Re: Hijacked by AntiVirus Gold

From: Terry Smythe <smythe@xxxxxxx>
Date: Wed, 25 May 2005 19:49:59 GMT

I have now verified that my desktop has been hijacked by
"desktop.html" It resides in c:\windows I've tried
deleting it and editing it, but can't get rid of it. Keeps coming
back from somewhere, no matter what I do.

It has imbedded within it a command to visit the Antivirus Gold web
site. It appears to be extremely malicious marketing, planting 3
virus that only it can remove, and itself. Its message is, 'if you
want to remove these virus, then buy me'

A search for this file on my computer reveals only 1 copy. If I
delete it, it is replaced upon reboot. If I edit it, it is replaced
upon reboot.

A 'net search suggests an incredibly convoluted procedure for getting
rid of it. Surely there must be an easier way.

Along with SpyBot, AdAware, Microsoft's new parasite detector/remover
fails to see it. They see all kinds of things, but won't touch this
one. Registry First Aid finds only a single entry, deletes it, and
upon reboot, it's back again. It's not in Startup.

I'm hopeful of finding some kind of specific utility to remove this
ugly parasite.

Regards,

Terry Smythe

.

Follow-Ups:
- Re: Hijacked by AntiVirus Gold
  - From: Kerry Brown
- Re: Hijacked by AntiVirus Gold
  - From: Locke

References:
- Hijacked by AntiVirus Gold
  - From: Terry Smythe
- Re: Hijacked by AntiVirus Gold
  - From: Locke

Prev by Date: Having some serious difficulties
Next by Date: Re: Hijacked by AntiVirus Gold
Previous by thread: Re: Hijacked by AntiVirus Gold
Next by thread: Re: Hijacked by AntiVirus Gold
Index(es):
- Date
- Thread

Relevant Pages

Re: Hijacked by AntiVirus Gold
... The virus can reside in the System Restore and reinstall itself upon ... reboot - it doesnt have to be listed in the startup to do this. ... > deleting it and editing it, but can't get rid of it. ... > Along with SpyBot, AdAware, Microsoft's new parasite detector/remover ...
(microsoft.public.windowsxp.help_and_support)
RE: Move of RID problems
... If the machine that holds any FSMO role dies and the System State of that ... when things don't happen as expected a reboot sometimes helps. ... FSMO role holder first and then see if the others recognize the role. ... others are pointing for RID Manager$ using adsiedit: ...
(microsoft.public.win2000.active_directory)
Re: TAPIS.EXE
... then go in and delete the file and get rid of it. ... > 3) If you are using WinME or WinXP, disable System Restore ... > 4) Reboot your PC into Safe Mode and shutdown as many applications as possible. ... I installed McAfee virus scan and scanned for viruses and ...
(microsoft.public.win2000.general)
Re: Warning! Your Computer is Infected! Press Here for Help!
... > Press Help button to learn how to protect your computer. ... > other situations that are similar without getting rid of it. ... > rebooted into safe mode then ran ad-aware and spybot then reboot and ... it isn't technically a virus. ...
(microsoft.public.windowsxp.general)
Re: SysHL running in task manager
... How do I get rid of it? ... Pest Patrol from ... If they work but the pest comes back after a reboot try.. ... Kill the process using task manager but do not reboot. ...
(microsoft.public.windowsxp.general)