My desktop displays "Your Privacy is in Danger:Ownload Privacy soft ware now"?

I have had this just today and had everything in my computer screwed up... The start button doesn't show icons and there is an spyware warning thing that pops up every minute.... I have trial kaspersky right now but the computer scan takes forever...

I need help plz....

I read somewhere to run HJT so...here are my notes...

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 08:51: VIRUS ALERT!, on 7/2/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

C:\Program Files\Trillian\trillian.exe

C:\WINDOWS\ALCFDRTM.EXE

C:\WINDOWS\system32\wpabaln.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid...

O3 - Toolbar: nqgpedlr - {6374A4B4-45BA-4718-9972-E56A8912ED9E} - C:\WINDOWS\nqgpedlr.dll

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [2417e788] rundll32.exe "C:\WINDOWS\system32\nyeghkuh.dll",b

O4 - HKLM\..\Run: [1400] C:\DOCUME~1\Gunwan\LOCALS~1\Temp\Setup_ver1.1400.0.exe

O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"

O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent

O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"

O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

O21 - SSODL: okmdepgb - {E78FB225-5197-4268-95DF-9076587B7961} - C:\WINDOWS\okmdepgb.dll

O21 - SSODL: axrfgvek - {2A9258FE-8EC4-433B-A2FA-CB9A4A3227F8} - C:\WINDOWS\axrfgvek.dll

O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--

End of file - 3679 bytes

9 Answers

Relevance
  • 1 decade ago
    Best Answer

    Hi, this is an easy way to remove this spyware.

    And by the way, if you cant download these you will have to buy a usb flash drive and have a friends computer.

    P.S. Unplug your internet when you have the programs downloaded to prevent more spyware from downloading.

    Download SmitFraud Fix.

    http://siri.geekstogo.com/SmitfraudFix.php.

    Put it onto your desktop and run it.

    If it does not run from your desktop, move it into the C:\ Drive and run it from there.

    (Go to run and put in C:\ and drag it and run it from there.)

    Once you have it running,

    http://siri.geekstogo.com/Bitmaps/Fix01b.png

    * Double-click SmitfraudFix.exe

    * Select 1 and hit Enter to create a report of the infected files. The report can be found at the root of the system drive, usually at C:\rapport.txt

    Now to clean.

    http://siri.geekstogo.com/Bitmaps/Fix02b.png

    * Reboot your computer in Safe Mode (before the Windows icon appears, tap the F8 key continually)

    * Double-click SmitfraudFix.exe

    * Select 2 and hit Enter to delete infect files.

    * You will be prompted: Do you want to clean the registry ? answer Y (yes) and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection.

    * The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found): Replace infected file ? answer Y (yes) and hit Enter to restore a clean file.

    * A reboot may be needed to finish the cleaning process. The report can be found at the root of the system drive, usually at C:\rapport.txt

    Also, process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool". It is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user, so ignore the warnings and let the program continue.

    Your computer shall be cleaned by now, but time to get some other antivirus programs so it doesn't happen again.

    Keep SmitFraudFix just encase.

    You're going to want firefox if you dont have it already.

    It's so much better than internet explorer, safer and faster.

    http://www.mozilla.com/firefox/

    Ad-Aware. Detects most viruses I guess.

    http://lavasoft.com/products/ad_aware_free.php

    SpyBot S&D, will detect alot of rogue antivirus programs, spyware junk..

    http://www.safer-networking.org/

    And a regular antivirus program. Free, and is really good.

    http://free.grisoft.com/

    And just encase you want regular protection..

    http://www.avast.com/

    All of this stuff is free.

    Hope this helped you clean out your computer.

    Source(s): Me.
  • 1 decade ago

    You could edit the registry to remove the offending articles

    - AND/OR -

    Run HijackThis to stop the offenders from running.

    Start your PC in SafeMode first.

    Items i would remove are..

    Running processes:

    C:\WINDOWS\eHome\ehRecvr.exe

    C:\WINDOWS\eHome\ehSched.exe

    C:\WINDOWS\ehome\ehtray.exe

    C:\WINDOWS\RTHDCPL.EXE

    C:\WINDOWS\ALCFDRTM.EXE

    C:\WINDOWS\eHome\ehmsas.exe

    C:\Program Files\Mozilla Firefox\firefox.exe

    Registry Entries

    R0 - HKCU\Software\Microsoft\Intern... Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmi...

