Re: Hijacked by AntiVirus Gold

---

• From: "Kerry Brown" <kerry@xxxxxxxxxxxxxxxxxxx*a*m>
• Date: Wed, 25 May 2005 15:56:03 -0700

---

"Terry Smythe" <smythe@xxxxxxx> wrote in message
news:d0l991lmb7qbhnb5kc3pesl5nem4rpl64k@xxxxxxxxxx
>I have now verified that my desktop has been hijacked by
> "desktop.html" It resides in c:\windows I've tried
> deleting it and editing it, but can't get rid of it. Keeps coming
> back from somewhere, no matter what I do.
>
> It has imbedded within it a command to visit the Antivirus Gold web
> site. It appears to be extremely malicious marketing, planting 3
> virus that only it can remove, and itself. Its message is, 'if you
> want to remove these virus, then buy me'
>
> A search for this file on my computer reveals only 1 copy. If I
> delete it, it is replaced upon reboot. If I edit it, it is replaced
> upon reboot.
>
> A 'net search suggests an incredibly convoluted procedure for getting
> rid of it. Surely there must be an easier way.
>
> Along with SpyBot, AdAware, Microsoft's new parasite detector/remover
> fails to see it. They see all kinds of things, but won't touch this
> one. Registry First Aid finds only a single entry, deletes it, and
> upon reboot, it's back again. It's not in Startup.
>
> I'm hopeful of finding some kind of specific utility to remove this
> ugly parasite.
>
> Regards,
>
> Terry Smythe
>

Go to the following link and download HijackThis.

http://www.aumha.org/freeware/freeware.php#hjt

Run it and then post the log it generates to one of the forums dedicated to
it's use. A good place to start is here:

http://forum.aumha.org/viewforum.php?f=30

http://www.techsupportforum.com/forumdisplay.php?f=50

http://castlecops.com/forumx67-0-50.html

Don't post the log here. Some malware hides very deep in the system and
isn't detected by any of the spyware removal programs. Hijackthis and other
tools will assist in it's manual removal. Barring that you could backup your
data and reinstall Windows and all your programs then restore the data. If
you are unable to do either I recommend you take your computer to a
professional to have it fixed.

Kerry


.

---

• Follow-Ups:
  • Re: Hijacked by AntiVirus Gold
    • From: veliko

• References:
  • Hijacked by AntiVirus Gold
    • From: Terry Smythe
  • Re: Hijacked by AntiVirus Gold
    • From: Locke
  • Re: Hijacked by AntiVirus Gold
    • From: Terry Smythe

• Prev by Date: wrong screen saver
• Next by Date: RE: Forever Stuck in Safe Mode???
• Previous by thread: Re: Hijacked by AntiVirus Gold
• Next by thread: Re: Hijacked by AntiVirus Gold
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Ok, so Im a lazy moron - Explorer crashes at startup ... >>> Reboot into Windows. ... If problem persists, reboot back into Safe Mode, ... >>> run HijackThis (no other windows open) and save the log. ... (microsoft.public.windowsxp.general) Re: Recent folder problem.... ... HijackThis has a Delete a file on reboot tool. ... burris hunted and pecked: ... > The names are strange and undecipherable....dates from the past and well ... (microsoft.public.windowsxp.general) Re: Spyware...help!!! ... "PA Bear" wrote in message ... >I wouldn't trust anyone but a spyware expert to get rid of the stuff. ... > kathy wrote: ... HijackThis ... (microsoft.public.windowsxp.general) Re: Still Hi-Jacked by Anti-Virus Gold ... > blocking an MSAS report, even in safe mode. ... This is not the best place to post a HiJackThis log. ... it will get rid of it. ... (microsoft.public.windowsxp.help_and_support) Re: TBPS.exe ... >> I cannot get my computer to rid the TBPS.exe and TBPSSvc. ... See below for HijackThis links. ... > the most recent System Restore point from the More ... Do not install driver updates from Windows Update. ... (microsoft.public.windowsxp.security_admin)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(12)