Solve : Bug Screen Saver Eating Desktop?

1.	Solve : Bug Screen Saver Eating Desktop?
Answer» Almost there. Download OTMoveIt2 by OldTimer Save it to your desktop. Double-click OTMoveIt2.exe to run it. Copy the lines in the codebox below. Code: [Select][kill explorer] C:\Documents and Settings\Aaron\Application Data\shce5gj0ej4l C:\WINDOWS\system32\phc95gj0ej4l.bmp EmptyTemp [start explorer] Return to OTMoveIt2, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste Click the red Moveit! button. Copy everything in the Results window (under the green bar) and paste it in your next reply. Close OTMoveIt2 . ---------- Let's clear out the programs we've been using to clean up your COMPUTER, they are not suitable for general malware removal and could cause damage if launched accidentally. These steps will also help secure the work you have DONE. . Click START then RUN Now type Combofix /u in the runbox Make sure there's a space between Combofix and /u Then hit Enter. . . The above procedure will: Delete: ComboFix and its associated files and folders. VundoFix backups, if present The C:\Deckard folder, if present The C:_OtMoveIt folder, if present Reset the clock settings. Hide file extensions, if required. Hide System/Hidden files, if required. Set a new, clean RESTORE Point. . ---------- 1. Double click OTMoveIt2.exe to launch it. Vista users right click and choose Run As Administrator 2. Click on the CleanUp! button. 3. OTMoveIt2 will download a list from the Internet, if your firewall or other defensive programs alerts you, allow it access. 4. Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?) 5. Once complete exit out of OTMoveIt2 ---------- Set a New Restore Point to prevent possible reinfection from an old one Setting a new restore point AFTER cleaning your system will enable your computer to roll-back to a clean working state if needed. GO to Start > Programs > Accessories > System Tools and click System Restore Choose the radio button marked Create a Restore Point on the first screen then click Next Give the Restore Point a name then click Create. The new restore point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore. Next go to Start > Run and type Cleanmgr Click OK Click the More Options Tab. Click Clean Up in the System Restore section to remove all previous restore points except the newly created clean one. . ---------- Use the Secunia Software Inspector to check for out of date software. Click Start Now Check the box next to Enable thorough system inspection. Click Start Allow the scan to finish and scroll down to see if any updates are needed. Update anything listed. . ---------- Here are some great FREE tools to help you keep from getting infected again. These tools use little or no resources so won't slow down your PC. To prevent unknown applications from being installed on your computer install WinPatrol 2008 Using Winpatrol to protect your computer from malicious software Another thing I would suggest installing SiteAdvisor. SiteAdvisor rates sites on business practices and spam. SpywareBlaster - Secure your Internet Explorer to make it harder for these ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. Using SpywareBlaster to protect your computer from Spyware and Malware Check out Keeping Yourself Safe On The Web for tips and free tools to keep you safe in the future. Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth. How is everything now? Here are the results from MoveIt! Explorer killed successfully C:\Documents and Settings\Aaron\Application Data\shce5gj0ej4l\Quarantine\Packages moved successfully. C:\Documents and Settings\Aaron\Application Data\shce5gj0ej4l\Quarantine\BrowserObjects moved successfully. C:\Documents and Settings\Aaron\Application Data\shce5gj0ej4l\Quarantine\Autorun\StartMenuCurrentUser moved successfully. C:\Documents and Settings\Aaron\Application Data\shce5gj0ej4l\Quarantine\Autorun\StartMenuAllUsers moved successfully. C:\Documents and Settings\Aaron\Application Data\shce5gj0ej4l\Quarantine\Autorun\HKLM\RunOnce moved successfully. C:\Documents and Settings\Aaron\Application Data\shce5gj0ej4l\Quarantine\Autorun\HKLM moved successfully. C:\Documents and Settings\Aaron\Application Data\shce5gj0ej4l\Quarantine\Autorun\HKCU\RunOnce moved successfully. C:\Documents and Settings\Aaron\Application Data\shce5gj0ej4l\Quarantine\Autorun\HKCU moved successfully. C:\Documents and Settings\Aaron\Application Data\shce5gj0ej4l\Quarantine\Autorun moved successfully. C:\Documents and Settings\Aaron\Application Data\shce5gj0ej4l\Quarantine moved successfully. C:\Documents and Settings\Aaron\Application Data\shce5gj0ej4l moved successfully. C:\WINDOWS\system32\phc95gj0ej4l.bmp moved successfully. < EmptyTemp > File delete failed. C:\DOCUME~1\Aaron\LOCALS~1\Temp\hpodvd09.log scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Aaron\LOCALS~1\Temp\~DF9616.tmp scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_6d8.dat scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot. Temp folders emptied. IE temp folders emptied. Explorer started successfully OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 06102008_175046 Have to restart before doing the REST...Everything seems to be up and running fine. Thanks for all of your help. No problem. Safe surfing......Sheesh, this sure is popping up a lot lately. Last night, I was working on a friend's computer that had this exact same thing (among many other infections). There was a blackster.exe file in C:\WINDOWS\system32 that you might want to look out for.

