Sign in with
Sign up | Sign in
Your question

Windows Desktop is affected by a spyware

Tags:
  • Desktops
  • Spyware
  • Windows XP
Last response: in Windows XP
Share
March 20, 2005 8:09:01 AM

Archived from groups: microsoft.public.windowsxp.newusers (More info?)

OS: WIndows-Xp Professional -SP2
Pentium-4 PC.

A Window with Black-background appears on the desktop ; not able to close it.
It displays the folowing message:

"WARNING! You are In danger....
..............................
..............................
..............................
Secure yourself right now!
Remove all spywares from your PC"

1) When I double-click on this window it opens an InternetExplorer Window
with the URL: http://www.topantispyware.com/overview.php?223


2) When I right click on Windows desktop and select "properties" the
following
html document name appears
Type: HTML Document
Address(URL) : file://C:\WINDOWS\Web\desktop.html


3) Despite scanning & removing spywares using "MicrosoftAntiSpyware-Beta-1"
( this tool removed this file : C:\WINDOWS\Web\desktop.html along with other
spyware files ) and then rebooting PC, this happens ( i.e 1 & 2 mentioend
above )again.

Your suggestions to fix this issue will be much apprevciated.

thanks in advance!

Regds
Vetri

Singapore

Software Configuration Management Consultant (IBM-Rational Tools)

MobilePhone: 0065 9038 8328

More about : windows desktop affected spyware

Anonymous
March 20, 2005 11:52:00 AM

Archived from groups: microsoft.public.windowsxp.newusers (More info?)

VETRI wrote:
> OS: WIndows-Xp Professional -SP2
> Pentium-4 PC.
>
> A Window with Black-background appears on the desktop ; not able to close it.
> It displays the folowing message:
>
> "WARNING! You are In danger....
> ..............................
> ..............................
> ..............................
> Secure yourself right now!
> Remove all spywares from your PC"
>
> 1) When I double-click on this window it opens an InternetExplorer Window
> with the URL: http://www.topantispyware.com/overview.php?223
>
>
> 2) When I right click on Windows desktop and select "properties" the
> following
> html document name appears
> Type: HTML Document
> Address(URL) : file://C:\WINDOWS\Web\desktop.html
>
>
> 3) Despite scanning & removing spywares using "MicrosoftAntiSpyware-Beta-1"
> ( this tool removed this file : C:\WINDOWS\Web\desktop.html along with other
> spyware files ) and then rebooting PC, this happens ( i.e 1 & 2 mentioend
> above )again.
>
> Your suggestions to fix this issue will be much apprevciated.
>
> thanks in advance!
>
> Regds
> Vetri
>
> Singapore
>
> Software Configuration Management Consultant (IBM-Rational Tools)
>
> MobilePhone: 0065 9038 8328
>
>
>


A software consultant that cannot protect his own computer from
malware? I pity your customers.

To deal with issues caused by any sort of "adware" and/or
"spyware,"such as Gator, Comet Cursors, Smiley Central, Xupiter,
Bonzai Buddy, or KaZaA, and their remnants, that you've deliberately
(but without understanding the consequences) installed, two products
that are quite effective (at finding and removing this type of
scumware) are Ad-Aware from www.lavasoft.de and SpyBot Search &
Destroy from www.safer-networking.org/. Both have free versions.
It's even possible to use SpyBot Search & Destroy to "immunize" your
system against most future intrusions. I use both and generally
perform manual scans every week or so to clean out cookies, etc.

Additionally, manual removal instructions for the most common
varieties of scumware are available here:

PC Hell Spyware and Adware Removal Help
http://www.pchell.com/support/spyware.shtml


Neither adware nor spyware, collectively known as scumware,
magically install themselves on anyone's computer. They are almost
always deliberately installed by the computer's user, as part of some
allegedly "free" service or product.

While there are some unscrupulous malware distributors out there,
who do attempt to install and exploit malware without consent, the
majority of them simply rely upon the intellectual laziness and
gullibility of the average consumer, counting on them to quickly click
past the EULA in his/her haste to get the latest in "free" cutesy
cursors, screensavers, "utilities," and/or wallpapers.

