Virus Threats and Removal Tools

You are here: HOME > COMPUTER > ANTIVIRUS

Trojan.Desktophijack.B

Update: 5-Sept-05

 

Description:

Trojan.Desktophijack.B is a Trojan horse that modifies the desktop settings on a compromised computer. The Trojan may also download updates to itself.

 

It will also change the desktop wallpaper to a blue background with the following text:
Warning!
Your computer is infected!

Technical Name:

Trojan.Desktophijack.B

Druogna Win32/Druogna.7168! W32/FakeAlert.Z Win32/Spudrag!generic Win32/Spudrag.6144! Win32.Spudrag.A Win32.Spudrag.B Win32.Spudrag.C Troj/Spyjack-A Troj/Spyjack-C Trojan.Win32.Agent.ff Trojan.Win32.Small.eu Trojan.Win32.Small.ev

Threat Level:

Low

Type:

Trojan Horse

Systems Affected:

Windows All

Detection Date:

June 19, 2005
 

 

 

Trojan.Desktophijack.B removal procedures requires technical know-how on  computer troubleshooting. It is better to consult your LAN Administrator or Technical Persons to avoid additional damage on your computer.
 

MANUAL REMOVAL:

1. Disable System Restore (Windows Me/XP).
2. Update the virus definitions.

3. Reboot your computer in SafeMode
4. Run a full system scan and delete the following files if present:

Windows temp folder\1e181.dmp
Windows temp folder\Terms!.txt
Windows system folder\intel32.exe
Windows system folder\oleadm.dll
Windows system folder\oleadm32.dll
Windows system folder\wp.bmp
Windows system folder\wp.gif
Windows system folder\w8673492.exe
Windows folder\uninstIU.exe

5. Delete any values added to the registry.

Navigate to the subkey and delete values:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value: "[Random Value]" = "[Path to Trojan]"

 

Navigate to the subkey and delete value:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Value: intel32.exe = "%System%\intel32.exe"

Navigate to and delete the subkey:
HKEY_CLASSES_ROOT\CLSID\{357A87ED-3E5D-437d-B334-DEB7EB4982A3}

Navigate to the subkey and reset value:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
Value: "NoActiveDesktopChanges" = "1"

Navigate to the subkey and reset values:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
Values:
"NoDispBackgroundPage" = "1"
"NoDispAppearancePage" = "1"

Navigate to the subkey and reset values:
HKEY_CURRENT_USER\Control Panel\Colors
Values:
"Background" = "0 0 0"
"WallpaperStyle" = "0"

6. Exit the Registry Editor and restart the computer.

***If it makes changes to Windows registry that may prevent you from running executable files. A tool to reset registry values to the default value is available for download. Click Here.
 

7. In order to make sure that trojan desktophijack.b is completely eliminated from your computer, carry out a full scan of your computer using AntiVirus and Antispyware Software. Another way to delete the virus using various Antivirus Program without the need to install can be done with Online Virus Scanner.


 

  DOWNLOAD REMOVAL TOOLS:

Download and run any of these Anti-Spyware:

Spy Sweeper

Spyware Doctor

Pest Patrol

Spy Hunter

 

  DOWNLOAD REGISTRY TOOLS

Click here to download

 

  FREE ON-LINE VIRUS SCANNER

Click here to proceed

Copyright 2005 PRECISESECURITYdotCOM
All Rights Reserved

  

home | computer : securing your pc | antivirus | firewall | anti-spyware | links & resources
pda : securing your handheld | antivirus | security | top top picks | links & resources
cellphone : securing your cellphone | top picks | links & resources