    O3 - Toolbar: nqgpedlr - {6374A4B4-45BA-4718-9972-E56A8... - C:\WINDOWS\nqgpedlr.dll

    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.d...

    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

    O4 - HKLM\..\Run: [2417e788] rundll32.exe "C:\WINDOWS\system32\nyeghkuh....

    O4 - HKLM\..\Run: [1400] C:\DOCUME~1\Gunwan\LOCALS~1\Te...

    O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent

    O6 - HKCU\Software\Policies\Microso... Explorer\Restrictions present

    O7 - HKCU\Software\Microsoft\Window... DisableRegedit=1

    O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4AC... - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04... - C:\Program Files\Messenger\msmsgs.exe (file missing)

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04... - C:\Program Files\Messenger\msmsgs.exe (file missing)

    O21 - SSODL: okmdepgb - {E78FB225-5197-4268-95DF-90765... - C:\WINDOWS\okmdepgb.dll

    O21 - SSODL: axrfgvek - {2A9258FE-8EC4-433B-A2FA-CB9A4... - C:\WINDOWS\axrfgvek.dll

    O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_dan...

    Removing these will not cause you any problems.

    and may fix some problems.

    Although there may be other stuff to remove also.

    (the full lines do not show in YahooAnswers)

    (I also know that you use some of the programs that some enteries refer to, but removing as above does not remove the actual program)

    (Running (in safemode) AdAware & SpywareBlaster, etc.. will not do you any harm either :)

  • 1 decade ago

    This isn't a joke install the (free) program found at http://www.free-av.com/ it will start right away with scanning when you have install it, don't forget to update the program.

    Also install the program found at http://www.download.com/ZoneAlarm-Firewall-Windows... it's not easy to use this program, when you don't understand it you must buy it, but this firewall is much better then the one you'll get with XP

    Also install the program adaware found at http://www.lavasoft.com/?langref=NL I know you think, this isn't normal but no pc/laptop can't run safe without this protection. Also beware that when you use wireless connection you protect you'r connection with a protection recommended by your modem/router provider.

    Don't ever believe that you must scan your pc with a program from a server (pc from someone else) when you'll get information on your screen you are in danger, the problem already exist, the only way use the program I have recommended, when this didn't help you must reinstall XP, but I don't think you are able to do this on your own, but remember when you install XP after formatting the c:\drive don't connect your pc with the internet, first install zonealarm firewall

  • Mike B
    Lv 4
    1 decade ago

    If you know enough to try Hijackthis, I suggest you save your important data, format and reinstall. It is the surest way to clean any problems and it's good to do if you know how to do it. I reinstall every couple years just to keep things snappy. It's probably not always necessary, but it sure is snappier after it's done. Just make sure you grab the necessary drivers before you start, it's a real pain in the butt if you only have access to one computer and find out you have no network drivers.

  • How do you think about the answers? You can sign in to vote the answer.
  • 4 years ago

    The privacy settings on Facebook were never very difficult or complicated,it's just that some people didn't want to take the time to read them properly.Like normal humans,they don't want to be blamed,so they blame facebook. Me?Facebook has been a great tool to reconnect with friends,and I certainly wouldn't quit facebook just because of the settings.

  • Anonymous
    1 decade ago

    It might be a registry problem or maybe you have spyware on your pc, try to scan your computer for those.

  • 1 decade ago

    Helpful forum thread here:

    http://www.spywarewarrior.com/viewtopic.php?p=1837...

    Kaspersky isn't going to do you much good, in this case, it looks like.

    Start at third post down.

  • BenG
    Lv 4
    1 decade ago

    Sound like a trojan/spyware try using

    Spybot (free)

    http://www.safer-networking.org/index2.html

    Adaware (free)

    http://lavasoft.com/

    Also install a virus checker if you haven't already done so.

    AVG (free)

    http://free.avg.com/

    Good luck

Still have questions? Get your answers by asking now.