1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

desktop background keeps reverting to red screen with "biohazard" type image

Discussion in 'Windows XP' started by pcnewby, Sep 4, 2007.

Thread Status:
Not open for further replies.
  1. pcnewby

    pcnewby Thread Starter

    Aug 30, 2007
    hey guys,

    i was working on a computer the other day helping someone "clean it up" and make it run faster. i did all the normal "clean up" stuff, got her back online, pc running much faster, everyone's happy.

    except for one thing: one of her original complaints was that her desktop background had recently reverted to all RED with this image in the middle that looks something like a biohazard logo.

    i tried changing the desktop background via the control panel, and it changed momentarily and then reverted back only moments later. I ran avg anti-virus and spybot to sweep her machine of any bugs/viruses (and found quite a few). when i left the red desktop was gone.

    then i got a call a couple of days later saying it had returned, and not only that but her sister (who has the same exact system) was having the same exact problem. actually, i think i remember hearing someone ELSE talking about this too recently.

    has anyone heard of this? and then the obvious question being: how do i get rid of it?
  2. loserOlimbs


    Jun 19, 2004
    If you could get a screen shot there are few problems I can think of, the actual image would help greatly.
  3. Byteman

    Byteman Gone but Never Forgotten

    Jan 24, 2002
    Hi, Sounds like one of the variants of SmitFraud infection- there are quite a few, one of the symptoms is the hijacked desktop background like you are seeing.

    Let's have you post a log from Hijackthis and maybe we can spot anything out of place:

    go to Click here to download HJTsetup.exe
    • Scroll down a bit to see the File Repository area with a download button
    • Save HJTsetup.exe to your desktop.
    • Double click on the HJTsetup.exe icon on your desktop.
    • By default it will install to C:\Program Files\Hijack This.
    • Continue to click Next in the setup dialogue boxes until you get to the Select Additional Tasks dialogue.
    • Put a check by Create a desktop icon then click Next again.
    • Continue to follow the rest of the prompts from there.
    • At the final dialogue box click Finish and it will launch Hijack This.
    • Click on the Do a system scan and save a log file button. It will scan and then save the log and then the log will open in Notepad.
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • Paste the log in your next reply.
    • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
    If the HJT link above is not working, use this one:
    http://www.majorgeeks.com/HijackThis_d3155.html <it's the same thing.

    Also, just after you get hijackthis , do this:
    Open Hijack This and click on the Config button then on "Open the Misc Tools section" button. Click on the "Open Uninstall Manager" button. Click the "Save List" button. Copy and paste that list into your reply please.

    And, then do this and post the log as it says:

    Please download SmitfraudFix (by S!Ri)
    Double-click SmitfraudFix.exe
    Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
    Please copy/paste the content of that report into your next reply.

    **If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there.
  4. pcnewby

    pcnewby Thread Starter

    Aug 30, 2007
    Actually I am no longer at the user's location. She called me with her complaint. So I can't do a screen shot or a Hijackthis.

    About the SmitfraudFix: is that a stand alone utility that I can have her (the user) run? Is that likely to solve the problem?

    Another thing: I've caught and gotten rid of Smitfraud via Spybot in the past. There is also a daily scheduled AVG scan not catching it. Are you sure it's not something else?
  5. pcnewby

    pcnewby Thread Starter

    Aug 30, 2007
    Also, just so you know: this version of SmitfraudFix does not work within Vista.
  6. Byteman

    Byteman Gone but Never Forgotten

    Jan 24, 2002
    1. Your first post should have mentioned the computer runs Vista.

    2. SmitFraud, is just a general name for any of that type of infection...you have the classic red bacground symptom, let's call it that for now, OK?

    3. Hijackthis does work with Vista. ( SmitFraudFix does NOT. ) I posted to get a Hijackthis log first- which shows us what OS that computer has.

    4. You could have more than one infection- it's very common to see them bundled as a more severe attack, and there is no way to tell until we get the results of some scans.

    5. There are many antispyware programs and tools that do work with Vista, but you may need to run them with Admin rights.

    SUPERAntispyware can also remove SmitFraud variants and works in Vista:

    Post the Hijackthis log- ...then, post the log from SUPER A/S along with a brand new HJT log so I can compare them, OK?

    In other words, I don't need to review your first HJT log- post one, then install and run SUPER and then post it's log, then a brand new HJT log please.