If you were to read the EULAs that accompany, and to which the
computer user must agree before the download/installation of the
"screensaver" continues, most adware and spyware, you'll find that
they _do_ have the consumer's permission to do exactly what they're
doing. In the overwhelming majority of cases, computer users have no
one to blame but themselves.

There are several essential components to computer security: a
knowledgeable and pro-active user, a properly configured firewall,
reliable and up-to-date antivirus software, and the prompt repair (via
patches, hotfixes, or service packs) of any known vulnerabilities.

The weakest link in this "equation" is, of course, the computer
user. No software manufacturer can -- nor should they be expected
to -- protect the computer user from him/herself. All too many people
have bought into the various PC/software manufacturers marketing
claims of easy computing. They believe that their computer should be
no harder to use than a toaster oven; they have neither the
inclination or desire to learn how to safely use their computer. All
too few people keep their antivirus software current, install patches
in a timely manner, or stop to really think about that cutesy link
they're about to click.

Firewalls and anti-virus applications, which should always be used
and should always be running, are important components of "safe hex,"
but they cannot, and should not be expected to, protect the computer
user from him/herself. Ultimately, it is incumbent upon each and
every computer user to learn how to secure his/her own computer.

To learn more about practicing "safe hex," start with these links:

Protect Your PC
http://www.microsoft.com/security/protect/default.asp

Home Computer Security
http://www.cert.org/homeusers/HomeComputerSecurity/

List of Antivirus Software Vendors
http://support.microsoft.com/default.aspx?scid=kb;en-us;49500

Home PC Firewall Guide
http://www.firewallguide.com/

Scumware.com
http://www.scumware.com/
--

Bruce Chambers

Help us help you:
http://dts-l.org/goodpost.htm
http://www.catb.org/~esr/faqs/smart-questions.html

You can have peace. Or you can have freedom. Don't ever count on having
both at once. - RAH
Anonymous
March 20, 2005 2:43:37 PM

Archived from groups: microsoft.public.windowsxp.newusers (More info?)

On Sun, 20 Mar 2005 08:52:00 -0700, Bruce Chambers
<bruce_a_chambers@h0tmail.com> wrote:

Microsoft can't protect themselves, why should anyone else be any different ?

>
> A software consultant that cannot protect his own computer from
>malware? I pity your customers.
>
> To deal with issues caused by any sort of "adware" and/or
>"spyware,"such as Gator, Comet Cursors, Smiley Central, Xupiter,
>Bonzai Buddy, or KaZaA, and their remnants, that you've deliberately
>(but without understanding the consequences) installed, two products
>that are quite effective (at finding and removing this type of
>scumware) are Ad-Aware from www.lavasoft.de and SpyBot Search &
>Destroy from www.safer-networking.org/. Both have free versions.
>It's even possible to use SpyBot Search & Destroy to "immunize" your
>system against most future intrusions. I use both and generally
>perform manual scans every week or so to clean out cookies, etc.
>
> Additionally, manual removal instructions for the most common
>varieties of scumware are available here:
>
>PC Hell Spyware and Adware Removal Help
>http://www.pchell.com/support/spyware.shtml
>
>
> Neither adware nor spyware, collectively known as scumware,
>magically install themselves on anyone's computer. They are almost
>always deliberately installed by the computer's user, as part of some
>allegedly "free" service or product.
>
> While there are some unscrupulous malware distributors out there,
>who do attempt to install and exploit malware without consent, the
>majority of them simply rely upon the intellectual laziness and
>gullibility of the average consumer, counting on them to quickly click
>past the EULA in his/her haste to get the latest in "free" cutesy
>cursors, screensavers, "utilities," and/or wallpapers.
>
> If you were to read the EULAs that accompany, and to which the
>computer user must agree before the download/installation of the
>"screensaver" continues, most adware and spyware, you'll find that
>they _do_ have the consumer's permission to do exactly what they're
>doing. In the overwhelming majority of cases, computer users have no
>one to blame but themselves.
>
> There are several essential components to computer security: a
>knowledgeable and pro-active user, a properly configured firewall,
>reliable and up-to-date antivirus software, and the prompt repair (via
>patches, hotfixes, or service packs) of any known vulnerabilities.
>
> The weakest link in this "equation" is, of course, the computer
>user. No software manufacturer can -- nor should they be expected
>to -- protect the computer user from him/herself. All too many people
>have bought into the various PC/software manufacturers marketing
>claims of easy computing. They believe that their computer should be
>no harder to use than a toaster oven; they have neither the
>inclination or desire to learn how to safely use their computer. All
>too few people keep their antivirus software current, install patches
>in a timely manner, or stop to really think about that cutesy link
>they're about to click.
>
> Firewalls and anti-virus applications, which should always be used
>and should always be running, are important components of "safe hex,"
>but they cannot, and should not be expected to, protect the computer
>user from him/herself. Ultimately, it is incumbent upon each and
>every computer user to learn how to secure his/her own computer.
>
> To learn more about practicing "safe hex," start with these links:
>
>Protect Your PC
>http://www.microsoft.com/security/protect/default.asp
>
>Home Computer Security
>http://www.cert.org/homeusers/HomeComputerSecurity/
>
> List of Antivirus Software Vendors
>http://support.microsoft.com/default.aspx?scid=kb;en-us;49500
>
>Home PC Firewall Guide
>http://www.firewallguide.com/
>
>Scumware.com
>http://www.scumware.com/

