|
|||||||||
|
|||||||||
| |||||||||
|
|||||||||
|
|||||||||
| |||||||||
|
|
|
| |||||||||
 |
|
|
«
Previous Thread
|
Next Thread
»
|
Thread Tools | Search this Thread | Rate Thread | Display Modes |
Dev Shed Forums Sponsor:
|
|
Generate data entry and reporting .NET Web apps in minutes, straight from your database. Read our FREE whitepaper “Build Web 2.0 Applications Without Hand-Coding” Download now! |
|
#1
November 3rd, 2004, 10:10 AM
|
|||
|
|||
|
Registry changed.
Hi to all,
I was on the internet yesterday when my desktop background went black and a pop up appeared saying my security could be compromised, I deleted the pop up but the black background remained. I right clicked the background, hit properties and got an address of : file://C:\WINDOWS\desktop.html When I hit view source I got: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <!---- ***** This file is automatically generated by Microsoft Windows ***** --------><HTML><HEAD> <META http-equiv=Content-Type content="text/html; charset=windows-1252"></HEAD> <BODY style="BORDER-RIGHT: medium none; BORDER-TOP: medium none; BORDER-LEFT: medium none; BORDER-BOTTOM: medium none" bottomMargin=0 bgColor=#004e98 leftMargin=0 background="" topMargin=0 rightMargin=0> <DIV style="LEFT: 0px; WIDTH: 1024px; POSITION: absolute; TOP: 0px; HEIGHT: 768px"><IMG style="LEFT: 0px; WIDTH: 100%; POSITION: absolute; TOP: 0px; HEIGHT: 100%" cache src="file:///C:/WINDOWS/web/wallpaper/Bliss.bmp"> </DIV><IFRAME id=0 style="BACKGROUND: none transparent scroll repeat 0% 0%; LEFT: 0px; WIDTH: 1024px; POSITION: absolute; TOP: 1px; HEIGHT: 729px" name=DeskMovrW marginWidth=0 marginHeight=0 src="file:///C:/WINDOWS/desktop.html" frameBorder=0 scrolling=no subscribed_url="C:\WINDOWS\desktop.html" resizeable=""> </IFRAME> <OBJECT id=ActiveDesktopMover style="LEFT: 0px; VISIBILITY: hidden; WIDTH: 0px; POSITION: absolute; TOP: 0px; HEIGHT: 0px; container: positioned; zIndex: 5" classid=clsid:72267F6A-A6F9-11D0-BC94-00C04FB67863></OBJECT> <OBJECT id=ActiveDesktopMoverW style="Z-INDEX: -1; LEFT: -1px; VISIBILITY: hidden; WIDTH: 1026px; POSITION: absolute; TOP: 0px; HEIGHT: 731px; container: positioned" classid=clsid:72267F6A-A6F9-11D0-BC94-00C04FB67863></OBJECT> </BODY></HTML> I deleted desktop.html and the screen went white. When I went to registry-ThemesManager I got: default reg sz (value not set) color name reg sz NormalColor DllName RegExpand_... %SystemRoot\resources\Themes\luna\l... LastUserLangID reg sz 1033 LoadedBefore regsz 1 SizeName reg sz NormalSize ThemeActive reg sz 1 Themes---Default, no value. DefaultVisualStyleOff----Default, no value. DefaultVisualStyleOn----Default, no value. LastTheme: Default REG SZ (value not set) Display Name of Modified REG SZ ThemeFile REG_EXPAND_... %SystemRoot%\resources\Themes\luna.... I have Trojan Hunter, AVG and AdsAware running but got know flags and their system checks show nothing. All this occured on my laptop which uses XP home edition, my PC uses XP Pro and in that registry all the Theme sub catagories have lots of values but since my laptop is home edition I'm sure I cant use them. I tried System Restore which didn't help and if I use my restore disc, I lose too much. Could someone please send me a copy of the values that should be there and possibly instructions on how to enter them. Any help on this would be much appreciated, Sincerely. John.
|
|
#2
November 3rd, 2004, 03:41 PM
|
||||
|
||||
|
Since this is probably due to spyware, I've moved the thread to the Antivirus Protection forum.
|
|
#3
November 5th, 2004, 03:10 PM
|
|||
|
|||
|
Hi calmar,
I agree with Edwin, sounds like Spyware, virus, trojan activity. Download HijackThis. Make sure you install HijackThis to a permanent folder such as C:\HJT as it creates backups of what we will fix. Run the program, press Scan, after a brief pause... press Save log. Notepad will open, copy and paste the entire log into your post. Do not fix anything yet, most of what's in the log is needed! http://www.majorgeeks.com/download3155.html Tom
__________________
HijackThis Ad-aware Spybot Search & Destroy SpywareBlaster SpywareGuard Housecall Online A/V Scan Please read the stickys at the top of the forum before posting!
|
|
#4
January 4th, 2005, 02:46 PM
|
|||
|
|||
|
I don't know the cause but i know how to fix it as this has happened to me. Go to Start/ Settings/ Control Panel/ and double click Display. Click the Desktop tab and then the Customize Desktop tab at the bottom. Click on the Web tab and you should see a box with Web pages written above it. In that box i had a page named Security. Highlight it and delete it (keep it in mind it could be called anything, its safe to delete them all if you want to). Click OK then Apply. You should now be able to set a normal desktop background. Hope this helps
 Quote:
|
|
#5
January 11th, 2005, 12:46 PM
|
|||
|
|||
|
Hi calmar,
If you would like to post a HijackThis log, I would be happy to look at it for you. Please download HijackThis. Make sure you install HijackThis to a permanent folder such as C:\HJT as it creates backups of what we will fix. Run the program, click the button at the top "Do a system scan and save a logfile". Save the log to a convenient place such as C:\HJT Notepad will open, copy and paste the entire log into your post. Do not fix anything yet, most of what's in the log is needed! http://www.majorgeeks.com/download3155.html Tom
|
|
| Viewing: Dev Shed Forums > System Administration > Antivirus Protection > Registry changed. |
| Thread Tools | Search this Thread |
| Display Modes | Rate This Thread |
|
|
 |
|
|
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Simpy
Y! MyWeb
Linear Mode
