Solve : wallpaper change? – InterviewSolution

InterviewSolution

1.	Solve : wallpaper change?
Answer» I need HELP! My wallpaper turns black and changes into an image of a "spiderweb tattooed a**hole"! I've got adaware, spybot, avast and zone alarm running and updated but they don't detect the problem! The pest puts a bmp file in winnt folder that sets as wallpaper. Even if i delete it and the temporary files, the wallpaper changes after a short time! I tried to run spybot and adware in safemode and also to delete a value in regedit in which I found the bmp file "WALLCHANG.BMP" but it doesn't fix! I NOTICED that the pest add 2 files in winnt: WALLCHANG.BMP WP.JPG they are the same image but the one DISPLAYED in the desktop properties is only the first one. I DON'T KNOW WHAT TO DO! HELP! thanks! Lolinza HijackThis! may help you. I wonder what kind of websites you VISIT to end up with something like that.. i just have it...i can paste my start up here so that you have a look? in the meantime i tried to lock my wallpaper settings in the registry ADDING NoChangingWallpaper DWORD in [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ ActiveDesktop] it seems to work but, veven if so, i haven't solve the problem... ps...i don't visit that kind of websites! HERE'S THE LOGFILE: Logfile of HijackThis v1.97.7 Scan saved at 13.46.04, on 31/08/2004 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\Ati2evxx.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe C:\Programmi\Alwil Software\Avast4\ashserv.exe C:\WINNT\System32\svchost.exe C:\Programmi\Norton Utilities\NPROTECT.EXE C:\WINNT\system32\MSTask.exe C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe C:\Programmi\Speed Disk\nopdb.exe C:\WINNT\system32\ZoneLabs\vsmon.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\Ati2evxx.exe C:\WINNT\Explorer.EXE C:\Programmi\tbridge\Flatbed.exe C:\Programmi\QuickTime\qttask.exe C:\Programmi\File comuni\Real\Update_OB\realsched.exe C:\Programmi\Alwil Software\Avast4\ashDisp.exe C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe C:\Programmi\WLAN\802.11 Wireless LAN\WWlanMonitor.exe C:\Programmi\Zone Labs\ZoneAlarm\zapro.exe C:\Programmi\Internet Explorer\IEXPLORE.EXE D:\Documenti\mp3\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.it/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.fastweb.it R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da FastWeb R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.fastweb.it R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti F1 - win.ini: load=C:\Progra~1\TBridge\Flatbed.exe O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe O4 - HKLM\..\Run: [MOD] C:\Programmi\Microangelo\muamgr.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [NAVAPIW32] C:\WINDOWS\SYSTEM32\NAVAPIW32.exe O4 - HKLM\..\Run: [avast!] C:\Programmi\Alwil Software\Avast4\ashDisp.exe O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe O4 - HKCU\..\Run: [UninstallAbility] "C:\Programmi\UninstallAbility\uability.exe" /AUTO O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: WLAN Monitor Utility.lnk = C:\Programmi\WLAN\802.11 Wireless LAN\WWlanMonitor.exe O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Programmi\Zone Labs\ZoneAlarm\zapro.exe O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Ricerche (HKLM) O14 - IERESET.INF: START_PAGE_URL=http://www.fastweb.it O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/222563200ebb1e3fa717/netzip/RdxIE601_it.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab I donot see anything out of the ordinary. Did you? Perhaps you should allow either Adaware or Spybot S&D (Not at the same time) to boot at startup (Check settings) They may be able to remove the culprit by accessing the memory before other programs can.

Discussion

No Comment Found

Related InterviewSolutions