Windows Desktop is affected by a spyware

Archived from groups: microsoft.public.windowsxp.newusers (More info?)

OS: WIndows-Xp Professional -SP2
Pentium-4 PC.

A Window with Black-background appears on the desktop ; not able to close it.
It displays the folowing message:

"WARNING! You are In danger....
..............................
..............................
..............................
Secure yourself right now!
Remove all spywares from your PC"

1) When I double-click on this window it opens an InternetExplorer Window
with the URL: http://www.topantispyware.com/overview.php?223


2) When I right click on Windows desktop and select "properties" the
following
html document name appears
Type: HTML Document
Address(URL) : file://C:\WINDOWS\Web\desktop.html


3) Despite scanning & removing spywares using "MicrosoftAntiSpyware-Beta-1"
( this tool removed this file : C:\WINDOWS\Web\desktop.html along with other
spyware files ) and then rebooting PC, this happens ( i.e 1 & 2 mentioend
above )again.

Your suggestions to fix this issue will be much apprevciated.

thanks in advance!

Regds
Vetri

Singapore

Software Configuration Management Consultant (IBM-Rational Tools)

MobilePhone: 0065 9038 8328
9 answers Last reply
More about windows desktop affected spyware
  1. Archived from groups: microsoft.public.windowsxp.newusers (More info?)

    VETRI wrote:
    > OS: WIndows-Xp Professional -SP2
    > Pentium-4 PC.
    >
    > A Window with Black-background appears on the desktop ; not able to close it.
    > It displays the folowing message:
    >
    > "WARNING! You are In danger....
    > ..............................
    > ..............................
    > ..............................
    > Secure yourself right now!
    > Remove all spywares from your PC"
    >
    > 1) When I double-click on this window it opens an InternetExplorer Window
    > with the URL: http://www.topantispyware.com/overview.php?223
    >
    >
    > 2) When I right click on Windows desktop and select "properties" the
    > following
    > html document name appears
    > Type: HTML Document
    > Address(URL) : file://C:\WINDOWS\Web\desktop.html
    >
    >
    > 3) Despite scanning & removing spywares using "MicrosoftAntiSpyware-Beta-1"
    > ( this tool removed this file : C:\WINDOWS\Web\desktop.html along with other
    > spyware files ) and then rebooting PC, this happens ( i.e 1 & 2 mentioend
    > above )again.
    >
    > Your suggestions to fix this issue will be much apprevciated.
    >
    > thanks in advance!
    >
    > Regds
    > Vetri
    >
    > Singapore
    >
    > Software Configuration Management Consultant (IBM-Rational Tools)
    >
    > MobilePhone: 0065 9038 8328
    >
    >
    >


    A software consultant that cannot protect his own computer from
    malware? I pity your customers.

    To deal with issues caused by any sort of "adware" and/or
    "spyware,"such as Gator, Comet Cursors, Smiley Central, Xupiter,
    Bonzai Buddy, or KaZaA, and their remnants, that you've deliberately
    (but without understanding the consequences) installed, two products
    that are quite effective (at finding and removing this type of
    scumware) are Ad-Aware from www.lavasoft.de and SpyBot Search &
    Destroy from www.safer-networking.org/. Both have free versions.
    It's even possible to use SpyBot Search & Destroy to "immunize" your
    system against most future intrusions. I use both and generally
    perform manual scans every week or so to clean out cookies, etc.

    Additionally, manual removal instructions for the most common
    varieties of scumware are available here:

    PC Hell Spyware and Adware Removal Help
    http://www.pchell.com/support/spyware.shtml


    Neither adware nor spyware, collectively known as scumware,
    magically install themselves on anyone's computer. They are almost
    always deliberately installed by the computer's user, as part of some
    allegedly "free" service or product.

    While there are some unscrupulous malware distributors out there,
    who do attempt to install and exploit malware without consent, the
    majority of them simply rely upon the intellectual laziness and
    gullibility of the average consumer, counting on them to quickly click
    past the EULA in his/her haste to get the latest in "free" cutesy
    cursors, screensavers, "utilities," and/or wallpapers.