--
more pix @ http://members.toast.net/cbminfo/index.html
Related resources
Anonymous
March 20, 2005 11:28:58 PM

Archived from groups: microsoft.public.windowsxp.newusers (More info?)

See if this helps:
http://www.pchell.com/support/webrebates.shtml

--
HTH
Meena
"VETRI" <VETRI@discussions.microsoft.com> wrote in message
news:E1E93266-3027-4DDF-B36D-97239B75C1E1@microsoft.com...
>
> OS: WIndows-Xp Professional -SP2
> Pentium-4 PC.
>
> A Window with Black-background appears on the desktop ; not able to close
it.
> It displays the folowing message:
>
> "WARNING! You are In danger....
> ..............................
> ..............................
> ..............................
> Secure yourself right now!
> Remove all spywares from your PC"
>
> 1) When I double-click on this window it opens an InternetExplorer Window
> with the URL: http://www.topantispyware.com/overview.php?223
>
>
> 2) When I right click on Windows desktop and select "properties" the
> following
> html document name appears
> Type: HTML Document
> Address(URL) : file://C:\WINDOWS\Web\desktop.html
>
>
> 3) Despite scanning & removing spywares using
"MicrosoftAntiSpyware-Beta-1"
> ( this tool removed this file : C:\WINDOWS\Web\desktop.html along with
other
> spyware files ) and then rebooting PC, this happens ( i.e 1 & 2
mentioend
> above )again.
>
> Your suggestions to fix this issue will be much apprevciated.
>
> thanks in advance!
>
> Regds
> Vetri
>
> Singapore
>
> Software Configuration Management Consultant (IBM-Rational Tools)
>
> MobilePhone: 0065 9038 8328
>
>
>
>
Anonymous
April 5, 2005 10:59:19 PM

Archived from groups: microsoft.public.windowsxp.newusers (More info?)

