Ok, I was searchin round on the internet and I closed all the windows that were open, and there is an ad in place of my background. Its one of those "warning, youre in danger, clean your computer now! just click here" I can see my background on the very top of the screen, about 2 millimeters, the rest is that ad. Ive tried Adaware and AVG with nothing. Restart does nothing also. Ive heard of doing a system restore, but have no clue how to do it
Im running Windows XP. I JUST reformatted my computer earlier this afternoon too

 

Ok, you may want to try Spybot before going the restore route. You can also visit the symantec website and run Norton for free. If you're on dial up, this is going to take awhile.

 

Since you just reformatted your computer, you don't have a whole lot to lose by using system restore. Go to Start ->All Programs->Accessories->system Tools-> System Restore. If you're lucky, your computer automatically put in a restore point at the time you reformatted your computer. If you're using broadband, make sure you get a router before you re-connect to the internet. If you're using IE, consider switching to the Mozilla Suite or Firefox stand alone browser. You'll have a heck of a lot less problems crop up.

 

you got a spy program from some ware, , after you get it out using one or more of the programs out there your choice! adaware is great and free but when i got caught it took 3 programs to remove it , if your broad band get a firewall router even if its your only computer . linksys makes a very good one at a far price ,"staples around 70 dollars" use it, also as the others have said use some thing else other the ie for a browser, i use netscape , mozilla and the new firefox are great. if you like ie's looks firefox almost looks like it when you use it.
your problem is going to be getting it out of the registry good luck

 

I have had one of those before, Just control/alt/delete it and end taxk and it should go. Then i suggest running AdAware or Soybot search and destroy if you have it.

 

All those ideas may work and may not. Problem with some adware/trojans, is they infect the restore files too. Do an online search for help, there are websites out there with very helpful people for free.

I use adawre, spybot, and hijackthis to remove any unwanted stuff. If you download hijack this, post what the log says, then maybe I can help further.

 

Is it a separate browser window, like a popup, or is it your wallpaper? Some of those ads are actually a picture, jpg or gif, and can be set as backgrounds. Cost me a couple hours scratching my head the first time I ran into one of those, before I realized it was actually the background. Haven't ran into many of them though. If you have a fresh install, go to msconfig-->startup and look for anything that looks odd. Adaware is pretty good but I've run into some things it won't fix, it'll tell you it's there but that's it. Spent some time last night manually hacking out about:blank on an old Compaq, Ad-aware found it but wouldn't clean it.

 

The ad is an HTML file. I ran AVG and if found "Desktop Trojan Horse Favadd.B" and it said it deleted it but its still there. Also, under Ctrl-Alt-Delete, the only tasks that are running are ones that are ok to run, Firefox and AIM. I ran Adaware, Spybot SD and AVG to no avail. Inran hijackthis and this is what cameup. Can Indelete all of thw 01 Hosts?

Logfile of HijackThis v1.97.7
Scan saved at 11:18:19 AM, on 12/4/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss*****
C:\WINDOWS\system32\winlogon*****
C:\WINDOWS\system32\services*****
C:\WINDOWS\system32\lsass*****
C:\WINDOWS\system32\svchost*****
C:\WINDOWS\System32\svchost*****
C:\WINDOWS\Explorer*****
C:\WINDOWS\system32\spoolsv*****
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr*****
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc*****
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc*****
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc*****
C:\WINDOWS\uqyvffj*****
C:\PROGRA~1\AIM\aim*****
C:\PROGRA~1\COMMON~1\tsa\tsm2*****
C:\PROGRA~1\COMMON~1\tsa\ts2*****
C:\Program Files\ISTsvc\istsvc*****
C:\Documents and Settings\wezol\Desktop\HijackThis*****