    If you were to read the EULAs that accompany, and to which the
    computer user must agree before the download/installation of the
    "screensaver" continues, most adware and spyware, you'll find that
    they _do_ have the consumer's permission to do exactly what they're
    doing. In the overwhelming majority of cases, computer users have no
    one to blame but themselves.

    There are several essential components to computer security: a
    knowledgeable and pro-active user, a properly configured firewall,
    reliable and up-to-date antivirus software, and the prompt repair (via
    patches, hotfixes, or service packs) of any known vulnerabilities.

    The weakest link in this "equation" is, of course, the computer
    user. No software manufacturer can -- nor should they be expected
    to -- protect the computer user from him/herself. All too many people
    have bought into the various PC/software manufacturers marketing
    claims of easy computing. They believe that their computer should be
    no harder to use than a toaster oven; they have neither the
    inclination or desire to learn how to safely use their computer. All
    too few people keep their antivirus software current, install patches
    in a timely manner, or stop to really think about that cutesy link
    they're about to click.

    Firewalls and anti-virus applications, which should always be used
    and should always be running, are important components of "safe hex,"
    but they cannot, and should not be expected to, protect the computer
    user from him/herself. Ultimately, it is incumbent upon each and
    every computer user to learn how to secure his/her own computer.

    To learn more about practicing "safe hex," start with these links:

    Protect Your PC
    http://www.microsoft.com/security/protect/default.asp

    Home Computer Security
    http://www.cert.org/homeusers/HomeComputerSecurity/

    List of Antivirus Software Vendors
    http://support.microsoft.com/default.aspx?scid=kb;en-us;49500

    Home PC Firewall Guide
    http://www.firewallguide.com/

    Scumware.com
    http://www.scumware.com/
    --

    Bruce Chambers

    Help us help you:
    http://dts-l.org/goodpost.htm
    http://www.catb.org/~esr/faqs/smart-questions.html

    You can have peace. Or you can have freedom. Don't ever count on having
    both at once. - RAH
  2. Archived from groups: microsoft.public.windowsxp.newusers (More info?)

    On Sun, 20 Mar 2005 08:52:00 -0700, Bruce Chambers
    <bruce_a_chambers@h0tmail.com> wrote:

    Microsoft can't protect themselves, why should anyone else be any different ?

    >
    > A software consultant that cannot protect his own computer from
    >malware? I pity your customers.
    >
    > To deal with issues caused by any sort of "adware" and/or
    >"spyware,"such as Gator, Comet Cursors, Smiley Central, Xupiter,
    >Bonzai Buddy, or KaZaA, and their remnants, that you've deliberately
    >(but without understanding the consequences) installed, two products
    >that are quite effective (at finding and removing this type of
    >scumware) are Ad-Aware from www.lavasoft.de and SpyBot Search &
    >Destroy from www.safer-networking.org/. Both have free versions.
    >It's even possible to use SpyBot Search & Destroy to "immunize" your
    >system against most future intrusions. I use both and generally
    >perform manual scans every week or so to clean out cookies, etc.
    >
    > Additionally, manual removal instructions for the most common
    >varieties of scumware are available here:
    >
    >PC Hell Spyware and Adware Removal Help
    >http://www.pchell.com/support/spyware.shtml
    >
    >
    > Neither adware nor spyware, collectively known as scumware,
    >magically install themselves on anyone's computer. They are almost
    >always deliberately installed by the computer's user, as part of some
    >allegedly "free" service or product.
    >
    > While there are some unscrupulous malware distributors out there,
    >who do attempt to install and exploit malware without consent, the
    >majority of them simply rely upon the intellectual laziness and
    >gullibility of the average consumer, counting on them to quickly click
    >past the EULA in his/her haste to get the latest in "free" cutesy
    >cursors, screensavers, "utilities," and/or wallpapers.
    >
    > If you were to read the EULAs that accompany, and to which the
    >computer user must agree before the download/installation of the
    >"screensaver" continues, most adware and spyware, you'll find that
    >they _do_ have the consumer's permission to do exactly what they're
    >doing. In the overwhelming majority of cases, computer users have no
    >one to blame but themselves.
    >
    > There are several essential components to computer security: a
    >knowledgeable and pro-active user, a properly configured firewall,
    >reliable and up-to-date antivirus software, and the prompt repair (via
    >patches, hotfixes, or service packs) of any known vulnerabilities.
    >
    > The weakest link in this "equation" is, of course, the computer
    >user. No software manufacturer can -- nor should they be expected
    >to -- protect the computer user from him/herself. All too many people
    >have bought into the various PC/software manufacturers marketing
    >claims of easy computing. They believe that their computer should be
    >no harder to use than a toaster oven; they have neither the
    >inclination or desire to learn how to safely use their computer. All
    >too few people keep their antivirus software current, install patches
    >in a timely manner, or stop to really think about that cutesy link
    >they're about to click.
    >
    > Firewalls and anti-virus applications, which should always be used
    >and should always be running, are important components of "safe hex,"
    >but they cannot, and should not be expected to, protect the computer
    >user from him/herself. Ultimately, it is incumbent upon each and
    >every computer user to learn how to secure his/her own computer.
    >
    > To learn more about practicing "safe hex," start with these links:
    >
    >Protect Your PC
    >http://www.microsoft.com/security/protect/default.asp
    >
    >Home Computer Security
    >http://www.cert.org/homeusers/HomeComputerSecurity/
    >
    > List of Antivirus Software Vendors
    >http://support.microsoft.com/default.aspx?scid=kb;en-us;49500
    >
    >Home PC Firewall Guide
    >http://www.firewallguide.com/
    >
    >Scumware.com
    >http://www.scumware.com/

