XP32 : Active Desktop remains after a virus

FatRakoon · 11 Dec 2009 at 21:17

Im trying to repair a PC thats had a fairly nasty few infections on it.

I think I have killed off the virus now, or shall I say all 67 of them in over 300 files and I have also got rid of a whopping 13000 infections of spyware!!!

( Had to do most of the repairs with the drive in a different PC because it would not work even though the PC totally hung, the one program that did work was the so-called antivirus!!! LOL )

Anyway, whats now happened is the Active Desktop stays there and I just cannot get rid of it?
I cannot even change the desktop picture, it lists them as you expect, but they are greyed out and I cannot do anythign with that section of the properties ( But all other tabs work fully )

Any clues?

SiriusB · 11 Dec 2009 at 21:20

I would have nuked the OS and done a fresh install if I had found less than half the crap you found.

After all the cleaning and quarantining and lord knows what else, I am not surprised if stuff is borked. Just do a fresh install and get a new AV!

FatRakoon · 11 Dec 2009 at 21:30

I totally agree 100% apart from the A/V

Its using MS Security essentials... I thought that was supposed to be a good one?

Also I have pretty much cleared it up now and I really think that its now clean ( HA! ) so an F&R is not somehting I want to do right now, I would need to find drivers and reinstall loads of junk etc... If I can cure Active Desktop I think that will be it.

an F&R is something that might need to happen of course, but...

SiriusB · 11 Dec 2009 at 21:33

I really don't know what the issue is, maybe you can try a repair install? It replaces all the Windows system files with the originals off the Windows Install disc. You lose certain customizations etc, but should be quicker than a standard reinstall - plus you shouldn't need to do drivers/software either.

If I had seen that PC in that state I'd have just gone "AHAHA! HAAAA *nukes*" :cool:

Was it MSE on the computer when it got loaded with rubbish.. or was that since?

FatRakoon · 11 Dec 2009 at 22:52

No, I put it on there myself a few months back.

They had somehow also managed to get one of those fake antiviruses on there... Called Antivirus personal

I have done a partial cure on teh active desktop... I simply made a new user and copied everythign over... They now have the blue desktop but I cannot still put a picture on there... Myself I dotn use a piccy anyway, but I know these will.

Repair install... This is the weird thing because my XP Home disks seem to have lsot the ability to do this completely?

Apart from that, I really do thing that its fully fixed.

FatRakoon · 12 Dec 2009 at 00:23

Ok, I think ( add salt here ) that I know the cure ?

DESKPAN.DLL is missing

Can anyone EMail me a copy of this file, or tell me where I can find it.

I have found a link that says I can extract it from the CD but it does not work.

So, I think that one from a working XP32 ( Home SP3 ) setup might be worth a check...

I dont have any 32Bit O/S running anymore and I really dont want to have to reinstall it just to grab one file unless I have to!

Thanks.

SiriusB · 12 Dec 2009 at 00:56

No XP machines or XP discs handy

Sin_Chase · 12 Dec 2009 at 01:23

Start > Run > Gpedit.msc

Expand - User Config. > Admin. Templates > Desktop

Check the settings and change if needed.

Also check in the registry under:

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

There might be a key already there called ClassicShell. It should be set to 1 for Disabling Active Desktop.

FatRakoon · 12 Dec 2009 at 01:32

SiriusB said:
No XP machines or XP discs handy

Actually, I have been looking in teh LAN Room.

Yes, I have found an XP Home PC. No such file exists on the thing?
I took the HD out and scanned the drive on another machine and it still cannot be found.

I stuffed in a CD and waited for R for recovery to come up... Never did.

I restarted the PC and tapped R all teh way through but again, no recovery options.

So, stuff the lot of em, I moved the documents onto an external drive and Im formatting it right now!

Sin_Chase said:
Start > Run > Gpedit.msc

Expand - User Config. > Admin. Templates > Desktop

Check the settings and change if needed.

Also check in the registry under:

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

There might be a key already there called ClassicShell. It should be set to 1 for Disabling Active Desktop.

Already done this... Or somehtign that looks to be it.

Never helped.

theheyes · 12 Dec 2009 at 10:01

FatRakoon said:
Its using MS Security essentials... I thought that was supposed to be a good one?

You could have the best antivirus in the world but as long as people have admin rights on their computer and insist on installing crapware then there is not a lot you can do.

FatRakoon · 12 Dec 2009 at 12:47

Tell me about it.

I keep telling people that D:\Movies-TEMP\Gameryou give permission for a program to be installed and the AntiVirus then assumes that these programs are normal and by the time the AntiVirus realises, its too late.

I mean, in this particular case, the whole PC trundled to a complete halt and yet, the one program that did work just fine, was amazingly, the fake AntiVirus! - and they were not suspicious???

Anyway, I gave up on it. Doen a fresh install, and I know thats the best thing all the time, but they are family and I was so, so, so close to curing it fully and the only issue was the inability to change the desktop background!

I got rid of the active desktop issue, or rather I got around it by simply making a new user, and copying the junk over... This gave me the classic blue background, but I know that they would only moan after a while, so...

Meatball · 12 Dec 2009 at 14:58

SiriusB said:
I would have nuked the OS and done a fresh install if I had found less than half the crap you found.

After all the cleaning and quarantining and lord knows what else, I am not surprised if stuff is borked. Just do a fresh install and get a new AV!

I would have done this personally. I wouldn't be surprised if problems still cropped up due to the installation being so heavily infected. How these problems will manifest is unknown, failed windows update etc.

If you reinstall you have a clean slate ready to update, install programs and customize

.

FatRakoon · 12 Dec 2009 at 19:52

Please dont get me wrong here...

I look at things this way...

I have a peek and I have a go at clearing it up. A lot of the time I can do it. more often than not its obvious, but its simply not worth the effort, but sometimes its a bit of fun doing it... Sometimes you find new and wonderful way that these things find to infect your PC and sometimes its great to fix them.

I felt so sure that this time, I have managed to kill all those infections totally by hand and I really wanted to just get that final hurdle done, but alas I failed.

So, please dont get me wrong.

--

Oh, and of course a fresh install can also come with its own issues... Right now, I cannot find the LAN or Audio drivers for it, nor can Windows or MS Updates and neither can unknown devices.
I did find them in teh past, so I eill find them again, but that involves some obscure Czech site again I recon.