    SUPERAntispywarePro Free Trial version:
    Download the Trial version of Superantispyware Pro (SAS):

    Install it and double-click the icon on your desktop to run it.
    · It will ask if you want to update the program definitions, click Yes.
    · Under Configuration and Preferences, click the Preferences button.
    · Click the Scanning Control tab.
    · Under Scanner Options make sure the following are checked:
    o Close browsers before scanning
    o Scan for tracking cookies
    o Terminate memory threats before quarantining.
    o Please leave the others unchecked.
    o Click the Close button to leave the control center screen.
    · On the main screen, under Scan for Harmful Software click Scan your computer.
    · On the left check C:\Fixed Drive.
    · On the right, under Complete Scan, choose Perform Complete Scan.
    · Click Next to start the scan. Please be patient while it scans your computer.
    · After the scan is complete a summary box will appear. Click OK.
    · Make sure everything in the white box has a check next to it, then click Next.
    · It will quarantine what it found and if it asks if you want to reboot, click Yes.
    · To retrieve the removal information for me please do the following:
    o After reboot, double-click the SUPERAntispyware icon on your desktop.
    o Click Preferences. Click the Statistics/Logs tab.
    o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    o It will open in your default text editor (such as Notepad/Wordpad).
    o Please highlight everything in the notepad, then right-click and choose copy.
    · Click close and close again to exit the program.
    · Please paste that information here for me with a new Hijack This log.
  7. pcnewby

    pcnewby Thread Starter

    Aug 30, 2007
    I never said SHE was running Vista. As I mentioned in the beginning, I am helping somene else with their computer problem.

    When you suggested the Smitfraud fix, I went ahead and tried it on my computer just so I would know what to tell her as far as how it operates. I happen to be running Vista. That's why I just included the comment as a "by the way", instead of "your suggestion will not work".

    She will be sending me a screenshot when she gets home shortly, and I will forward it to you so you can take a look at it. Hopefully you can help us out - that would bge great.

  8. Byteman

    Byteman Gone but Never Forgotten

    Jan 24, 2002
    Hi, Thanks for the explanation.

    You should not run the tools without inquiring first, as often if the infection they are designed to fix is not present, they may have some effect on your computer that you do not want... in the case of SmitFraudFix, it will remove the desktop background (wallpaper) if there is no infection, so that is one thing to prepare for. The instructions include a warning about that, sometimes the computer seems to have this infection, but the user or a helper has run some other tools that have taken out part of the infection and the desktop is removed, therefore, best to be prepared. If it's a system background, well they are easy enough to put back, if it's a downloaded one or a picture, they will have to find the same file or photo and reset it as the desktop.

    Only if SmitfraudFix Part 2 is run, and "Clean" selected, will it do anything, the first part is just a scan for the
    log that shows us if it is infected, or not, and gives the exact files, locations, etc. Part 2, cleans them out.

    Then, we like to run a general malware scan, and this is SUPERAntispyware, it is important to use SMFix first, though.

    The red background, a "security alert", a popup about "Your computer is infected, click here to blah....." a red X in lower system tray....all of these are symptoms of this infection, and there are others. This same tool takes care of only this type of infection, it's not a scan for anything else.

    The user must download a new copy, even if they did the day before yesterday....it's updated very often, so it is important they follow the steps given.

    The Hijackthis log is a text file, it can be emailed to you, and you can post it. Or, the person you are helping, can join TSG, get their own user account, and post in this thread, and carry out the steps themselves...whichever you and they prefer.

    Soon as they post the actual log, we can get started. (y)

    This forum has handled thousands of SmitFraud infections and countless others- some of the people helping here are the best there is. I can't say I'm up in that category, but I've been doing this awhile.
  9. hummingbird71


    Sep 27, 2007
    This is win.32 trojan virus it brings up a red screen and actually almost disables your computer. Let me know if you guys figure out how to get rid of it.
  10. pepsiperson666


    Oct 22, 2007
    i just got this problem a little while ago, but i got rid of it. first i checked all the programs and removed a lot.( there is one that say it is a plugin or codec and the icon looks like a film real. i think this is it.)after i removed about 10 unused programs i restored a previous registry. then i
    ran system restore and restored my comp. to about a week ago.after all this i restarted and everything is fine.

    PS- I did all of this in safe mode.:D (y) :D
  11. Byteman

    Byteman Gone but Never Forgotten

    Jan 24, 2002
    Anyone having this sort of problem, with a fake security alert popup, or box, red x in the system tray, etc....is advised to post a Hijackthis log in our Malware Removal forum for help.

    The infection can also use a popup window, various colors and themes> that prompts you to "Click here to scan at (xyz site)" please do not go there! This is a fake scam installer, and it will ask you for $30 or so, to get rid of the problems it "finds"....don't pay, or download, anything. Close the window, usually CTRL+ALT+DEL will bring it up in Task Manager> End it now.

    Don't download the free Video Access Active X thing, either, it is the installer for one type of this infection.

    It goes by quite a few names like these:


    That's an old list, it's a lot longer these days!
  12. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Similar Threads - desktop background keeps
  1. emptyxremedy
  2. SilverSurf
  3. dano_61
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/619773

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice