[LostShadow]

A virus removed my wallpaper to a black screen, and using an anti-virus program didn't undo it.

So after using Avira, I then right clicked the image, and seleted Set as desktop background.

It doesn't change a thing.

When I right-click the wallpaper, and select personalize, under My Themes (1), it just has an unsaved theme with an all-black image, which is essentially my wallpaper. I think somehow whatever image was stored it automatically became all black and I can't change it.

Is there anything in regedit or so I can type to fix it?

Note that, this virus, it did things that the anti-virus didn't undo. For example, it changed all my files in all my folders to hidden (and not viewing hidden files), and so I just have to manually unhidden files folders at a time. Obviously, the anti-virus didn't undo that, so I think there's some property I need to fix to get my wallpaper back again.

Thanks.

[Catacaustic]

If a virus has given you problems like that and the anti virus can't resurrect them, I would strongly suggest that you back up your files (very carefully to ensure that there's no infections or left-over stuff in there), reformat your PC and start again. If you can see problems like that there still, then it's a big concern about what other problems are still left that you can't see yet.

[LostShadow]

Originally Posted by Catacaustic

If a virus has given you problems like that and the anti virus can't resurrect them, I would strongly suggest that you back up your files (very carefully to ensure that there's no infections or left-over stuff in there), reformat your PC and start again. If you can see problems like that there still, then it's a big concern about what other problems are still left that you can't see yet.

Actually, this is 1 of those viruses that want money. So there is no pure evil in the virus (deleting everything), but making it seem like everything is deleted (you just have to unhidden all the files). Basically money-requesting viruses have the ability to undo everything it did, so in this case, there is no pure evil element of wiping everything indefinitely. I just have to find a workaround for the desktop wallpaper.

I remember years back I had a virus that prevented my task manager from popping up, it'll say the admin disabled task managers. I asked in a computer channel on IRC and all I had to do was change something in a regedit to a 1 or something. Or change digits. Somehow something like this I feel I just have to do.

As for reformatting, this is actually a Notebook, so there is no CD ROM drive, so it didn't come with a CD to reformat. Not sure how to reformat a Notebook heh.

[Doug G]

An external CD/DVD drive should work for you. I agree with catacaustic, the safest course of action is to backup/erase/reformat/reinstall-from-scratch. Many malwares are very well hidden and may even add a rootkit to your computer. Every keystroke you make could be being monitored then sent to a thief somewhere.

Also, virus or not, the best time to figure out how to backup and restore your laptop is while it's still working, not after it dies

[Catacaustic]

Originally Posted by LostShadow

Basically money-requesting viruses have the ability to undo everything it did, so in this case, there is no pure evil element of wiping everything indefinitely. I just have to find a workaround for the desktop wallpaper.

If that's the case, then why can't you get the desktop wallpaper back?? And, how do you really know exactly what it's doing in the background??

This is defiantly a case of "better safe then sorry". Personally, I would not trust my PC if I had that issue, even if I could get the desktop working. That's why I keep backups, and backups of backups. I can wipe everything, start again, loose nothing and know that I've got no possibility of residual issues.

Of course this may not be for you. You can always just try to figure out something for the desktop if that suits you, but I don't think that there's many people apart from the writer of that original virus that would be able to help you with info about just what it's changed, and how to get that back.

[LostShadow]

Originally Posted by Catacaustic

If that's the case, then why can't you get the desktop wallpaper back??

Because I didn't pay the virus to undo itself.

Originally Posted by Catacaustic

And, how do you really know exactly what it's doing in the background??

False question, I don't.

Originally Posted by Catacaustic

This is defiantly a case of "better safe then sorry". Personally, I would not trust my PC if I had that issue, even if I could get the desktop working. That's why I keep backups, and backups of backups. I can wipe everything, start again, loose nothing and know that I've got no possibility of residual issues.

Of course this may not be for you. You can always just try to figure out something for the desktop if that suits you, but I don't think that there's many people apart from the writer of that original virus that would be able to help you with info about just what it's changed, and how to get that back.

Because I think Avira Anti-virus quarantined all the files, but quarantining/removing the files just not necessarily undo what the files did prior.

As far as how I know what else could be controlling the notebook, such an .exe would show up in the task manager. Currently, my previous laptop could not open task manager still. When it does, it popups up saying task manager is disabled, and closes. When I change the number in regedit to the right number, to enable it, a second later it goes back if I view it, so I know a .exe is causing and constantly changing it. Why not just close and delete the .exe? Well that would require me to open the task manager to find it, which is what the .exe is preventing me from doing in the 1st place.

Currently, I don't have this issue in this virus. Viewing the task manager, then I know there is no living .exe causing it, with my desktop wallpaper issue. If I somehow change the correct numbers in regedit and I see I am back in the same problem (this is called toubleshooting) then I know there is something else going on in my notebook but I do not know that yet.

1 step at a time.

Anyways, I'm all for troubleshooting. Experimenting around also just lets me learn about viruses, and fixing them.

-

As for getting an external, I don't have a CD that it came with if it were a notebook, I thought, so I could just manually buy a Windows 7 CD to back-up?

[Catacaustic]

Originally Posted by LostShadow

As far as how I know what else could be controlling the notebook, such an .exe would show up in the task manager.

Wrong. A quick search found this...

http://www.planet-source-code.com/vb/scripts/ShowCode.asp?lngWId=1&txtCodeId=66529

It's really not that hard to hide a process from the task manager - that's standard virus operation.

Originally Posted by LostShadow

If I somehow change the correct numbers in regedit and I see I am back in the same problem (this is called toubleshooting) then I know there is something else going on in my notebook but I do not know that yet.,

This means that the virus is still active in at least some form on your system. If it was properly quarantined/deleted you would not have this problem.

I'm all for understanding how things work, investigating, etc, etc, etc. But NOT on your main PC. That needs to be clean, clear and have no issues whatsoever. If you want to study the virus patterns at every least run them on a virtual machine, and let the virus go nuts on that.

[LostShadow]

Originally Posted by LostShadow

If I somehow change the correct numbers in regedit and I see I am back in the same problem (this is called toubleshooting) then I know there is something else going on in my notebook but I do not know that yet.

I don't know if I have this issue or not.

I went to regedit.exe and under HKEY_CURRENT_USER\Control Panel\Desktop\Wallpaper, to the right, I scrolled down to Wallpaper and WallpaperOld.

Wallpaper was valueless but WallpaperOld's value is C:\Users\Neal\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg.

I went to open up TranscodedWallpaper.jpg and it was the right image. Only that the original image was my cat Kitty.jpg.

So under Wallpaper, I added the value of that to it and it didn't change. When I closed regedit and reopened the value for Wallpaper went blank again.

So I changed the value for Wallpaper to C:\Users\Neal\Pictures\Kitty.jpg (original file).

This value did not revert back (yay).

Closed regedit twice and the value still remained. But the desktop is still black.

I hope rebooting the notebook will fix it I'll let you guys know if it does.

[LostShadow]

Problem solved.

I don't think the wallpaper was up, so then I saw I had the file still open in IE I think.

I just right clicked, and set as desktop.

It worked.

I went over to regedit.

For Wallpaper, it says

C:\Users\Neal\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp

Why Internert Explorer Wallpaper.bmp?

It was originally Kitty.jpg in My Pictures.

I guess I just found a workaround.