hi, i discovered DeskAd Service has installed itself in c:\program files\DeskAd Service and modified my msconfig startup.. i found DeskAdKeep.exe and DeskAdServ.exe running in the Task Manager. i check msconfig startup tab and found DeskAdServ & DeskAdKeep has added itself there. i've tried the following: 1. run Adaware, found malware DeskAd Service and remove them (have to reboot to remove) 2. run Spybot S&D, nothing found ( probably Adaware has removed them) 3. used RegCleaner to remove the startup items DeskAdServ.exe and DeskAdKeep.exe 4. remove DeskAdServ.exe & DeskAdKeep.exe from startup in msconfig 5. deleted the folder c:\program files\DeskAd Service (after step1, otherwise not able to delete the folder) despite all these, DeskAd reinstalled itself (c:\program files\DeskAd Service reappears) and so were the DeskAd services in msconfig and startup.. and also in Task Manager Processes tab. your suggestions appreciated on how to rid this malware completely. thanks,

I don't use WinXP, but isn't there a restore setting that you can disable. Also, purge cookies and temorary internet files and empty the recycle bin.

adaware-spybot-and maybe event that ms antispyware beta, one of the is bound to work. You may wanna try the security and Virus forum to get a more exact solution. Truth can become lie, but if lies become truth we're in trouble.

Are you running the google toolbar as running through the regedit this is where i found it is started by.

I also got this DeskAdKeep on my computer with exactly the same symptoms. Luckily I run this PC-Cillin 2005 antivirus and antispyware program and it detected it immediatelly. It however did not remove it effectively. It just reported its presence all the time and it said that it blocked this malicious program. So I searched this Pc-cillin's online Virus Encyclopaedia and it did not appear on the european site. I had to switch to the US site and there I found the exact description of this malicious program and removal instructions. Look for: http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=ADW_ADMILLI.A In those instructions the word 'Admilli Service' should be understood as the same as 'DeskAdd Service' This will certainly help. Good luck, Simon

Here is the CURE very eazy to kill this spyware -Run Spybot S&D -Reboot (spybot ask you to reboot) -Auto Run Spybot on startup (you now got a clean registry, but yet DeskAdkeep.exe and DeakAdServ are still there!) -Add Remove Prog... remove that piece of s--- -Run Spybot S&D (if you dont it will reinstall itself...) -Dont listen to that guy who says its started by google toolbar... as ive seen this prob on computers without the toolbar, and the spyware starts itself in the startup before google toolbar is loaded... -Dont post theories when you did not fix the problem!!! Dont make people waste there time! -Enjoy your spyware-free comp!

Friend of mine had same problem on XP Pro. When changing users all resources were hijacked. I first found the DeskAd folder in my programs and renamed all the files. then ran spysweeper to delete the cookies. Then Removed DeskAdServ from the start menu using ultimate uninstaller. The files in the deskad folder could then be deleted. Not sure if I had to do all of the above but it worked for me. All ok now and running like a dream.