TechSpot

Malware caused white desktop problem

By kriszti
Apr 24, 2008
  1. I've caused my entire desktop to turn white and can't fix it.
    Windows Defender popped up this morning and told me I had a high-security error of the Trojan variety so I took the recommended action and removed it. Right after that, I clicked on an install link for a svn client, which didn't seem to work. When I closed all my windows, my desktop was entirely white. The correct desktop image shows through when I reboot or when I expand/reduce my taskbar width, which I keep on the right side of the desktop.

    My 'Background' link is disabled in the desktop properties dialog box.

    So far, I have taken the following actions:

    1. ran Malwerbytes Anti-malware program and removed all infected files
    2. downloaded latest version and reinstalled my video drivers

    This did not fix my white desktop problem. As I said above, the correct desktop shows up for a few seconds when booting, but then it turns to white.

    Any help would be appreciated. I've attached my HijackThis log.

    Thanks,
    Kriszti
     
  2. kritius

    kritius TS Guru Posts: 2,087

    Update your Java Runtime Environment
    • First try going to Start -> Control Panel -> double click Java
    • Select the Update TAb at the top
    • Click the Check for Updates button at the bottom
    • If it finds the newer version (Java 6 Update 5) Follow the on screen instructions
    • After it installs the newest version Go back to Control Panel -> Add/remove programs
    • Uninstall any older versions of Java

    If for some reason you couldn't update through the above instructions.
    • Click the following link
      Java Runtime Environment 6 Update 5
    • The 4th option down is the one you want (click Download)
    • Check the box to agree to terms of service
    • Check the box for your operating system and click 'Download selected'at the bottom
    • After the install Go to Start-> Control Panel-> add/remove programs (Programs and features), and uninstall any old versions
    • Navigate to C:\programfiles\Java -> delete any subfolders except the jre1.6.0_05 folder

    Download SDFix and save it to your Desktop.
    • Run the SDFix.exe by double clicking on it.
    • Allow it to install into the default location which is normally c:\SDFix
    • Now please reboot your computer into Safe Mode (see this if you don't know how: Starting your computer in Safe mode )
    • When you have booted into safe mode, open the C:\SDFix folder and double click RunThis.bat to start the script.
    • Type Y to begin the cleanup process.
    • It will remove any Trojan Services or Registry entries found and then prompt you to press any key to Reboot.
    • Press any Key and it will restart the PC.
    • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
    • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
    • Attach the Report.txt file to your next message.

    Fix entries using HiJackThis
    • Launch HiJackThis
    • Click the Do a system scan only button
    • Put a check next to the entries listed below
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\Client\svchost32.e xe
    O4 - HKCU\..\Run: [A00F177B296.exe] C:\DOCUME~1\Kriszti\LOCALS~1\Temp\_A00F177B296.exe
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZU

    • IMPORTANT: Do NOT click fix until you exit all browser sessions including the one you are reading in right now
    • Click the Fix checked button and close HiJackThis
    • Reboot HijackThis if necessary

    Please download ATF Cleaner by Atribune.

    • Double-click ATF-Cleaner.exe to run the program.
      Under Main choose: Select All
      Click the Empty Selected button.
    If you use Firefox browser
    • Click Firefox at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    If you use Opera browser
    • Click Opera at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    Click Exit on the Main menu to close the program.
    For Technical Support, double-click the e-mail address located at the bottom of each menu.

    : Download and Run DSS

    Download Deckard's System Scanner (DSS) to your Desktop. You must be logged onto an account with administrator privileges.
    • Close all applications and windows.
    • Double-click on dss.exe to run it, and follow the prompts.
    • When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<- this one will be minimized.
    • Attach the main.txt and the extra.txt in your reply.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.