VETRI wrote:
> OS: WIndows-Xp Professional -SP2
> Pentium-4 PC.
>
> A Window with Black-background appears on the desktop ; not able to
close it.
> It displays the folowing message:
>
> "WARNING! You are In danger....
> ..............................
> ..............................
> ..............................
> Secure yourself right now!
> Remove all spywares from your PC"
>
> 1) When I double-click on this window it opens an InternetExplorer
Window
> with the URL: http://www.topantispyware.com/overview.php?223
>
>
> 2) When I right click on Windows desktop and select "properties" the
> following
> html document name appears
> Type: HTML Document
> Address(URL) : file://C:\WINDOWS\Web\desktop.html
>
>
> 3) Despite scanning & removing spywares using
"MicrosoftAntiSpyware-Beta-1"
> ( this tool removed this file : C:\WINDOWS\Web\desktop.html along
with other
> spyware files ) and then rebooting PC, this happens ( i.e 1 & 2
mentioend
> above )again.
>
> Your suggestions to fix this issue will be much apprevciated.
>
> thanks in advance!
>
> Regds
> Vetri
>
> Singapore
>
> Software Configuration Management Consultant (IBM-Rational Tools)
>
> MobilePhone: 0065 9038 8328
Anonymous
April 5, 2005 11:12:18 PM

Archived from groups: microsoft.public.windowsxp.newusers (More info?)

I am having the same issue. I managed to remove most of the Spamware
and viruses that hitched a ride in, but the symptoms Vetri describes
here, and another symptom, an addition to my task bar which runs next
to my clock. I am unable to remove or stop it in any way. It appears in
the shape of a yellow triangle sign in task bar area next to my clock.
Every so often it has a pop-cartoon which leads to the same URL Vetri
writes about.

I have probably thrashed my HKLM/ run and HKCU/ run areas of my
registry removing other junk and trying to remove this.

Anyone have further info?

topantispyware.com :

WHOIS information for topantispyware.com:

[whois.directi.com]
Registration Service Provided By: ESTHOST
Contact: sales@esthost.com
Abuse Desk Email Address: abuse@esthost.com

Domain Name: TOPANTISPYWARE.COM

Registrant:
xawm
Max (jove@mail.ru)
Marata 90-35
S. Petersburg
null,193001
RU
Tel. +7.9213732308

Creation Date: 18-Nov-2004
Expiration Date: 18-Nov-2005

Domain servers in listed order:
ns1.jetsearch.org
ns2.jetsearch.org


Administrative Contact:
xawm
Max (jove@mail.ru)
Marata 90-35
S. Petersburg
null,193001
RU
Tel. +7.9213732308

Technical Contact:
xawm
Max (jove@mail.ru)
Marata 90-35
S. Petersburg
null,193001
RU
Tel. +7.9213732308

Billing Contact:
xawm
Max (jove@mail.ru)
Marata 90-35
S. Petersburg
null,193001
RU
Tel. +7.9213732308

Status:ACTIVE

The data in this whois database is provided to you for information
purposes only, that is, to assist you in obtaining information about or
related to a domain name registration record. We make this information
available "as is", and do not guarantee its accuracy. By submitting a
whois query, you agree that you will use this data only for lawful
purposes and that, under no circumstances will you use this data to:
(1) enable high volume, automated, electronic processes that stress or
load this whois database system providing you this information; or
(2) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via direct mail,
electronic mail, or by telephone. The compilation, repackaging,
dissemination or other use of this data is expressly prohibited without
prior written consent from us. The registrar of record is
DirectI. We reserve the right to modify
these terms at any time. By submitting this query, you agree to abide
by these terms.




Search WHOIS records:
Domain Registration
Domain Pricing, Suggest-A-Name
Search by Keyword, Search Deleted Domains Hosting Resources
Web Plans, E-Commerce, Custom Websites
VPS, Managed Hosting, Reseller Programs

________________________________________________________________________



VETRI wrote:
> OS: WIndows-Xp Professional -SP2
> Pentium-4 PC.
>
> A Window with Black-background appears on the desktop ; not able to
close it.
> It displays the folowing message:
>
> "WARNING! You are In danger....
> ..............................
> ..............................
> ..............................
> Secure yourself right now!
> Remove all spywares from your PC"
>
> 1) When I double-click on this window it opens an InternetExplorer
Window
> with the URL: http://www.topantispyware.com/overview.php?223
>
>
> 2) When I right click on Windows desktop and select "properties" the
> following
> html document name appears
> Type: HTML Document
> Address(URL) : file://C:\WINDOWS\Web\desktop.html
>
>
> 3) Despite scanning & removing spywares using
"MicrosoftAntiSpyware-Beta-1"
> ( this tool removed this file : C:\WINDOWS\Web\desktop.html along
with other
> spyware files ) and then rebooting PC, this happens ( i.e 1 & 2
mentioend
> above )again.
>
> Your suggestions to fix this issue will be much apprevciated.
>
> thanks in advance!
>
> Regds
> Vetri
>
> Singapore
>
> Software Configuration Management Consultant (IBM-Rational Tools)
>
> MobilePhone: 0065 9038 8328
Anonymous
April 6, 2005 2:22:48 AM

