Anyone seen this virus before? It changes your wallpaper. Anyone know anything about it and how to remove it?
You can rename the zip file to a jpeg or gif to view.
Please dont be scared to open the file, its only a picture.
Any help appreciated.
March 28th, 2008, 02:32 PM
Kind of a scary name for a thread :)
I tried changing the ext to .jpg and .gif, but could not open the file.
edit: Guess I misunderstood, I had to extract the file from the archive, then change the extension. I have not seen that before, but I would run the usual scans... which you have probably done. Have you had any luck getting rid of this thing?
March 28th, 2008, 02:49 PM
I have faced these neat liittle spyware viruses before. here is some rationale behond how it works. The virus has changedyour desektop to use a homepage. It can get tought ot delete whereas it will probably duplicate itself when you restart your computer. First I will need some information. Can you download a copy of HiJackThis and run it and copy the log to tihs thread please? From there I can see whats running when your computer turns son as well as how your registry and startup has been changed.
Yup Ive seen that exact one before :-P Its been awhile but some of those desktop hijacks use active desktop to put a fullsize web page on your screen so even if you change you wall paper it still shows up :-P
March 29th, 2008, 03:34 AM
So...turning off active desktop would break it?
March 29th, 2008, 06:44 AM
smitfraud fix by siri!
run it in safemode. Then run the usual suspects (adaware, avg, spyware doctor, spy sweeper, kaspersky, autoruns and hijackthis)
should clean it, but make sure to run a disk cleanup. Should do it.
What you have is a smitfraud variant
March 29th, 2008, 08:47 AM
You see I work for Panda so using 3rd party tools is abit of a no no :)