Virus ? See attachment.
Anyone seen this virus before? It changes your wallpaper. Anyone know anything about it and how to remove it?
You can rename the zip file to a jpeg or gif to view.
Please dont be scared to open the file, its only a picture.
Any help appreciated.
Kind of a scary name for a thread :)
I tried changing the ext to .jpg and .gif, but could not open the file.
edit: Guess I misunderstood, I had to extract the file from the archive, then change the extension. I have not seen that before, but I would run the usual scans... which you have probably done. Have you had any luck getting rid of this thing?
I have faced these neat liittle spyware viruses before. here is some rationale behond how it works. The virus has changedyour desektop to use a homepage. It can get tought ot delete whereas it will probably duplicate itself when you restart your computer. First I will need some information. Can you download a copy of HiJackThis and run it and copy the log to tihs thread please? From there I can see whats running when your computer turns son as well as how your registry and startup has been changed.
Sorry if my post was abit vague :)
I havent had any luck getting rid if this.
Any ideas ?
What about hijack this...as previously suggested?
Try a-squared free: (3rd one down on the site)
It works for me every time...or try the trial version of counterspy if that doesn't work:
these will hopefully get rid of it :cool:
Yup Ive seen that exact one before :-P Its been awhile but some of those desktop hijacks use active desktop to put a fullsize web page on your screen so even if you change you wall paper it still shows up :-P
So...turning off active desktop would break it?
smitfraud fix by siri!
run it in safemode. Then run the usual suspects (adaware, avg, spyware doctor, spy sweeper, kaspersky, autoruns and hijackthis)
should clean it, but make sure to run a disk cleanup. Should do it.
What you have is a smitfraud variant
You see I work for Panda so using 3rd party tools is abit of a no no :)
But Ill give it a go ...