My background is stuck as a spyware warning. I would greatly appreciate some help. Thanks.

Help?

Has anyone discovered a work around for this one? I'm having the same issue.

This is a bad one
I have been trying all day to get rid of it with no success

I change it back to active desktop the next minute it web content view again
with that background

you probably have the spysherriff virus. Read the other threads about spysherriff.

Thanks
Yep thats sure what it looks like I spent over 2 hours trying to fix this
and I'm an onsite computer tech
I did a google for this and it came up with nothing
I will have to go back and do the reg thing, too bad I have to drive 20 miles
Thats the worst part about somebody elses house it can take forever doing multiple spyware scans, not like would could take a bath or mower the lawn
it the waiting that gets me, like Chinese water torture

no prob, that's what we're here for.

shdocha problem

I noticed others are having the same problem at about the same time that I got it with the same URL mentioned in this thread.

My computer opens up to a spyware warning that I cannot get rid of. IT is red, takes up almost all of the program ICON screen and has a link to security software called "regfreeze".

It also hijacked my Internet explorer start page.

In safe mode I searched for the file, found it, deleted it, and was able to re-start safely. I then must change my internet options to go back to where I want. IF I shut down and turn the computer back on, it goes back to the shdocha hijack. I've done this several times now over the last 24 hours.

I have also been on the phone with Dell and Microsoft and we were unable to resolve it.

If anybody has any ideas about this please let us know.

Derm

Same here in Holland

I have exactly the same Adware problem as Derm.
That is my brother in law. I spend today 3 hours to fix it. Did not work.
Tried removing shdocha from register, removed the shdocha.exe, ran it in Safe modus step by step starting things, removed all start up items in msconfig, but the black screen with de red ad kept coming back.
Ad-Adware SE definitions 19-12-2005 did not recognize it.
Nor did any viruskiller.

I hope that Ad-aware will kill it in a few days or weeks.
Turning Active desktop off killed it temporarely, but as soon as the explorer was launched the black screen came back.

Hey guys, I deal with this thing on a daily basis. I have currently 9 machines in my shop with this gremlin and the most cost effective fix for this is to back up your pics, docs, etc, and reload (formatting the HD before the reload). There currently is no other fix that we are aware of.

turn off system restore when removing viruses. Some will regenerate with system restore on. When you turn it off, system restore erases itself.

shdocha/software security ad problem

I hope to get back on the phone with DELL today. I will post if we make any progress.

shdodcha

For those of us with this problem I did not have the call with Dell yesterday and will be unable to do it today.

This am I started in safe mode, searched for shdocha, and got two files this time instead of one. One was the usual shdochaC:\windows system32 and the other was shdocahexehomzxz016C:\documents&settings mic....

This was the first time for the second one. I deleted both and then re-started. I was surprised again when the default browser came up to my selection instead of being hijacked to the shdocha page.

Has anyone yet tried Tedster's suggestion?

try ewido and spybot - no one sypware killer does 'em all.

shdocha/software security ad problem

I am again short on time but I found this interesting. This morning I went to the Control Panel and opened the display Icon. In the settings for the screen saver and what not on the "appearance" tab, I could get nothing to work. Is it possible for this hijack with the almost full screen warning to have attached itself in that location so that it would come up all the time when the computer is on?

All other tabs worked as usual.

Good luck to all.

You are wasting time, and I hope you you are not paying for Dell tech support, there is currently no fix for this Smitfruad virus / hijacker. You may be able to remove the full screen message but you will not be able to repair the display properties. Bite the bullet - format and reload...you would be back in business by now. Dell tech support are a bunch of morons that are reading steps you should take from a pre-prepared list. When none of these steps will work, they will tell you to format your hard drive and reload your machine. Even if you have a warranty with dell, software is not covered by their warranty.

boot computer in safe mode. Run ewido. Delete virus

Thanks jettwo and tedster.

I tried the spybot already and will try ewido.

Alas I think jettwo may be right. I had a computer consultant I've used for years here yesterday and while he started confidently and did a million things I did not know how to do, to his surprise he did not get rid of it.

He went to webshots and downloaded a background that covered it up. I still know it's there though.

HE says that it is on in the background and is not disturbing anything. I can tell you it is disturbing me.

The display properties are frozen in place still also.

Oh well
MERRY CHRISTMAS ALL!

My son infected his machine with this one the other day. To find it/fix it I did the following.

Boot to Safe Mode
Make sure System Restore is OFF

Using Notepad I created two files in another directory called shdocha.dll and shdocha.exe. I marked these files read only and copied them over top of the offending .exe and .dll. Reboot the machine. This will take care of the immediate problem of the hijacked web page. It should also cause an error to be thrown by the app that actually creates shdocha.exe and shdocha.dll. In my sons case it was C:\windows\system32\temp\OSA.exe (note there is a valid osa.exe as well but it lives elsewhere). When the error is thrown and before you click OK to acknowledge the error look in taskmanger and make note of all running processes (In your case I would suspect that it is html.exe.). Click OK and see what process goes away this is very likely the offending app. Go delete the .exe that is causing the problem. If you are worried just rename it to something else. Also make sure it isn't running.

Now go to regedit and do a search for shdocha and cleanup the entries. You are also going to have an entry in /HKLM/Software/Microsoft/Windows/CurrentVersion/Run that starts up the executable that creates the shdocha files the name should match the name of the file you found in task manager.

Scott

spyware warning and shdocha

MTnbiker,

Did what you did get rid of the big screen warning also?

Derm