Raze spyware

[joshcupp]

post-raze spyware

I had raze spyware flashing on my desktop demanding moolah, so I scanned Spybot, Trojanhunter, Ewido, Panda Active scan and got rid of some baddies, but now instead of the raze adware I have this flashing grey then white html screen on my desktop. So here's my new hjt log if any can help. puke:

 

[RealBlackStuff]

C:\Documents and Settings\Owner\Desktop\hijackthis\HijackThis.exe
Put HijackThis in e.g. C:\Program Files\HJT and NOT in Temp or on the Desktop!.

First Read: Only use these HJT-instructions when asked!
/P/ Process needs to be stopped
Transfer the text from between these dotted lines underneath to between the dotted lines of that post.
Make sure to follow ALL instructions in SEQUENCE, and in HiJackThis tick/fix ALL lines indicated here!
...................................................................................................
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
/P/ O4 - HKLM\..\Run: [dmcvc.exe] C:\WINNT\System32\dmcvc.exe
Fix ALL your O16 - DPF: entries
Unless these IP-numbers are from your ISP, fix this O17
O17 - HKLM\System\CCS\Services\Tcpip\..\{81B1B5CB-08AD-49C7-A5FA-2EFE9D923DCA}: NameServer = 85.255.114.91,85.255.112.108
...................................................................................................

STOP using that crappy IE (other than for Windows-updates) and install Firefox from www.getfirefox.com

And it's also HIGH TIME you install SP2!

 

[joshcupp]

Okay did that, but my desktop is still flashing grey and white here's a new hjt.

 

[RealBlackStuff]

I told you to fix all your O16 entries! They are ActiveX crap!

 

[joshcupp]

Crap fixed. My screen is still flashing grey and white. New hjt.

 

[RealBlackStuff]

Come back when you have a decent antivirus program like AVG (not Norton/Symantec) and XP-SP2 installed.

 

[joshcupp]

Okay AVG & SP2. Ran AVG in safemode found 1 ad ware deleted it. Rebooted screen still has grey and white html on desktop. Here's my new HJT.

 

[RealBlackStuff]

Rightclick anywhere on the desktop, select Properties.
If you have a Web tab, go in there and UNtick everything in there. Click on Apply/OK.
Do you use any 'funny' screensavers or background?
Your HJT-log is clean, by the way.

 

[joshcupp]

All I have is the general tab. Screen saver is black and a pic are both from windows.

 

[dardack]

Web Tab and Thanks

Ok i had this same problem and this thread helped me. Thanks RealBlackStuff. Didn't even know that existed in XP. joshcupp, I noticed you said you couldn't find the web tab, this is how you find it.

Either go to control panel -> Display or right click on available desktop -> properties. From there: It is under Desktop Tab -> Click Customize Desktop -> Then click web tab.

I just deleted the thing that was listed there and nice flashy raze thingy is now gone. I had cleaned everything, but this thing was still there. Stupid IE, never use it but firefox was acting funny and needed to do something, and boom get some stupid crap. Glad i at least had teatimer running, blocked a bunch of stuff from being inserted in the registry.

 

[Niatona]

That did the trick, Thankyou very much, that thing was just bastardly

 

[alex47]

Same problem with desktop spyware!!

Hey guys,
I have the exact same problem as joshcupp was describing... i've scanned everything several times using various spyware removers whihc removed a few spyware items, but my desktop is still flashing white/grey... i've gone into the control panel/display/desktop/customize desktop/web and deleted a web page in there called 'Security'... but as soon as I exit the contorl panel and go in again it's reappeared???

I've attacehd a hijackthis logfile.... please if anyone can help out that would be HUGELY appreciated this is driving me insane....

peace out!

 

[RealBlackStuff]

C:\Documents and Settings\Alexander\Desktop\HijackThis.exe
Put HijackThis in e.g. C:\Program Files\HJT and NOT in Temp or on the Desktop!.

First Read: Only use these HJT-instructions when asked!
/P/ Process needs to be stopped
/U/ UNinstall anything to do with this
/R/ unRegister the xxx.DLL in that line
Transfer the text from between these dotted lines underneath to between the dotted lines of the above post.
Make sure to follow ALL instructions in SEQUENCE, and in HiJackThis tick/fix ALL lines indicated here!
...................................................................................................
O2 - BHO: CInterfaceObj Object - {58F07DD3-924D-4141-BC74-299F523A95F1} - C:\WINDOWS\pxwma.dll (file missing)
/P/U/ O4 - HKLM\..\Run: [Daily Weather Forecast] C:\Program Files\Daily Weather Forecast\weather.exe
/P/U/ O4 - HKLM\..\Run: [Information Update] C:\Program Files\Information Update\iu.exe
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
/R/ O20 - AppInit_DLLs: interceptor.dll
...................................................................................................

 

[miricleboy]

ok ppl i have figured this bugger out

its so simple its not even funny

ok here it us

start>control pannel>display

then go to desktop tab

after ur there click the button customize desktop

there click the web tab

there delete the enrty called security (or what ever else u have there) this gets rid of the annoying desktop

i will test for further problems

 

[Callander Girl]

Thank You!!!!

Thank you! That did the trick!

 

[zeitek]

Thanks. It really helps.
By the way, what is this spyware and why does it affect my desktop? Why couldn't any spyware program remove this spy?

 

[alex47]

ok ppl i have figured this bugger out

its so simple its not even funny

ok here it us

start>control pannel>display

then go to desktop tab

after ur there click the button customize desktop

there click the web tab

there delete the enrty called security (or what ever else u have there) this gets rid of the annoying desktop

i will test for further problems

thats great, unless of course the virus/spyware has disabled your access to that tab, or the 'security' entry simply reappears once you exit as it did in my case.

 

[DeepSafer]

Read about this "razespyware" here - shootspyware.com
Interesting article about razespyware... :[