TechSpot

Desktop background won't change

By benjammin123
Oct 15, 2006
  1. After frustration with some web search hijacking, I learned about "Hijack This". I loaded it and ran it. When it came back with 3 pages of problems, I did a dumb thing - and fixed them all. The only change I could see is that the desktop background stays standard XP blue. I have tried to change it (right click on desktop and properties - desktop) but it doesn't allow any of the options there to activate other than color. I did this about 8 days ago. Since then I have updated definitions for antivirus and "ad-aware" and run those and cleaned. I still couldn't fix it. So, I did an on-line chat with tech Support from E-machines. They tried several things (run - regedit) without luck. They backed out the Hijack This and reset the settings. But still the standard wallpaper settings cannot be opened.

    Is there a way to reinstate the settings?

    THX!
     
  2. TimeParadoX

    TimeParadoX TS Rookie Posts: 2,273

    can you access System Restore? maybe you can go back in time and dont fix everything like I was about to do when I was running HTJ but howard told me exactly what to fix =)
     
  3. benjammin123

    benjammin123 TS Rookie Topic Starter

    Yes - I did try that. Wish I had set a date for restore. The only options pre Oct. 4 when I loaded Hijack This were Oct. 1 and 3. The computer acted like it was going to restore - re-booted etc, but then said it couldn't restore to that point.
     
  4. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    That was a bit of a silly thing to do.

    I don`t know if you`ve tried this, but here goes.

    Run HJT and click on the config button, followed by the backups button. Place a tick in every little box, when done, click the restore button and ok.

    See if that helps.

    Regards Howard :wave: :wave:

    This thread is for the use of benjammin123 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  5. benjammin123

    benjammin123 TS Rookie Topic Starter

    Nothing is there to restore. I think the Emachines tech (Gateway) did that when he tried to do it for me. I saw him re-tick all the boxes and restore. Then afterwards we removed the Program. It didn't really remove it tho. I could run it again....but the back up file was not there. I did print a copy of the 3 pages tho before, in frustration, I said to fix all! If desired, I could reprint those into this thread. I made sure no files are hidden. I noticed another thread similar to my problem. It's basically the same as what was titled "annoying problem with desktop background". I have not gone the route yet of following those suggestions of installing several spyware and firewall programs. Did those steps fix it? If so, should I go that route? One more note, I looked again at Microsoft system restore to see if it would work on another date. Oddly, it claims that no files have changed (which can't be true as in the last two weeks, I added Hijack This and then removed it partly; did both antivirus and spyware scans and removals. But that's about it.
     
  6. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Ok, here`s what I`d like you to try, if you can.

    Go and read the Trojan Pakes and other nasties preliminary removal instructions. Follow all the instructions exactly.

    Post fresh HJT and AVG Antispyware logs as an attachments into this thread, only after doing the above.


    Regards Howard :)


    This thread is for the use of benjammin123 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  7. benjammin123

    benjammin123 TS Rookie Topic Starter

    I'm back having completed all the instructions. I hope I followed the instructions correctly! (I downloaded and was half-way through the process when I had to go on a business trip. So upon return, I started the process again and have just finished) My desktop problem (not able to change the backdrop) is now fixed. However, I do have questions and will post the attached HJT file log. (Oops - correction -- I am unable to do in this thread. Management options brings up a blank pop-up screen, and disappears. Is there something I should do so I can attach them?)

    I guess I thought I was protected from problems because I had an antivirus program (ClamWin) which got daily updates. I thought that would prevent a problem. I did not do a scan in about 6 months. I also had already loaded Ad-aware se as my spyware program with the same prevention philosophy. So, my question is should I keep both ClamWin and AVG as antivirus programs? How often should I run them?

    Same for anti-spyware programs. I now have Ad-aware se and SS&D. Keep both? How often do I run them?

    I also have the Zone Alarm firewall. It asks about allowing NETBIOS activity. Is there a place that gives me some way of knowing which I should allow or deny?

    On these programs, do I now go in and implement the "resident shield in AVG antispy" or the "Immunize" in the AVG anti-virus?

    Last, we added a lot of tools. (Smitfraud, Virtumundo, Look2me, CCleaner). Do I keep these, run these periodically or delete them?

    THANKS so much! I appreciate this help. Now, after this is fixed, I'll be going through these same steps for my work laptop system!
     
  8. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    I`m not sure why you can`t get the manage attachments window to stay open.

    Maybe try it again in your next post.

    No, you shouldn`t have more than one antivirus programme active at the same time. This is because it can cause conflicts. I suggest you uninstall the Clamwin programme.

    Yes, keep Ad-Aware se personal and SS&D, run them once every week or so.

    No, don`t activate the active shield in AVG Antispyware as it just uses resources and isn`t really necessary. The immunize feature is part of SS&D and not AVG Antispyware.

    Smitfraud, Virtumundo and Look2me destroyer can all be uninstalled, you should keep Ccleane3r and run it on a regular basis.

    Regards Howard :)

    This thread is for the use of benjammin123 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  9. benjammin123

    benjammin123 TS Rookie Topic Starter

    I'll try to post now. (I figured it out - I had blocked pop-ups...Duh!)

    One more thing has surfaced. The AVG Resident SHield pups up with a "Virus Detected" screen. With wording "while opening file c:\WINDOWS\System32\six.exe Trojan horse generic2emc" Then it does not allow me to heal or move to vault saying that that "request action is not available for this object. Access to the file has been denied). So, only option is to ignore. Is there a way to get rid of this?
     
  10. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    You`re still running HijackThis.exe.

    C:\Program Files\HijackThis\HijackThis1991.exe\HijackThis.exe

    When what you need is C:\program files\HijackThis(<this is the folder)\HijackThis1991.exe(<this is the actual executable file).

    Rename the HijackThis.exe file to HijackThis1991. exe, delete any other HijackThis.exe file, then post a fresh HJT log.

    Regards Howard :)

    This thread is for the use of benjammin123 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  11. benjammin123

    benjammin123 TS Rookie Topic Starter

    OK - I think I renamed as you asked. Here's the new log
    Thanks again!
     
  12. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

    Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html

    Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html

    Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

    Click on the processes tab and end process for(if there).

    TorontoMail.exe
    defect08.exe
    KeywordFinder.exe
    zantu.exe
    borlandg.exe

    Close task manager.

    Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    R3 - URLSearchHook: (no name) - {115A8BA7-DB21-6613-1DC1-C6F55A8B2D72} - MsNetHelper.dll (file missing)

    O4 - HKLM\..\Run: [Brong32] TorontoMail.exe

    O4 - HKLM\..\Run: [ActionScr] defect08.exe

    O4 - HKCU\..\Run: [cnftips] KeywordFinder.exe

    O4 - HKCU\..\Run: [nmdllw] zantu.exe

    O4 - HKCU\..\Run: [syspanel] borlandg.exe

    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcophotocenter.com/CostcoActivia.cab

    O17 - HKLM\System\CCS\Services\Tcpip\..\{37DAE5A6-99F4-4C82-AF37-917F7F3FE87D}: NameServer = 85.255.113.133,85.255.112.143

    O17 - HKLM\System\CCS\Services\Tcpip\..\{93E7E62A-172D-47C4-9781-B52D7BDC29DB}: NameServer = 85.255.113.133,85.255.112.143

    O17 - HKLM\System\CCS\Services\Tcpip\..\{C4A5330C-CEAA-4C1E-9588-FD494B19AFC9}: NameServer = 85.255.113.133,85.255.112.143

    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.133 85.255.112.143

    O17 - HKLM\System\CS1\Services\Tcpip\..\{37DAE5A6-99F4-4C82-AF37-917F7F3FE87D}: NameServer = 85.255.113.133,85.255.112.143

    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.133 85.255.112.143

    O17 - HKLM\System\CS2\Services\Tcpip\..\{37DAE5A6-99F4-4C82-AF37-917F7F3FE87D}: NameServer = 85.255.113.133,85.255.112.143

    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.133 85.255.112.143

    Only fix the above 017 entries if they don`t belong to your ISP.

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files and/or directories(if there).

    TorontoMail.exe
    defect08.exe
    KeywordFinder.exe
    zantu.exe
    borlandg.exe


    Search Your system for the above .exe files and delete all instances of them.

    Reboot into normal mode, turn system restore back on and rehide your protected OS files.

    Post a fresh HJT log and let me know how your system is running.

    Regards Howard :)

    This thread is for the use of benjammin123 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  13. benjammin123

    benjammin123 TS Rookie Topic Starter

    Howard - THANKS AGAIN! Here's the log. I'll monitor how it does for a few days, but hopefully all's well. The AVG Virus Detector screen about the Trojan Horse has disappeared. So, it looks good. I appreciate the help!
     
  14. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Your HJT log is now clean.

    If you have any further virus/spyware problems, please post in this thread.

    Regards Howard :)

    This thread is for the use of benjammin123 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  15. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    I forgot to add.

    Locate and delete this file(if there).

    C:\WINDOWS\System32\six.exe Don`t worry if it`s not there.

    Regards Howard :)

    This thread is for the use of benjammin123 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...