Background message “Warning! Spyware detected [Solved]
I had the same problem. Wallpaper & Screensavor tab missing and fake virus alert. I used this software and it got rid or it, Malwarebytes Anti-Malware.
Here is the link:
http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html
The free version works just fine. Also if when you reboot you get an “Cannot Display This Video Mode” message. Unplug your monitor then reboot. When you’re sure that the log on prompt is up, replug your monitor.
Here is a copy of my Malwarebytes log, The ones labeled “Trojan.FakeAlert” is this perticular spyware. Also it restore the noscreensavor and nobackground that was placed in the RegKey
Malwarebytes’ Anti-Malware 1.25
Database version: 1062
Windows 5.1.2600 Service Pack 2
10:34:12 AM 08/27/08
mbam-log-08-27-2008 (10-34-12).txt
Scan type: Full Scan (C:\|)
Objects scanned: 139484
Time elapsed: 1 hour(s), 5 minute(s), 2 second(s)
Memory Processes Infected: 1
Memory Modules Infected: 1
Registry Keys Infected: 12
Registry Values Infected: 7
Registry Data Items Infected: 3
Folders Infected: 3
Files Infected: 10
Memory Processes Infected:
C:\WINDOWS\SYSTEM32\lphcpwej0e741.exe (Trojan.FakeAlert) -> Unloaded process successfully.
Memory Modules Infected:
C:\WINDOWS\SYSTEM32\blphcpwej0e741.scr (Trojan.FakeAlert) -> Delete on reboot.
Registry Keys Infected:
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/windows/downloaded program files/popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sysrest.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sysrest.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sysrest.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysrest32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphcpwej0e741 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
C:\Program Files\dynamic toolbar (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\GSIM (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\GSIM\Cache (Adware.2020search) -> Quarantined and deleted successfully.
Files Infected:
C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\GSIM\Cache\T10312.tmp (Adware.2020search) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\sysrest32.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\vdo_g.ini (Stolen.Data) -> Quarantined and deleted successfully.
C:\Program Files\Internet Explorer\setupapi.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\blphcpwej0e741.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\lphcpwej0e741.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\phcpwej0e741.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sysrest.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\amegino\Local Settings\Temp\.ttF.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
Incoming search terms for the article:
Similar articles
- Removal instructions for Live PC Care
Malwarebytes’ Anti-Malware 1.44 Database version: 3641 Windows 5.1.2600 Service Pack 2 Internet Explorer 6.0.2900.2180 1/26/2010 8:27:28 PM mbam-log-2010-01-26 (20-27-26).txt Scan type: Quick Scan Objects scanned: 97492 Time elapsed: 2 minute(s), 36 second(s) Memory Processes Infected: 1 Memory Modules Infected: 0 Registry Keys Infected: 759 Registry Values Infected: 14 Registry ... - How to remove PC Live Guard rogue anti-spyware
How to remove PC Live Guard rogue anti-spyware Malware Description:PC Live Guard is a new cyber invader that hails from a specific family of rogue anti-spyware tools involving the recent Live PC Care, Additional Guard and Enterprise Suite. PC Live Guard is dangerous in a number of ways. First of all, PC ... - Live PC Care Removal Instructions on Computer Health Technologies
Live PC Care Removal Instructions A variety of ways are applied by hackers to omit security barriers of computer systems and their networks; in case a computer is protected from virus, worm or trojan attacks aimed at backdoor Live PC Care (LivePC Care) downloading and its further unauthorized installation, there is yet another way for ... - How to remove Live PC Care rogue anti-spyware
How to remove Live PC Care rogue anti-spyware Malware Description:Live PC Care is yet another application to avoid because it pretends to be the contrary to its actual essence. Live PC Care appears to be a cyber impostor that installs without your permission and tries to convince you that it is a helpful computer security ... - Remove Live PC Care For XP/Vista
Remove Live PC Care December 8th, 2009 | by Alex | Live PC Care Descriptions: Live PC Care is a fake anti-spyware application which is usually installed as you click on the malicious online scanners to scan your PC. After the installation Live PC Care will start its fake scans and you will be threatened ...