Tech Support Forum - View Single Post - Winspyware Hijacks my desktop and screen saver

**amateur** · 07-09-2008, 02:54 PM

Hi,

It appears that some Symantec remnants are still lingering around.

Please use the instructions on this page to completely uninstall your Norton Products.

===========================
Scan with HijackThis again.
The following activeX controls( Downloaded Program Files)will reinstall when(and if) you revisit that website,
UNLESS you know they are from a safe source, check to remove.

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} - https://www-secure.symantec.com/tech...l/SymAData.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.symantec.com/tech...l/SymAData.cab
O16 - DPF: {E5168F0C-8591-11D4-BCDF-006008B7FEA4} - http://plato.fcps.net/Pathways/pway_...b/pwlninst.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll

Close all browsers and click on "fix checked".

==========================

Please delete the following files:

C:\WINDOWS\axrfgvek.dll
C:\WINDOWS\Downloaded Program Files\WONWebLauncherControl.ocx

Note: You might need to set your system to show hidden files. Go to My Computer> Tools> Folder Options> View>"Uncheck" Hide protected operating system files. Click Apply>OK.

** These files are hidden to stop you or anybody else accidentally removing something important.
It is advisable to hide them again after you're done. **

=========================

Please go to Control Panel click Display>Desktop>Customize Desktop>Web> Now, Uncheck Everything and delete if present:
· "Security Info"
· "Warning Message"
· "Security Desktop"
· "Warning Homepage"
· "Desktop Uninstall"

Also make sure the 'Lock desktop items' box is unticked. Click OK, and then Click Apply, then OK.

=========================

Restart your computer and post a fresh HijackThis log and let me know how things are now.

07-09-2008, 02:54 PM	#6 (permalink)
amateur Moderator, Analyst, Security Team ; Rangemaster, TSF Academy Join Date: Jun 2006 Location: USA Posts: 7,302 OS: XP SP3	Re: Winspyware Hijacks my desktop and screen saver Hi, It appears that some Symantec remnants are still lingering around. Please use the instructions on this page to completely uninstall your Norton Products. =========================== Scan with HijackThis again. The following activeX controls( Downloaded Program Files)will reinstall when(and if) you revisit that website, UNLESS you know they are from a safe source, check to remove. O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} - https://www-secure.symantec.com/tech...l/SymAData.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.symantec.com/tech...l/SymAData.cab O16 - DPF: {E5168F0C-8591-11D4-BCDF-006008B7FEA4} - http://plato.fcps.net/Pathways/pway_...b/pwlninst.cab O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll Close all browsers and click on "fix checked". ========================== Please delete the following files: C:\WINDOWS\axrfgvek.dll C:\WINDOWS\Downloaded Program Files\WONWebLauncherControl.ocx Note: You might need to set your system to show hidden files. Go to My Computer> Tools> Folder Options> View>"Uncheck" Hide protected operating system files. Click Apply>OK. These files are hidden to stop you or anybody else accidentally removing something important. It is advisable to hide them again after you're done. ========================= Please go to Control Panel click Display>Desktop>Customize Desktop>Web> Now, Uncheck Everything and delete if present: · "Security Info" · "Warning Message" · "Security Desktop" · "Warning Homepage" · "Desktop Uninstall" Also make sure the 'Lock desktop items' box is unticked. Click OK, and then Click Apply, then OK. ========================= Restart your computer and post a fresh HijackThis log and let me know how things are now. __________________ My services are free. However, you can donate to TSF to help keep it running. Member of ASAP since 2005 Member of UNITE since 2006