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bettersearch.biz
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bettersearch.biz
R3 - Default URLSearchHook is missing
O1 - Hosts: 31.129.139.1 26 downloads-eu1.kaspersky-labs.com
O1 - Hosts: 166.250.2.13 0 kaspersky-labs.com
O1 - Hosts: 136.227.21.8 2 www.networkassociates.com
O1 - Hosts: 212.99.157.1 17 us.mcafee.com
O1 - Hosts: 173.215.108. 116 f-secure.com
O1 - Hosts: 26.6.21.37 networkassociates.com
O1 - Hosts: 172.214.215. 86 secure.nai.com
O1 - Hosts: 113.34.242.2 08 downloads1.kaspersky-labs.com
O1 - Hosts: 210.71.236.1 72 downloads2.kaspersky-labs.com
O1 - Hosts: 93.140.155.1 20 downloads3.kaspersky-labs.com
O1 - Hosts: 137.121.251. 176 avp.com
O1 - Hosts: 2.185.30.112 www.sophos.com
O1 - Hosts: 12.48.190.12 5 my-etrust.com
O1 - Hosts: 253.75.76.25 1 www.kaspersky.com
O1 - Hosts: 242.190.103. 116 www.f-secure.com
O1 - Hosts: 34.55.48.255 dispatch.mcafee.com
O1 - Hosts: 141.176.235. 182 update.symantec.com
O1 - Hosts: 238.121.194. 194 nai.com
O1 - Hosts: 11.13.179.16 9 www.nai.com
O1 - Hosts: 230.88.251.1 82 sophos.com
O1 - Hosts: 116.22.135.1 44 www.ca.com
O1 - Hosts: 179.57.47.99 ca.com
O1 - Hosts: 115.177.217. 53 securityresponse.symantec.com
O1 - Hosts: 18.255.188.7 3 symantec.com
O1 - Hosts: 241.75.93.15 5 mast.mcafee.com
O1 - Hosts: 149.7.10.233 liveupdate.symantec.com
O1 - Hosts: 125.83.230.2 05 www.avp.com
O1 - Hosts: 62.159.207.2 12 www.viruslist.com
O1 - Hosts: 130.73.164.1 74 viruslist.com
O1 - Hosts: 208.40.188.1 98 www.symantec.com
O1 - Hosts: 87.90.165.23 2 downloads4.kaspersky-labs.com
O1 - Hosts: 19.173.93.21 5 downloads-us1.kaspersky-labs.com
O1 - Hosts: 22.135.171.2 19 customer.symantec.com
O1 - Hosts: 195.31.90.18 9 mcafee.com
O1 - Hosts: 66.103.84.17 3 viruslist.com
O1 - Hosts: 115.18.9.25 www.my-etrust.com
O1 - Hosts: 70.108.139.9 2 download.mcafee.com
O1 - Hosts: 33.21.71.214 updates.symantec.com
O1 - Hosts: 186.193.82.2 28 kaspersky.com
O1 - Hosts: 173.149.167. 157 www.trendmicro.com
O1 - Hosts: 130.186.212. 127 rads.mcafee.com
O1 - Hosts: 30.79.239.79 trendmicro.com
O1 - Hosts: 176.199.207. 226 liveupdate.symantecliveupdate.com
O1 - Hosts: 169.84.231.1 50 www.mcafee.com
O1 - Hosts: 31.104.242.1 19 downloads-eu1.kaspersky-labs.com
O1 - Hosts: 64.149.199.2 7 kaspersky-labs.com
O1 - Hosts: 100.201.221. 205 www.networkassociates.com
O1 - Hosts: 5.3.4.112 us.mcafee.com
O1 - Hosts: 62.63.94.137 f-secure.com
O1 - Hosts: 138.217.9.30 networkassociates.com
O1 - Hosts: 49.157.20.25 5 secure.nai.com
O1 - Hosts: 28.97.98.178 downloads1.kaspersky-labs.com
O1 - Hosts: 247.11.60.61 downloads2.kaspersky-labs.com
O1 - Hosts: 212.83.159.1 38 downloads3.kaspersky-labs.com
O1 - Hosts: 171.167.152. 50 avp.com
O1 - Hosts: 121.7.46.195 www.sophos.com
O1 - Hosts: 208.186.178. 244 my-etrust.com
O1 - Hosts: 36.48.126.70 www.kaspersky.com
O1 - Hosts: 28.123.103.1 2 www.f-secure.com
O1 - Hosts: 186.40.119.2 19 dispatch.mcafee.com
O1 - Hosts: 33.101.191.2 13 update.symantec.com
O1 - Hosts: 60.199.60.86 nai.com
O1 - Hosts: 182.19.40.23 9 www.nai.com
O1 - Hosts: 214.213.68.2 01 sophos.com
O1 - Hosts: 68.190.227.1 88 www.ca.com
O1 - Hosts: 210.2.190.20 7 ca.com
O1 - Hosts: 201.56.225.2 36 securityresponse.symantec.com
O1 - Hosts: 75.112.71.22 7 symantec.com
O1 - Hosts: 200.132.213. 38 mast.mcafee.com
O1 - Hosts: 184.211.236. 199 liveupdate.symantec.com
O1 - Hosts: 239.246.168. 173 www.avp.com
O1 - Hosts: 75.24.136.25 1 www.viruslist.com
O1 - Hosts: 160.237.49.3 9 viruslist.com
O1 - Hosts: 18.161.95.68 www.symantec.com
O1 - Hosts: 63.14.75.105 downloads4.kaspersky-labs.com
O1 - Hosts: 244.23.28.71 downloads-us1.kaspersky-labs.com
O1 - Hosts: 81.29.40.87 customer.symantec.com
O1 - Hosts: 127.187.16.4 4 mcafee.com
O1 - Hosts: 119.94.8.211 viruslist.com
O1 - Hosts: 121.90.206.8 7 www.my-etrust.com
O1 - Hosts: 36.141.48.19 2 download.mcafee.com
O1 - Hosts: 81.196.12.52 updates.symantec.com
O1 - Hosts: 53.91.58.12 kaspersky.com
O1 - Hosts: 84.218.213.5 www.trendmicro.com
O1 - Hosts: 83.134.180.2 11 rads.mcafee.com
O1 - Hosts: 184.39.29.21 0 trendmicro.com
O1 - Hosts: 32.122.11.14 3 liveupdate.symantecliveupdate.com
O1 - Hosts: 119.15.130.9 5 www.mcafee.com
O1 - Hosts: 94.71.46.134 downloads-eu1.kaspersky-labs.com
O1 - Hosts: 118.148.230. 95 kaspersky-labs.com
O1 - Hosts: 87.198.108.8 5 www.networkassociates.com
O1 - Hosts: 34.113.41.5 us.mcafee.com
O1 - Hosts: 105.160.4.24 1 f-secure.com
O1 - Hosts: 229.154.78.1 06 networkassociates.com
O1 - Hosts: 167.181.171. 158 secure.nai.com
O1 - Hosts: 181.79.214.7 8 downloads1.kaspersky-labs.com
O1 - Hosts: 74.6.64.157 downloads2.kaspersky-labs.com
O1 - Hosts: 26.209.205.2 39 downloads3.kaspersky-labs.com
O1 - Hosts: 70.153.95.23 9 avp.com
O1 - Hosts: 244.87.196.1 4 www.sophos.com
O1 - Hosts: 179.251.76.2 9 my-etrust.com
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc***** /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc*****
O4 - HKLM\..\Run: [fDZF5x8] C:\WINDOWS\uqyvffj*****
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc*****
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim***** -cnetwait.odl
O4 - HKCU\..\Run: [Tsa2] C:\PROGRA~1\COMMON~1\tsa\tsm2*****
O9 - Extra button: AIM (HKLM)
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.c4tdownload.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.crazywinnings.com
O15 - Trusted Zone: *.finefind.net
O15 - Trusted Zone: *.iframe.biz
O15 - Trusted Zone: *.megapornix.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.newiframe.biz
O15 - Trusted Zone: *.overpro.com
O15 - Trusted Zone: *.pizdato.biz
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.sp2admin.biz
O15 - Trusted Zone: *.sp2****ed.biz
O15 - Trusted Zone: *.vse-moe.biz
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.ysbweb.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab

