Hi,
I was browsing in internet.. and unknowingly installed a activex control.. and my desktop became like this. I cant right click on my desktop and I dont see any change if I change my wall paper or screensaver.. When I end-process and start-process explorer.exe, I see exploere.exe and impap.exe running. no extra program is running. I tried REgistryfix and antivirus scan.... no use.. anybody have an idea? This is only with my id... if I logoff and use another id, it is not visible.
Thanks
Vijay S

Shouldn't be visiting those sites! :)
You have been infected with viruses.
Here's what they say about it:
http://www.webhelper4u.com/CWS/Research/screenimages/cws_waiteexploit.html

And, what you can do to fix it:

http://www.spywarewarrior.com/rogue_anti-spyware.htm#online


Should be using Fx, anyways. No ActiveX!

Ah.. thank you... but no fixes actually worked.. What I did was.. removed my login account and recreated it! That worked.. thanks

Interesting link about this: http://www.dslreports.com/forum/remark,13413938

Kind of funny. Adware warning you about Spyware.

here's another fix for that problem

1. Right click on the desktop then click on properties
2. Click on desktop then click on Customized desktop
3. Go to Web tab then make sure that the current home page is unchecked
4. Delete all unknown entries except of course for current homepage

Hope this will help other people in the future.

Also make sure that you run Good anti-spyware programs from time to time.

What you actually need is a Trojan detector. Very different from spyware and viruses. Look in my signature for Trojan Detector. It will let you know when anything changes your registry for restarting or automatic starting etc... It is better to prevent than to cure... You know, an ounce of prevention...

Randem, I tried your link:

I had to use IE to run the tools, and then disable AdBlock. I was told that I had no up to date AV product, even though AVAST! updated today. Everything else was clean. I downloaded more ActiveX controls and began the virus scan.

Now, I remember why I dumped NAV. An hour later, and it's still scanning. Up to 63K files, but I must have 500K on the machine. I'll let it finish, but I'd bet that nothing is found. If there is, then I might have to reconsider my decision.

OTOH, if the ActiveX controls work on servers, then it might be worth a few rep points :) I wonder if you can run it more than one time, though.

What are you running NAV for, Trojans? That won't work. Which link did you use of mine? The Trojan Detector? What ActiveX are you referring too?

What are you running NAV for, Trojans? That won't work. Which link did you use of mine? The Trojan Detector? What ActiveX are you referring too?

I didn't see a Trojan Detector, but tried out the PC Security Check, which was Symantec. It had 3 ActiveX controls. I just wondered if it'd work more than once. It's up to 102K now.

I had it there but somehow it got lost. I put it back now.

No harm, no foul. I've investigated, and deleted old files from last August in the temp folder, but checked the registry and didn't find any evidence of the 5 files mentioned. I do have NetCat installed, so I didn't delete that, but I understand how it could be interpreted.

It skipped zip files, but re-assured me that AVAST! had deleted all valid threats.

Were you talking about the MS Removal Tool? I've had that all along, in addition to my other cleansing utilities. Your link is kind of vague.

I think that is a desktop hijacker so all you need to do is to smithrem on your computer.

dglienna,

Vague???? How vague is Trojan Detector??? It detects and removes trojans...

I actually created a Virtual Machine and infected it with the virus. If you want to see if you can remove it you can download the entire machine here:

http://adam.codedv.com/2kvm.zip

You will need VMWare Player (http://www.vmware.com/player/) to run it, when you do, just click on the link which says download virus and it will be infected. It is easy to remove but a bit of a fiddle.

sridharavijay, did you get it removed, if not I will post step by step instructions.

I read that you can also download pre-defined machines. Might be good for getting my toes wet with Linux. Project for next year, though!

I actually created a Virtual Machine and infected it with the virus. If you want to see if you can remove it you can download the entire machine here:

http://adam.codedv.com/2kvm.zip

You will need VMWare Player (http://www.vmware.com/player/) to run it, when you do, just click on the link which says download virus and it will be infected. It is easy to remove but a bit of a fiddle.

sridharavijay, did you get it removed, if not I will post step by step instructions.

Watch how you mess around with viruses. You might get burned. In the past, I got burned by my old Folder Flooder that I created. RobDog knows. :(

If you run in a VM, then you can just close down the VM, and not be effected. (or at least in theory, I haven't tried it yet). I think you can only access files within the VM, so your system would remain untouched.

@visualAd
Is that a windows 2k machine? (didn't download it)
With your vaild cd-key? ;)

@dglienna
You are correct, in theory at least. Its like putting a computer inside your computer. The only way the virus could escape would be if you allow the VM access on your network, then if it is one of those network hoping viruses then the possibilty exists that your other computers on your network will get infected. Now, if the VM doesn't have access to your network, then your safe (bridge mode I believe where itll just use the internet from the host computer). One day I'm going to setup a VM and make a copy of it, and run every virus I can find to see how each virus is that deadly. I have to much time on my hands :).

It is a VM of w2k with a CLICK ME to Activate Virus button on the desktop
He ran it, and learned how to defeat it, and it had no effect on his system (but it may have been running Linux)

Its a virtual machine which is isolated from the host machine. It can only see the virtual machine as though it were networked.

k1ll3rdr4g0n, the mahine doesn't need a CD Key because Win2k has already been installed on it. Interesting though, is the act of distributing a virtual machine against the MS EULA , I've taken it away just in case it is ;)

here's another fix for that problem

1. Right click on the desktop then click on properties
2. Click on desktop then click on Customized desktop
3. Go to Web tab then make sure that the current home page is unchecked
4. Delete all unknown entries except of course for current homepage

Hope this will help other people in the future.

Also make sure that you run Good anti-spyware programs from time to time.

Props on this one, I had this months ago (last november??), took forever to figure out.

I split the vmware posts off here (http://www.vbforums.com/showthread.php?t=377974).

since this spyware is a form of CoolWebSearch, i would try using CWShredder (http://www.trendmicro.com/cwshredder/) from Trend Micro.