The system is an old IBM Aptiva running Win 95. My son was using it when it started to dial out to the inter-net. He could not stop it. Every time that he canceled it, it would start to dial up. He tried to Shut down by using START Shut Down, but the system would not shut down. Instead, a popup came up that said system not responding shut down yes/no. Clicking on shut down caused the popup to disappear and instantly reappear. Finally he shut the power off and restarted the system. And immediately the following was displayed: SECURITY WARNING A fatal error has occurred at 00281C0011E66 in VXD VMN(01) + 00010E36. Error was caused by Trojan-Spy,HTML.SmitFraud.c * System can not function in normal mode. Please check your security settings. * Scan your PC with any available antivirus/spyware remover to fix the [problem. And it started dialing out, and Also there were several new Icons on the desk top for Porn sites that he could not remove. He turned off power and restarted I picked up the PC and took it home with me and was able to remove the programs and Icons that were added using add/remove programs. I tried to run an antivirus from the CD drive but the system could not see it, so I moved it to a floppy and tried to run it from there. It started to run but I could not initiate a scan. I still can not shut it down using START – shutdown. I am able to do some things id SAFEMODE

There are fewer malware detectors for 95 than more recent OS versions. I don't think adaware SE will work. This page describes another detector, spybot, and links to a FAQ about getting it to run in 95. There's also a link to download it. It looks like a 4 meg file. I suppose you could burn it to a cd, boot up the laptop with a bootdisk and copy the file to it from the cd. Others may post in with knowledge of detectors that also run in 95. Whenever your computer starts to dial out, it's best to disconnect the modem. I got a $40 phone bill once due to a game site that claimed they had my permission to install their software. I finally got the phone company to remove the charge as they'd had similar complaints.

Check out this free Trojan finder/fixer: A2FREE - JUST DOWN PAGE The website seems to have gone down right now so I can't check whether it is suitable for Win95. Derek.W

Ad-Aware SE Personal Edition in Win 95 Only two things are infinite, the universe and human stupidity, and I'm not sure about the former.

That link to A2FREE now works. It might or might not happen to work with W95 but, as you probably found out, this is not claimed. Derek.W

On second thoughts best avoid A2FREE. It might well find the problems but if it tries to fix W98 style you could get into a mess. Derek.W

these seem to be quite good solutions. They work with xp bat can work with win95, too, with little changes: 1) Kill task "wp.exe" 2) Delete "C:\wp.exe" - You will also see a file called "C:\wp.bmp". This is the image you see on desktop (the blue screen) 3) Delete all registry entries with "wp.exe" in them 4) Uninstall SecurityIGuard (some security, this is the wolves guarding the henhouse) 5) Fix registry settings to allow control panel tabs to be visible: [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System] "WallpaperStyle"=dword:00000000 "NoDispBackgroundPage"=dword:00000000 I am able now to change wallpaper by overwriting all entries in registry that display "c:\wp.bmp" with my own specified wallpaper. However, the "Browse" button in the control panel applet on the Desktop tab is disabled - preventing the changing of wallpaper directly. ******************************* If your familiar with working with the registry it is quite simple to activate the missing tabs on control panel. The following keys (if present) must have their values changed to 0 (hex) or deleted. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System NoDispBackgroundPage NoDispSettingsPage NoDispScrSavPage NoDispAppearancePage Note that although this will allow you to display the tabs, changing the wallpaper is still not possible as the "Browse" functionality to change the wallpaper on the "Desktop" tab (XP) is disabled. I am still trying to figure this one out. If your really desperate to change the wallpaper you have two options: 1) Search the registry for all instances of "c:\wp.bmp" and instead point it to your own wallpaper file. 2) Delete file "C:\wp.bmp" then place your own file in root of C: and name it "wp.bmp" I will post when I figure out the browse problem. EDIT: Its not just the "Browse" functionality that is borked. Every direct way (that I know of) to set the wallpaper without going through the registry is disabled. ************************************************** Welcome to the forum. IMPORTANT you need to Move HijackThis to a permanent folder for the important backup feature to work properly. To do this: Go to My Computer (Windows key E ), double click on C: Click File > New > Folder Name it HijackThis and unzip/move or download the program again to this folder. Then :- Rerun HJT,and put a tick beside these :- O4 - HKLM\..\Run: [Messenger] C:\WINDOWS\System32\msgrsv32.exe O4 - HKCU\..\Run: [WindowsFY] c:\wp.exe now close all windows and browsers and click FIX CHECKED then reboot and post a fresh Hijackthis log ******************************** cancellare i wp poi You could try running the System File Checker (sfc.exe), this will scan all protected Windows files to verify their versions have not been overwritten or damaged, and if so will replace the compromised version with a fresh copy. To run it, click Start/Run and type 'sfc.exe /scannow' (without the quotes but with the space between the 'e' and the '/'). Alternatively, you can click start/Run and type in CMD and click O.K., when the black window opens type in "sfc /scannow". You will need to insert your Windows CD into the drive to enable sfc to effect the repair. mmmoohya