    --
    more pix @ http://members.toast.net/cbminfo/index.html
  3. Archived from groups: microsoft.public.windowsxp.newusers (More info?)

    See if this helps:
    http://www.pchell.com/support/webrebates.shtml

    --
    HTH
    Meena
    "VETRI" <VETRI@discussions.microsoft.com> wrote in message
    news:E1E93266-3027-4DDF-B36D-97239B75C1E1@microsoft.com...
    >
    > OS: WIndows-Xp Professional -SP2
    > Pentium-4 PC.
    >
    > A Window with Black-background appears on the desktop ; not able to close
    it.
    > It displays the folowing message:
    >
    > "WARNING! You are In danger....
    > ..............................
    > ..............................
    > ..............................
    > Secure yourself right now!
    > Remove all spywares from your PC"
    >
    > 1) When I double-click on this window it opens an InternetExplorer Window
    > with the URL: http://www.topantispyware.com/overview.php?223
    >
    >
    > 2) When I right click on Windows desktop and select "properties" the
    > following
    > html document name appears
    > Type: HTML Document
    > Address(URL) : file://C:\WINDOWS\Web\desktop.html
    >
    >
    > 3) Despite scanning & removing spywares using
    "MicrosoftAntiSpyware-Beta-1"
    > ( this tool removed this file : C:\WINDOWS\Web\desktop.html along with
    other
    > spyware files ) and then rebooting PC, this happens ( i.e 1 & 2
    mentioend
    > above )again.
    >
    > Your suggestions to fix this issue will be much apprevciated.
    >
    > thanks in advance!
    >
    > Regds
    > Vetri
    >
    > Singapore
    >
    > Software Configuration Management Consultant (IBM-Rational Tools)
    >
    > MobilePhone: 0065 9038 8328
    >
    >
    >
    >
  4. Archived from groups: microsoft.public.windowsxp.newusers (More info?)

    VETRI wrote:
    > OS: WIndows-Xp Professional -SP2
    > Pentium-4 PC.
    >
    > A Window with Black-background appears on the desktop ; not able to
    close it.
    > It displays the folowing message:
    >
    > "WARNING! You are In danger....
    > ..............................
    > ..............................
    > ..............................
    > Secure yourself right now!
    > Remove all spywares from your PC"
    >
    > 1) When I double-click on this window it opens an InternetExplorer
    Window
    > with the URL: http://www.topantispyware.com/overview.php?223
    >
    >
    > 2) When I right click on Windows desktop and select "properties" the
    > following
    > html document name appears
    > Type: HTML Document
    > Address(URL) : file://C:\WINDOWS\Web\desktop.html
    >
    >
    > 3) Despite scanning & removing spywares using
    "MicrosoftAntiSpyware-Beta-1"
    > ( this tool removed this file : C:\WINDOWS\Web\desktop.html along
    with other
    > spyware files ) and then rebooting PC, this happens ( i.e 1 & 2
    mentioend
    > above )again.
    >
    > Your suggestions to fix this issue will be much apprevciated.
    >
    > thanks in advance!
    >
    > Regds
    > Vetri
    >
    > Singapore
    >
    > Software Configuration Management Consultant (IBM-Rational Tools)
    >
    > MobilePhone: 0065 9038 8328
  5. Archived from groups: microsoft.public.windowsxp.newusers (More info?)

    I am having the same issue. I managed to remove most of the Spamware
    and viruses that hitched a ride in, but the symptoms Vetri describes
    here, and another symptom, an addition to my task bar which runs next
    to my clock. I am unable to remove or stop it in any way. It appears in
    the shape of a yellow triangle sign in task bar area next to my clock.
    Every so often it has a pop-cartoon which leads to the same URL Vetri
    writes about.

    I have probably thrashed my HKLM/ run and HKCU/ run areas of my
    registry removing other junk and trying to remove this.

    Anyone have further info?

    topantispyware.com :

    WHOIS information for topantispyware.com:

    [whois.directi.com]
    Registration Service Provided By: ESTHOST
    Contact: sales@esthost.com
    Abuse Desk Email Address: abuse@esthost.com

    Domain Name: TOPANTISPYWARE.COM

    Registrant:
    xawm
    Max (jove@mail.ru)
    Marata 90-35
    S. Petersburg
    null,193001
    RU
    Tel. +7.9213732308

    Creation Date: 18-Nov-2004
    Expiration Date: 18-Nov-2005

    Domain servers in listed order:
    ns1.jetsearch.org
    ns2.jetsearch.org


    Administrative Contact:
    xawm
    Max (jove@mail.ru)
    Marata 90-35
    S. Petersburg
    null,193001
    RU
    Tel. +7.9213732308

    Technical Contact:
    xawm
    Max (jove@mail.ru)
    Marata 90-35
    S. Petersburg
    null,193001
    RU
    Tel. +7.9213732308

    Billing Contact:
    xawm
    Max (jove@mail.ru)
    Marata 90-35
    S. Petersburg
    null,193001
    RU
    Tel. +7.9213732308

    Status:ACTIVE

    The data in this whois database is provided to you for information
    purposes only, that is, to assist you in obtaining information about or
    related to a domain name registration record. We make this information
    available "as is", and do not guarantee its accuracy. By submitting a
    whois query, you agree that you will use this data only for lawful
    purposes and that, under no circumstances will you use this data to:
    (1) enable high volume, automated, electronic processes that stress or
    load this whois database system providing you this information; or
    (2) allow, enable, or otherwise support the transmission of mass
    unsolicited, commercial advertising or solicitations via direct mail,
    electronic mail, or by telephone. The compilation, repackaging,
    dissemination or other use of this data is expressly prohibited without
    prior written consent from us. The registrar of record is
    DirectI. We reserve the right to modify
    these terms at any time. By submitting this query, you agree to abide
    by these terms.


    Search WHOIS records:
    Domain Registration
    Domain Pricing, Suggest-A-Name
    Search by Keyword, Search Deleted Domains Hosting Resources
    Web Plans, E-Commerce, Custom Websites
    VPS, Managed Hosting, Reseller Programs

    ________________________________________________________________________


    VETRI wrote:
    > OS: WIndows-Xp Professional -SP2
    > Pentium-4 PC.
    >
    > A Window with Black-background appears on the desktop ; not able to
    close it.
    > It displays the folowing message:
    >
    > "WARNING! You are In danger....
    > ..............................
    > ..............................
    > ..............................
    > Secure yourself right now!
    > Remove all spywares from your PC"
    >
    > 1) When I double-click on this window it opens an InternetExplorer
    Window
    > with the URL: http://www.topantispyware.com/overview.php?223
    >
    >
    > 2) When I right click on Windows desktop and select "properties" the
    > following
    > html document name appears
    > Type: HTML Document
    > Address(URL) : file://C:\WINDOWS\Web\desktop.html
    >
    >
    > 3) Despite scanning & removing spywares using
    "MicrosoftAntiSpyware-Beta-1"
    > ( this tool removed this file : C:\WINDOWS\Web\desktop.html along
    with other
    > spyware files ) and then rebooting PC, this happens ( i.e 1 & 2
    mentioend
    > above )again.
    >
    > Your suggestions to fix this issue will be much apprevciated.
    >
    > thanks in advance!
    >
    > Regds
    > Vetri
    >
    > Singapore
    >
    > Software Configuration Management Consultant (IBM-Rational Tools)
    >
    > MobilePhone: 0065 9038 8328
  6. Archived from groups: microsoft.public.windowsxp.newusers (More info?)