Answer»

Save it to your desktop.

Double-click OTMoveIt2.exe to run it.
Copy the lines in the codebox below.

Code: [Select][kill explorer]
C:\Documents and Settings\Aaron\Application Data\shce5gj0ej4l
C:\WINDOWS\system32\phc95gj0ej4l.bmp
EmptyTemp
[start explorer]

Return to OTMoveIt2, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste

Click the red Moveit! button.
Copy everything in the Results window (under the green bar) and paste it in your next reply.
Close OTMoveIt2

.
----------

Let's clear out the programs we've been using to clean up your COMPUTER, they are not suitable for
general malware removal and could cause damage if launched accidentally. These steps will also help secure the work you have DONE.
.

Click START then RUN
Now type Combofix /u in the runbox
Make sure there's a space between Combofix and /u
Then hit Enter.

.
.
The above procedure will:

Delete:
ComboFix and its associated files and folders.
VundoFix backups, if present
The C:\Deckard folder, if present
The C:_OtMoveIt folder, if present

Reset the clock settings.
Hide file extensions, if required.
Hide System/Hidden files, if required.
Set a new, clean RESTORE Point.

.
----------

1. Double click OTMoveIt2.exe to launch it.
Vista users right click and choose Run As Administrator
2. Click on the CleanUp! button.
3. OTMoveIt2 will download a list from the Internet, if your firewall or other defensive programs alerts you, allow it access.
4. Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?)
5. Once complete exit out of OTMoveIt2

----------

Set a New Restore Point to prevent possible reinfection from an old one
Setting a new restore point AFTER cleaning your system will enable your computer to roll-back to a clean working state if needed.

GO to Start > Programs > Accessories > System Tools and click System Restore
Choose the radio button marked Create a Restore Point on the first screen then click Next Give the Restore Point a name then click Create.
The new restore point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
Next go to Start > Run and type Cleanmgr
Click OK
Click the More Options Tab.
Click Clean Up in the System Restore section to remove all previous restore points except the newly created clean one.

.
----------

Use the Secunia Software Inspector to check for out of date software.

Click Start Now
Check the box next to Enable thorough system inspection.
Click Start
Allow the scan to finish and scroll down to see if any updates are needed.
Update anything listed.

.
----------

Here are some great FREE tools to help you keep from getting infected again. These tools use little or no resources so won't slow down your PC.

To prevent unknown applications from being installed on your computer install WinPatrol 2008
Using Winpatrol to protect your computer from malicious software

Another thing I would suggest installing SiteAdvisor. SiteAdvisor rates sites on business practices and spam.

SpywareBlaster - Secure your Internet Explorer to make it harder for these ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
Using SpywareBlaster to protect your computer from Spyware and Malware

Check out Keeping Yourself Safe On The Web for tips and free tools to keep you safe in the future.

Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.

How is everything now?

Here are the results from MoveIt!

Explorer killed successfully
C:\Documents and Settings\Aaron\Application Data\shce5gj0ej4l\Quarantine\Packages moved successfully.
C:\Documents and Settings\Aaron\Application Data\shce5gj0ej4l\Quarantine\BrowserObjects moved successfully.
C:\Documents and Settings\Aaron\Application Data\shce5gj0ej4l\Quarantine\Autorun\StartMenuCurrentUser moved successfully.
C:\Documents and Settings\Aaron\Application Data\shce5gj0ej4l\Quarantine\Autorun\StartMenuAllUsers moved successfully.
C:\Documents and Settings\Aaron\Application Data\shce5gj0ej4l\Quarantine\Autorun\HKLM\RunOnce moved successfully.
C:\Documents and Settings\Aaron\Application Data\shce5gj0ej4l\Quarantine\Autorun\HKLM moved successfully.
C:\Documents and Settings\Aaron\Application Data\shce5gj0ej4l\Quarantine\Autorun\HKCU\RunOnce moved successfully.
C:\Documents and Settings\Aaron\Application Data\shce5gj0ej4l\Quarantine\Autorun\HKCU moved successfully.
C:\Documents and Settings\Aaron\Application Data\shce5gj0ej4l\Quarantine\Autorun moved successfully.
C:\Documents and Settings\Aaron\Application Data\shce5gj0ej4l\Quarantine moved successfully.
C:\Documents and Settings\Aaron\Application Data\shce5gj0ej4l moved successfully.
C:\WINDOWS\system32\phc95gj0ej4l.bmp moved successfully.
< EmptyTemp >
File delete failed. C:\DOCUME~1\Aaron\LOCALS~1\Temp\hpodvd09.log scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Aaron\LOCALS~1\Temp\~DF9616.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_6d8.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 06102008_175046

Have to restart before doing the REST...Everything seems to be up and running fine. Thanks for all of your help. No problem.

Safe surfing......Sheesh, this sure is popping up a lot lately. Last night, I was working on a friend's computer that had this exact same thing (among many other infections). There was a blackster.exe file in C:\WINDOWS\system32 that you might want to look out for.

Solve : Bug Screen Saver Eating Desktop?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment