Tricky Virus or Spyware

August 25, 2008 at 07:43:58
Specs: Windows XP Home SP2, Pentium 4 2.60GHz CP
My compute has had a virus for about a week. I've tried everything I can think of to get rid of it, and have only made the problem worse if anything. I finally have to ask for help, and I'm afraid this may be my last resort before I just leave the whole system for dead.

Last week my desktop background changed to a message reading:

"WARNING! Spyware detected on your computer! Install an antivirus or spyware remover to clean your computer.
Warning! Win32/Adware.Virtumonde
Warning! Win32/privacyremover.M64"

And my ability to change my desktop has been removed. I made sure I had the latest update for my anti-virus program, McAfee, and ran it to find a few trojan files and a bunch of files it said were encrypted and weren't scaned.

I made sure I had the latest update for Spybot too, and ran it to find a lot of Spyware. But strangely, about half way through the scan, Spybot freezes and won't scan any further. So I stopped the scan, and fixed all the problems in had found up to that point. Not that it matters, because they all came back when I restarted anyway.

This freezing may be caused because I only have the latest definitions from Sybot, and not the latest version of the program. But I can't update that because, and here's the REALLY horrible part, this virus seems to be blocking certain internet sites that might be helpful. Even the online scan I use, trendmicro, can't be reached. In fact, the only place I was lucky enough to be able to come to is Computing.Net.

So far the only thing that's changed about this whole thing, is I've somehow messed up my system so that explorer.exe doesn't run at start up, and I need to run it manually. Just lucky I knew how to do that.

See More: Tricky Virus or Spyware

Report •

August 25, 2008 at 12:39:58
Just a suggestion, get rid of mcafee, go to the website listed below and download either antivirus program. Make sure you remove mcafee before doing so. Uninstall spybot and do a install of lavasoft adaware. Do a scan and delete everything that comes up.

Jim R

Report •

August 25, 2008 at 17:02:12
I was about to make a new thread for this, but luckily someone else is having the same problem.

I'm also running Mcaffee, although I don't like it, family does. I have a few Anti-Spywares that work well, Super Anti-Spyware included. ATF-Cleaner as well. For future reference..please say Mcaffee is useless compared to ones like I have a reason to get rid of it :D

My computer is showing the same symptoms, and a few more unmentioned. It started on one of the computer's accounts, blocking internet access (the account had known tracking cookies, but I doubt those could cause did hijack my google though). The computer's background was changed, as well as the screen saver, overwrited with a SS called "Bluescreen" showing exactly what it sounds like, and removing the ability to exit the screen saver. The registry was changed, removing Desktop and Screen Saver from the Display Properties dialog. Safe mode is the safest bet now. The virus seems to be spreading and making more changes over time, as it got worse for the past few days. My cousin has the same virus, and its completely ruined her system, she can't even do safe mode anymore. Before this gets worse, I'm reformatting either way, disk is ready, just cleaning stuff up. Either way, I'd like to know if anyone can track down the name of this virus. I figure its new since alot of people have gotten it only recently, and doing a completely unrelated search I even came across the symptoms posted by someone else (stating that the virus was obtained from downloading a false flash update). I just want to know the name, date of release, and maybe a few ways its downloaded so I know to get everyone to avoid it next time :) Long message, I know..thanks for the help though :D

P.S I tried to change the registry data for background and screensaver in place of the display properties menu. That failed..made no change to the computer..the virus is smarter than me? :(

Report •

August 25, 2008 at 18:42:44
Just a suggestion, get rid of mcafee, go to the website listed below and download either antivirus program. Make sure you remove mcafee before doing so. Uninstall spybot and do a install of lavasoft adaware. Do a scan and delete everything that comes up.

Jim R

Sadly, all of those sites are getting blocked. I shall do a Google Search, and see if I can find a site that isn't that has the programs up for download.

Report •

Related Solutions

August 28, 2008 at 10:21:14
Well, I spent the last day trying to install AVG and failed. The file was probably bad or something. The only place I could actually download it from was, and they seem to enjoy cutting my download off halfway through. That was a wasted 15 hours. I'm trying to download Avast! now.

I did install and run Adaware, and after deleting something like 80 infected files it seemed to have fixed everything. I could even change my desktop again. Sadly, it all went back to being broken after I restarted my computer and I couldn't get it fixed again in future scans. Is it possible to have a virus that comes back each time you restart?

Oh, and explorer.exe still doesn't run at start up. I seem to be going nowhere fast. It would almost be funny, if it weren't so depressing.

Report •

August 29, 2008 at 21:20:18
Good news. I got Avast! running, and after several scans and deleting something like 20 trojans out of my WINDOWS folder everything seems to be running properly. My internet is no longer blocked, explorer runs at start up, and even those annoying little pop-up in my taskbar that Windows sets off when it thinks I'm not doing things properly are back. I could have lived wtihout those honestly, but it's good to see them none the less.

Now the only problem is my desktop. I still can't change it by right-clicking and going to the properties menu. Not that it's life threatening or anything, but as long as there's one problem I'm, afraid they all might come back.

Report •

September 5, 2008 at 21:39:24
use spybot search & destroy and it will give you your desktop back. find a helpful link @

Report •

Ask Question