    Acates

    Spyware/Adware/Scumware has become a major player in compromising
    computers.. they introduce viruses, trojans and worms.. they attempt to send
    out information about you, and they also slow your computer down..


    The worst of it is that you probably downloaded the spyware, albeit
    inadvertently..


    Some basic steps to removing Spyware/Adware..


    First step is to run a one shot virus remover.. I have found that McAfee
    Stinger works for people.. download and run it..


    http://vil.nai.com/vil/stinger/


    You will also need to download Spyware removal software.. Spybot and Adaware
    are available at these websites.. both are free.. download and run them..
    don't forget to check for updates after you have started them..


    http://www.safer-networking.org/en/index.html


    http://www.lavasoftusa.com/software/adaware/


    .... and this link is for the latest Microsoft helping..


    http://www.microsoft.com/athome/security/spyware/software/default.mspx


    Spybot has the ability to immunize a system, but there is better for this
    function, so download and run Spyware Blaster too.. again, check for
    updates..


    http://www.javacoolsoftware.com/


    If you have had your Internet browser hijacked, that is to say, you get
    redirected through a search engine NOT of your choosing, you will need
    different tools..


    HijackThis is a popular and effective tool.. download it from here..


    http://www.spychecker.com/download/download_hijackthis.html


    CWShredder will eliminate CoolWebSearch and variants.. there is a free
    download here..


    CWShredder.. http://www.intermute.com/spysubtract/cwshredder_download.html


    About:blank.. http://lunatic-skydance.de/mr/soft/SpoonWeg.exe


    For other tools in the fight against spyware, visit this website and
    bookmark it..


    http://www.pchell.com


    You must also run a firewall and anti-virus program.. here are some links
    for you..


    http://www.mcafee.com

    http://www.symantec.com

    http://www.zonealarm.com

    http://www.kerio.com

    http://www.gate.com

    http://www.avast.com

    http://www.grisoft.com


    Please return to this thread and provide feedback.. it is the only way that
    helpers here can determine how effective the advice given has been..


    Good luck..


    --
    Mike Hall
    MVP - Windows Shell/user

    http://dts-l.org/goodpost.htm
  7. Archived from groups: microsoft.public.windowsxp.newusers (More info?)

    Follow the instructions here to remove the files and Registry entries involved:
    Adware.Topantispyware:
    http://securityresponse.symantec.com/avcenter/venc/data/adware.topantispyware.html
    --
    Glen Ventura, MS MVP Shell/User, A+
    http://dts-l.org/goodpost.htm
    http://www.microsoft.com/communities/conduct/default.mspx