Archived from groups: microsoft.public.windowsxp.newusers (More info?)

Acates

Spyware/Adware/Scumware has become a major player in compromising
computers.. they introduce viruses, trojans and worms.. they attempt to send
out information about you, and they also slow your computer down..


The worst of it is that you probably downloaded the spyware, albeit
inadvertently..



Some basic steps to removing Spyware/Adware..



First step is to run a one shot virus remover.. I have found that McAfee
Stinger works for people.. download and run it..



http://vil.nai.com/vil/stinger/



You will also need to download Spyware removal software.. Spybot and Adaware
are available at these websites.. both are free.. download and run them..
don't forget to check for updates after you have started them..



http://www.safer-networking.org/en/index.html



http://www.lavasoftusa.com/software/adaware/



.... and this link is for the latest Microsoft helping..



http://www.microsoft.com/athome/security/spyware/softwa...



Spybot has the ability to immunize a system, but there is better for this
function, so download and run Spyware Blaster too.. again, check for
updates..



http://www.javacoolsoftware.com/



If you have had your Internet browser hijacked, that is to say, you get
redirected through a search engine NOT of your choosing, you will need
different tools..



HijackThis is a popular and effective tool.. download it from here..



http://www.spychecker.com/download/download_hijackthis....



CWShredder will eliminate CoolWebSearch and variants.. there is a free
download here..



CWShredder.. http://www.intermute.com/spysubtract/cwshredder_downloa...



About:blank.. http://lunatic-skydance.de/mr/soft/SpoonWeg.exe





For other tools in the fight against spyware, visit this website and
bookmark it..



http://www.pchell.com



You must also run a firewall and anti-virus program.. here are some links
for you..



http://www.mcafee.com

http://www.symantec.com

http://www.zonealarm.com

http://www.kerio.com

http://www.gate.com

http://www.avast.com

http://www.grisoft.com





Please return to this thread and provide feedback.. it is the only way that
helpers here can determine how effective the advice given has been..



Good luck..


--
Mike Hall
MVP - Windows Shell/user

http://dts-l.org/goodpost.htm
Anonymous
April 6, 2005 2:25:38 AM

Archived from groups: microsoft.public.windowsxp.newusers (More info?)

Follow the instructions here to remove the files and Registry entries involved:
Adware.Topantispyware:
http://securityresponse.symantec.com/avcenter/venc/data...
--
Glen Ventura, MS MVP Shell/User, A+
http://dts-l.org/goodpost.htm
http://www.microsoft.com/communities/conduct/default.ms...


