Some Kind of Virus Thingy

[KayfabeMan]

So I turn on my computer, and my normal wallpaper appears. A second later, it turns into a black wallpaper that reads "Warning! Your computer might be infected with spyware or adware!!! Strange homepage, pop up ads, loss of important data and unstable functioning are the signs that you are infected. Click here to get the latest spyware removal software. Your computer is still vulnerable to new attacks".

Now, I see that there is a program running called INTELL32.

I tried to delete it, and it doesn't work. I also ran the McAfee Virus Scan deal, and yet this is still there. There is a little red circular icon that appears at the bottom right of my toolbar - with an exclamation point inside of it too. I don't know what this all was caused from, but I can't get rid of the damn thing.

It's also affecting my e-mail being sent, my buddy list and IM's and shit - and I'm running slower than I usually am.

Any help would be cool.

[The Fugitive]

Trojan, actually. You don't have the best luck with your PC, don't you?

Ok, here's the steps to remove that trojan.

1) Disable System Restore. I don't know what version of Windows you're running, but if you're running ME, click Start, then Settings, then Control Panel. Double click the System icon, if you can't see it, click View All Control Panel options to show it. Then click the Performance tab, and click File System. Click the Troubleshooting tab, then mark Disable System Restore. Click OK, then click Yes. After the virus removal, turn it back on by repeating the above steps and removing the tick off Disable System Restore.

If you're running XP, then click Start, right-click My Computer, then click Properties. You should see a System Restore tab, click that, then click Turn off System Restore. Click Apply, you'll get a message saying that you'll lose all your existing restore points if you do so. Click Yes. Click OK. After you remove the virus, restart the machine and turn System Restore back on, following the previous instructions, but unchecking 'Turn Off System Restore'.

If you're running a earlier version of Windows, just disregard that step.

2) If you haven't done so, update your Virus Definitions, your latest virus definitions should have this in their records. Scan for your PC for the file, if that fails, go to Symantec and run their Virus Scan, that should pick it up.

3) You want to go into your Registry, find the values that the trojan left behind and delete them. To do that, go to Start, then click Run, then type in 'regedit', then click OK. It's possible that the virus has changed the registry so you can't access it, you'll need a piece of software to fix that. You can get that here. http://securityresponse.symantec.com...stry.keys.html

When you are in the Registry, using the tree directory on the left side window, make your way to the subkey.

• Go to 'HKEY_USERS\Software\Microsoft\Windows\CurrentVersion\Run'. In the right-hand window, delete the value "intell32.exe" = "%System%\intell32.exe".
• Make your way to and delete 'HKEY_CLASSES_ROOT\CLSID\{357A87ED-3E5D-437d-B334-DEB7EB4982A3'
• Also delete ''HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Update'
• After that, go to 'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer' and change the value of "NoActiveDesktopChanges" to 1.
• Go to the subkey 'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\
  Policies\System' and change the values of "NoDispBackgroundPage" and "NoDispAppearancePage" to 1.
• Go to 'HKEY_CURRENT_USER\Control Panel\Desktop' and change the values of "Wallpaperstyle" to 0 and "Wallpaper" = "%SystemRoot%\%System%\wppp.html"

Now, close your Registry, and restart the PC. It should be fixed then.

Mucking around with the Registry isn't generally a good idea, but as long as you only alter the certain values listed, everything should turn out fine. And if the PC blows up, as one untalented hoss would say, 'It's not my fault'.