Hi,
I was browsing in internet.. and unknowingly installed a activex control.. and my desktop became like this. I cant right click on my desktop and I dont see any change if I change my wall paper or screensaver.. When I end-process and start-process explorer.exe, I see exploere.exe and impap.exe running. no extra program is running. I tried REgistryfix and antivirus scan.... no use.. anybody have an idea? This is only with my id... if I logoff and use another id, it is not visible.
Thanks
Vijay S
1. Right click on the desktop then click on properties
2. Click on desktop then click on Customized desktop
3. Go to Web tab then make sure that the current home page is unchecked
4. Delete all unknown entries except of course for current homepage
Hope this will help other people in the future.
Also make sure that you run Good anti-spyware programs from time to time.
What you actually need is a Trojan detector. Very different from spyware and viruses. Look in my signature for Trojan Detector. It will let you know when anything changes your registry for restarting or automatic starting etc... It is better to prevent than to cure... You know, an ounce of prevention...
I had to use IE to run the tools, and then disable AdBlock. I was told that I had no up to date AV product, even though AVAST! updated today. Everything else was clean. I downloaded more ActiveX controls and began the virus scan.
Now, I remember why I dumped NAV. An hour later, and it's still scanning. Up to 63K files, but I must have 500K on the machine. I'll let it finish, but I'd bet that nothing is found. If there is, then I might have to reconsider my decision.
OTOH, if the ActiveX controls work on servers, then it might be worth a few rep points I wonder if you can run it more than one time, though.
Last edited by dglienna; Dec 21st, 2005 at 12:33 AM.
Reason: 88K and counting...
What are you running NAV for, Trojans? That won't work. Which link did you use of mine? The Trojan Detector? What ActiveX are you referring too?
I didn't see a Trojan Detector, but tried out the PC Security Check, which was Symantec. It had 3 ActiveX controls. I just wondered if it'd work more than once. It's up to 102K now.
No harm, no foul. I've investigated, and deleted old files from last August in the temp folder, but checked the registry and didn't find any evidence of the 5 files mentioned. I do have NetCat installed, so I didn't delete that, but I understand how it could be interpreted.
It skipped zip files, but re-assured me that AVAST! had deleted all valid threats.
You will need VMWare Player to run it, when you do, just click on the link which says download virus and it will be infected. It is easy to remove but a bit of a fiddle.
sridharavijay, did you get it removed, if not I will post step by step instructions.
You will need VMWare Player to run it, when you do, just click on the link which says download virus and it will be infected. It is easy to remove but a bit of a fiddle.
sridharavijay, did you get it removed, if not I will post step by step instructions.
Watch how you mess around with viruses. You might get burned. In the past, I got burned by my old Folder Flooder that I created. RobDog knows.
If you run in a VM, then you can just close down the VM, and not be effected. (or at least in theory, I haven't tried it yet). I think you can only access files within the VM, so your system would remain untouched.
@visualAd
Is that a windows 2k machine? (didn't download it)
With your vaild cd-key?
@dglienna
You are correct, in theory at least. Its like putting a computer inside your computer. The only way the virus could escape would be if you allow the VM access on your network, then if it is one of those network hoping viruses then the possibilty exists that your other computers on your network will get infected. Now, if the VM doesn't have access to your network, then your safe (bridge mode I believe where itll just use the internet from the host computer). One day I'm going to setup a VM and make a copy of it, and run every virus I can find to see how each virus is that deadly. I have to much time on my hands .
It is a VM of w2k with a CLICK ME to Activate Virus button on the desktop
He ran it, and learned how to defeat it, and it had no effect on his system (but it may have been running Linux)
Its a virtual machine which is isolated from the host machine. It can only see the virtual machine as though it were networked.
k1ll3rdr4g0n, the mahine doesn't need a CD Key because Win2k has already been installed on it. Interesting though, is the act of distributing a virtual machine against the MS EULA , I've taken it away just in case it is
1. Right click on the desktop then click on properties
2. Click on desktop then click on Customized desktop
3. Go to Web tab then make sure that the current home page is unchecked
4. Delete all unknown entries except of course for current homepage
Hope this will help other people in the future.
Also make sure that you run Good anti-spyware programs from time to time.
Props on this one, I had this months ago (last november??), took forever to figure out.
Reply With Quote
Originally Posted by randem
Mark Thread Resolved
