Had a laptop come in today that was infected with various spyware and viri.
One of the spyware items was one of those Active Desktop jobs that takes over your desktop and tells you that you have critical spyware bla bla bla.
I cleaned all the spyware off no worries and viruses with a little bit more stuffing round.
All seemed well except for when I rebooted I had no desktop picture and when I right clicked on the desktop and went to properties I couldn’t select a desktop picture (the options were simply greyed out).
Solution download/install/run:
http://www.thespykiller.co.uk/files/cleandesktop.exe
It is interesting to note what these scripts do, they basically reset all the settings pertaining to the current users desktop.
Wshshell.RegDelete "HKLM\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\"
Wshshell.RegDelete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\"
Wshshell.RegDelete "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ClassicShell"
Wshshell.RegDelete "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceActiveDesktopOn"
Wshshell.RegDelete "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoViewContextMenu"
Wshshell.RegDelete "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\Wallpaper"
Wshshell.RegDelete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\NoViewContextMenu"
Wshshell.RegDelete "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktop"
Wshshell.RegDelete "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Custom Desktop"
Wshshell.RegDelete "HKCU\Control Panel\desktop\ConvertedWallpaper"
Wshshell.RegDelete "HKCU\Control Panel\desktop\ConvertedWallpaper Last WriteTime"
Wshshell.RegDelete "HKCU\Control Panel\desktop\OriginalWallpaper"
Wshshell.RegDelete "HKCU\Control Panel\desktop\Wallpaper"
Wshshell.RegDelete "HKCU\Software\Microsoft\Internet Explorer\Desktop\SafeMode\General\Wallpaper"
Wshshell.RegDelete "HKLM\SOFTWARE\Microsoft\Internet Explorer\Desktop\"
'Writes:
Wshshell.RegWrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Desktop", "%USERPROFILE%\Desktop" ,"REG_EXPAND_SZ"
Wshshell.RegWrite "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Common Desktop" ,"%ALLUSERSPROFILE%\Desktop", "REG_EXPAND_SZ"
Wshshell.RegWrite "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Common Desktop" ,"%ALLUSERSPROFILE%\Desktop", "REG_EXPAND_SZ"
Wshshell.RegWrite "HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Desktop" ,"%USERPROFILE%\Desktop", "REG_EXPAND_SZ"
Wshshell.RegWrite "HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Desktop" ,"%USERPROFILE%\Desktop", "REG_EXPAND_SZ"
Wshshell.RegWrite "HKCU\Software\Microsoft\Internet Explorer\Desktop\General\BackupWallpaper","%USERPROFILE%\Local Settings\Application Data\Microsoft\Wallpaper1.bmp" , "REG_EXPAND_SZ"
Wshshell.RegWrite "HKCU\Software\Microsoft\Internet Explorer\Desktop\General\Wallpaper","%USERPROFILE%\Local Settings\Application Data\Microsoft\Wallpaper1.bmp" ,"REG_EXPAND_SZ"
Wshshell.RegWrite "HKCU\Software\Microsoft\Internet Explorer\Desktop\SafeMode\General\VisitGallery" , 0, "REG_DWORD"
Wshshell.RegWrite "HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Desktop" , Syst & "\config\systemprofile\Desktop"
Wshshell.RegWrite "HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Desktop" , Syst & "\config\systemprofile\Desktop"
Wshshell.RegWrite "HKCU\Software\Microsoft\Internet Explorer\Desktop\SafeMode\General\Wallpaper" ,Win & "\Web\Safemode.htt"
Wshshell.RegWrite "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Desktop", UPD
More posts like this one:
Was this article useful?
|
Email this article to yourself or... |
|
Subscribe to the RSS feed for more useful articles and tips. |
for tips on PHP and web development