    "Acates" <Arcates@gmail.com> wrote in message
    news:1112753538.086460.117910@g14g2000cwa.googlegroups.com...
    > I am having the same issue. I managed to remove most of the Spamware
    > and viruses that hitched a ride in, but the symptoms Vetri describes
    > here, and another symptom, an addition to my task bar which runs next
    > to my clock. I am unable to remove or stop it in any way. It appears in
    > the shape of a yellow triangle sign in task bar area next to my clock.
    > Every so often it has a pop-cartoon which leads to the same URL Vetri
    > writes about.
    >
    > I have probably thrashed my HKLM/ run and HKCU/ run areas of my
    > registry removing other junk and trying to remove this.
    >
    > Anyone have further info?
    >
    > topantispyware.com :
    >
    > WHOIS information for topantispyware.com:
    >
    > [whois.directi.com]
    > Registration Service Provided By: ESTHOST
    > Contact: sales@esthost.com
    > Abuse Desk Email Address: abuse@esthost.com
    >
    > Domain Name: TOPANTISPYWARE.COM
    >
    > Registrant:
    > xawm
    > Max (jove@mail.ru)
    > Marata 90-35
    > S. Petersburg
    > null,193001
    > RU
    > Tel. +7.9213732308
    >
    > Creation Date: 18-Nov-2004
    > Expiration Date: 18-Nov-2005
    >
    > Domain servers in listed order:
    > ns1.jetsearch.org
    > ns2.jetsearch.org
    >
    >
    > Administrative Contact:
    > xawm
    > Max (jove@mail.ru)
    > Marata 90-35
    > S. Petersburg
    > null,193001
    > RU
    > Tel. +7.9213732308
    >
    > Technical Contact:
    > xawm
    > Max (jove@mail.ru)
    > Marata 90-35
    > S. Petersburg
    > null,193001
    > RU
    > Tel. +7.9213732308
    >
    > Billing Contact:
    > xawm
    > Max (jove@mail.ru)
    > Marata 90-35
    > S. Petersburg
    > null,193001
    > RU
    > Tel. +7.9213732308
    >
    > Status:ACTIVE
    >
    > The data in this whois database is provided to you for information
    > purposes only, that is, to assist you in obtaining information about or
    > related to a domain name registration record. We make this information
    > available "as is", and do not guarantee its accuracy. By submitting a
    > whois query, you agree that you will use this data only for lawful
    > purposes and that, under no circumstances will you use this data to:
    > (1) enable high volume, automated, electronic processes that stress or
    > load this whois database system providing you this information; or
    > (2) allow, enable, or otherwise support the transmission of mass
    > unsolicited, commercial advertising or solicitations via direct mail,
    > electronic mail, or by telephone. The compilation, repackaging,
    > dissemination or other use of this data is expressly prohibited without
    > prior written consent from us. The registrar of record is
    > DirectI. We reserve the right to modify
    > these terms at any time. By submitting this query, you agree to abide
    > by these terms.
    >
    >
    >
    >
    > Search WHOIS records:
    > Domain Registration
    > Domain Pricing, Suggest-A-Name
    > Search by Keyword, Search Deleted Domains Hosting Resources
    > Web Plans, E-Commerce, Custom Websites
    > VPS, Managed Hosting, Reseller Programs
    >
    > ________________________________________________________________________
    >
    >
    >
    > VETRI wrote:
    > > OS: WIndows-Xp Professional -SP2
    > > Pentium-4 PC.
    > >
    > > A Window with Black-background appears on the desktop ; not able to
    > close it.
    > > It displays the folowing message:
    > >
    > > "WARNING! You are In danger....
    > > ..............................
    > > ..............................
    > > ..............................
    > > Secure yourself right now!
    > > Remove all spywares from your PC"
    > >
    > > 1) When I double-click on this window it opens an InternetExplorer
    > Window
    > > with the URL: http://www.topantispyware.com/overview.php?223
    > >
    > >
    > > 2) When I right click on Windows desktop and select "properties" the
    > > following
    > > html document name appears
    > > Type: HTML Document
    > > Address(URL) : file://C:\WINDOWS\Web\desktop.html
    > >
    > >
    > > 3) Despite scanning & removing spywares using
    > "MicrosoftAntiSpyware-Beta-1"
    > > ( this tool removed this file : C:\WINDOWS\Web\desktop.html along
    > with other
    > > spyware files ) and then rebooting PC, this happens ( i.e 1 & 2
    > mentioend
    > > above )again.
    > >
    > > Your suggestions to fix this issue will be much apprevciated.
    > >
    > > thanks in advance!
    > >
    > > Regds
    > > Vetri
    > >
    > > Singapore
    > >
    > > Software Configuration Management Consultant (IBM-Rational Tools)
    > >
    > > MobilePhone: 0065 9038 8328
    >
  8. Archived from groups: microsoft.public.windowsxp.newusers (More info?)

    Embarrased....... My spybot search and destroy definitions were not
    sucessfully updated. when I got a full update (3-19-05) It fixed the
    problem.

    So for now Im ok!

    I really appreciate all your help!
    Thanks
  9. It is a nice sharing.......
Ask a new question

Read More

Desktops Spyware Windows XP