theres anything that you dont trust.. or turn off everything for safety

Check your screensaver file

Go to c:\Windows\system32\drivers\etc and edit the hosts file in notepad (open with notepad)
See if theres anything else but 127.0.0.1 in there.. if there is anything else, delete everything unless you have put it there

Check your entire registry for those 3 letters (for example e2s) plus scr (search for *e2s.scr) and change that into ribbons.scr (default windows screensaver)
and do the same for .bmp

Delete all your cache and cookies, AND your system restore points and turn on security in IE/firefox

If you still have problems, I suggest installing a premium antivirus package or bringing the machine to an expert, if you dont want to pay for it, re-install windows after backing up everything :)
-1
Hi SicariuS,

I have the same virus but I am unable to boot up in safe mode. It logs me out as soon as I try to log in just like normal. Any advice? I'm assuming it's no longer in the 'early stage'.
0
SicariuS > VitiatR
Aug 28, 2008 at 03:12 PM
Hi VitiatR,

This is another form of the virus that I havent encountered yet. Try to follow my instructions in the later on message on this thread, and specifically the hijackthis steps (put it on a usb stick on a non-infected computer)

Look for suspicious files and delete them on startup (very important to remove network cable before you do this) and also delete them out of the prefetch directory (look for the same filename with .pf instead of .exe)
Then reboot and try again.
0
wparkinson > VitiatR
Sep 7, 2008 at 06:31 PM
I am having this problem... Try to log into windows and it just keeps recycling.... Logging off.... Logging in... Logging off.....

ARRRG... this is a pain... Is there any way to bypass the login screen and go in and delete the bad files...

HELP!!!!!!!
0
LOL SO EASY > wparkinson
Oct 20, 2008 at 05:49 AM
try safe mode?
0
JORGE > LOL SO EASY
Mar 28, 2009 at 05:10 PM
https://www.malwarebytes.com/ THEY HAVE A FREE SOFTWARE it help me to remove the background "warning..etc.. in just 6 minutes of scanning.
0