"Acates" <Arcates@gmail.com> wrote in message
news:1112753538.086460.117910@g14g2000cwa.googlegroups.com...
> I am having the same issue. I managed to remove most of the Spamware
> and viruses that hitched a ride in, but the symptoms Vetri describes
> here, and another symptom, an addition to my task bar which runs next
> to my clock. I am unable to remove or stop it in any way. It appears in
> the shape of a yellow triangle sign in task bar area next to my clock.
> Every so often it has a pop-cartoon which leads to the same URL Vetri
> writes about.
>
> I have probably thrashed my HKLM/ run and HKCU/ run areas of my
> registry removing other junk and trying to remove this.
>
> Anyone have further info?
>
> topantispyware.com :
>
> WHOIS information for topantispyware.com:
>
> [whois.directi.com]
> Registration Service Provided By: ESTHOST
> Contact: sales@esthost.com
> Abuse Desk Email Address: abuse@esthost.com
>
> Domain Name: TOPANTISPYWARE.COM
>
> Registrant:
> xawm
> Max (jove@mail.ru)
> Marata 90-35
> S. Petersburg
> null,193001
> RU
> Tel. +7.9213732308
>
> Creation Date: 18-Nov-2004
> Expiration Date: 18-Nov-2005
>
> Domain servers in listed order:
> ns1.jetsearch.org
> ns2.jetsearch.org
>
>
> Administrative Contact:
> xawm
> Max (jove@mail.ru)
> Marata 90-35
> S. Petersburg
> null,193001
> RU
> Tel. +7.9213732308
>
> Technical Contact:
> xawm
> Max (jove@mail.ru)
> Marata 90-35
> S. Petersburg
> null,193001
> RU
> Tel. +7.9213732308
>
> Billing Contact:
> xawm
> Max (jove@mail.ru)
> Marata 90-35
> S. Petersburg
> null,193001
> RU
> Tel. +7.9213732308
>
> Status:ACTIVE
>
> The data in this whois database is provided to you for information
> purposes only, that is, to assist you in obtaining information about or
> related to a domain name registration record. We make this information
> available "as is", and do not guarantee its accuracy. By submitting a
> whois query, you agree that you will use this data only for lawful
> purposes and that, under no circumstances will you use this data to:
> (1) enable high volume, automated, electronic processes that stress or
> load this whois database system providing you this information; or
> (2) allow, enable, or otherwise support the transmission of mass
> unsolicited, commercial advertising or solicitations via direct mail,
> electronic mail, or by telephone. The compilation, repackaging,
> dissemination or other use of this data is expressly prohibited without
> prior written consent from us. The registrar of record is
> DirectI. We reserve the right to modify
> these terms at any time. By submitting this query, you agree to abide
> by these terms.
>
>
>
>
> Search WHOIS records:
> Domain Registration
> Domain Pricing, Suggest-A-Name
> Search by Keyword, Search Deleted Domains Hosting Resources
> Web Plans, E-Commerce, Custom Websites
> VPS, Managed Hosting, Reseller Programs
>
> ________________________________________________________________________
>
>
>
> VETRI wrote:
> > OS: WIndows-Xp Professional -SP2
> > Pentium-4 PC.
> >
> > A Window with Black-background appears on the desktop ; not able to
> close it.
> > It displays the folowing message:
> >
> > "WARNING! You are In danger....
> > ..............................
> > ..............................
> > ..............................
> > Secure yourself right now!
> > Remove all spywares from your PC"
> >
> > 1) When I double-click on this window it opens an InternetExplorer
> Window
> > with the URL: http://www.topantispyware.com/overview.php?223
> >
> >
> > 2) When I right click on Windows desktop and select "properties" the
> > following
> > html document name appears
> > Type: HTML Document
> > Address(URL) : file://C:\WINDOWS\Web\desktop.html
> >
> >
> > 3) Despite scanning & removing spywares using
> "MicrosoftAntiSpyware-Beta-1"
> > ( this tool removed this file : C:\WINDOWS\Web\desktop.html along
> with other
> > spyware files ) and then rebooting PC, this happens ( i.e 1 & 2
> mentioend
> > above )again.
> >
> > Your suggestions to fix this issue will be much apprevciated.
> >
> > thanks in advance!
> >
> > Regds
> > Vetri
> >
> > Singapore
> >
> > Software Configuration Management Consultant (IBM-Rational Tools)
> >
> > MobilePhone: 0065 9038 8328
>
Anonymous
April 6, 2005 2:30:52 AM

Archived from groups: microsoft.public.windowsxp.newusers (More info?)

Embarrased....... My spybot search and destroy definitions were not
sucessfully updated. when I got a full update (3-19-05) It fixed the
problem.

So for now Im ok!

I really appreciate all your help!
Thanks
May 27, 2011 6:45:15 AM

It is a nice sharing.......
!