Red desktop "PRIVACY IS IN DANGER"

[vogueadishu]

I've read some threads about this problem, and have run "hijackthis" and erased the privacy_danger file. I am hoping that took care of the problem, as I have yet to see anymore pop ups or anything *crossing my fingers* I'm not even sure how this got onto my computer, as i don't download anything (I suppose it's possible that my fiance did it). Anyway, I redid the hijack this scan, and was hoping someone could reassure me that there isn't anything else that is malicious on there. Thanks!

 

[kritius]

You are still infected,
O4 - HKLM\..\Run: [antiviirus] C:\Program Files\antiviirus.exe

You need to download SDFix,

Run the SDFix.exe by double clicking on it.

Allow it to install into the default location which is normally c:\SDFix

Now please reboot your computer into Safe Mode

When you have booted into safe mode, open the C:\SDFix folder and double click RunThis.bat to start the script.

Type Y to begin the cleanup process.

It will remove any Trojan Services or Registry entries found and then prompt you to press any key to Reboot.

Press any Key and it will restart the PC.

When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.

Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.

Attach the Report.txt file to your next message.

Also Install an antivirus program and a firewall immediately, I didnt see any in your log.

When you have done these steps post a new HJT log with the rapport.txt file

Once this is eliminated then we can move on to other problems.

 

[vogueadishu]

okay, I ran the program, hoping this fixes it now. Also, I'm going to have my fiance install some anti virus and firewalls programs when he gets home from work (he has a specific program that he uses on his computer)...

 

[kritius]

Ok,

Looking slightly better. Have HJT fix these files,
O2 - BHO: Proxy Connection support DLL - {1DC9D850-044D-11E1-B3C9-00805E499D93} - C:\WINDOWS\system32\proxyspd.dll
O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - http://w4s2.work4sure.com/c/ge/w4sgeen9.exe


Also you should probably think about uninstalling Viewpoint, its called foistware, in other words its foisted on people that dont really need it.

To get rid of it,

Go to Start > Run and copy/paste or type: taskmgr

* Under the Processes tab find the following tasks or processes:
ViewpointService.exe
ViewMgr.exe
* Highlight and click "End Process".
* Exit Task Manager.

Click on Start > Run and type: services.msc

* Press "OK".
* Click the "Extended tab".
* Scroll down the list and find the service called "Viewpoint Manager Service"
* When you find the service, double-click on it.
* In the Properties Window > General Tab that opens, click the "Stop" button.
* From the drop-down menu next to "Startup Type", click on "Disabled".
* Now click "Apply", then "OK" and close any open windows.

Click on Start > Settings > Control Panel > Add/Remove Programs > highlight and remove all references to Viewpoint - i.e. Viewpoint, Viewpoint Manager, Viewpoint Media Player.

Finally, delete the following folders if they still exist:
C:\Program Files\ViewManager\ <-- and delete this folder
C:\Program Files\Viewpoint\ <-- and delete this folder

It might also be a good idea to download stinger and have it do a check for you.

What anti virus stuff does your fiance use? I would avoid Norton at all costs.

Rescan with HJT and post another log after completeing these steps.