 

ts2***** is a spyware file, as is tsm2*****. I suspect uqyvffj***** is spy/mal/virusware also, alothough I can't find anything on it through Google. The name of the file is consistent with the script kiddie mentality.

Use the processes tab to see what is really running on your pc. The tasks tab generally only shows interactive applications.

 

I dont know what should and shouldnt be in processes though.

Image name Username

avgupsvc***** SYSTEM
avgamsvr***** SYSTEM
aim***** wezol
avgemc***** wezol
avogc***** wezol
explorer***** wezol
wordpad***** wezol
spoolsv***** SYSTEM
svchost***** LOCAL SERVICE
svchost***** NETWORK SERVICE
svchost***** SYSTEM
svchost***** SYSTEM
lsass***** SYSTEM
services***** SYSTEM
firefox***** wezol
winlogon***** SYSTEM
csrss***** SYSTEM
smss***** SYSTEM
System SYSTEM
System Idle Process SYSTEM


I think I got this while I still had Internet Explorer, if thats so, can I end the explorer***** process? Will that get rid of it?

 

Another question, that in my mind, would work if it I could do it. I went to processes and ended explorer*****. The ad went away, along with all my icons. The only thing it left up was my AIM buddy list. My regular background came back though. So this makes me think that it is with IE and not Firefox. So what if, I uninstall IE, then download it and reinstall it. Would that work? Im affraid that if I uninstall IE, then Firefox wont work. I dont know if Firefox is alone or if it "feeds" off of IE.

Edit: I dont see IE in the control panel. How would you uninstall it?

 

You need to update your hi-jack 1.97 is the old one,go here and sign up this place helped me out a lot!!!

http://forums.techguy.org/index.php?s=

 

Hi, You also need to go to microsoft and dowload updates to xp, and internet Explorer. Since this is a home computer you should not have problems with XP service pack 2. Click on start, then updates. Their site walks you through it. -- Reloading XP is a pain. If you do.. load the windows updates first, and then your avg antivirus second. Then your other programs. When you reload - reformat the hard drive. It's the only sure way to get rid of anything you do not want. It should ask you if you want to or not. Restore just takes you back to a pre-determined time - so the virus/adware might already be there.

 

It sounds like you downloaded a file somewhere that was a zipped file with the trojan file "fav*****" in it as well as the file you wanted. I've seen fav***** "in" zipped files and piggybacked "on" zip files. When it's piggybacked, you don't see it untill it's on your drive. On some unscrupulous sites when you hit download it will bring up fav***** first and if your not paying attention you'll download it maybe thinking thats the file you wanted and execute it.

 

wezol5484 I would suggest going to Service Pack 2. Since you are already re-formatting your hard drive go ahead and install SP2. Make sure you don't have any programs installe before you install SP2. It is better to install SP2 and install all of your programs and application on top of it.