yesterday i had this ugly problem... dunno how to start... i was at my computer like always and was downloading an ActiveX Control required for a site(dunno if it has anything to do with it) and suddenly it appeard a window - data execution prevention has closed services & data app for preventing(...) - then it appeard another window like - this system is shutting down in 60secs C:/windows/system32/services.exe terminated unexpectedly(...)- :(
i turned DEP off so that my system won't shutdown anymore but still my desktop appears green so i can't put any wallpapers and i cannot change the home page of IE it appears 'c:/secure.html' even if i put another. if i start winamp it apers an alert message corrupted file... but it still works...
i'm sure that there are more problems but until now i haven't tryed to do much things...
one thing i'm sure - it's not a virus - i scanned the whole system with no results
do you have any solutions besides reinstalling windows and formating c: partition - cause i don't wanna lose so much data
§cry §cry

do you have multiple partitions?
yep.. i have 3 partitions but i dunno why this matters


EDIT: i'm now sure that this is a trojan - have a lot of reasons - but i can't get it out §cry ... i tried ad-aware and spybot search&destroy with no results... and i can't see it even if i know where it is and i've checked the show hidden files option... i did everything possible... WTF could i do more :confused:

Another solution would be a windows repair. Just us a bootable cd and when it will find the already installed win the, you have to chose repair. It will reinstall most of it's components but the programs will remain. If you don't have any viruses then i guess that the activex controller wich you activated cause some conflicts(don't know for sure). Anyway, SP2 blocks all automated activex controllers(these are actually programms installing from the web) so you might want to update if you don't have SP2. :)

§xlol my antivirus(ZoneAlarm) detected the virus NOW after 24h... but it sais that it can't be repaired :(

@rockfest: thx for the help... i'll try that that windows repair later and i'll edit this post to tell u the result

EDIT: it doesn't work... nothing works... §gnah i already resigned - i'll reinstall windows in the next days

§xlol my antivirus(ZoneAlarm) detected the virus NOW after 24h... but it sais that it can't be repaired :(

@rockfest: thx for the help... i'll try that that windows repair later and i'll edit this post to tell u the result

EDIT: it doesn't work... nothing works... §gnah i already resigned - i'll reinstall windows in the next days
What exactly is the name of the trojaner???
Or what search-result give the zonealarm???
If you cannot copy&paste the text (the name of the trojaner), please make a screenshot.

And in the meantime, don´t do much with your PC, i mean, only what is necessary (make a screenshot, post it, maybe burn some data (to back it up).

i can't show you a screenshot cause i already deleted that file... anyway the name of the file that was no real name - only some numbers & stuff...
anyway deleteing it had no effect so this may not be what i was searching for
i can only say that spybot and ad-aware found some uglynames like trojan sheriff and trojandownloader but deleteing them also had no effect... there was also a corrupted program named azeSearch that appeard as a toolbar at all the internet browsers and tried to download a virus but zonealarm blocked it

today i spent 5 hours using antiviruses and spy cleaners and system checks - so i'm going to reinstall windows tomorrow
THX to all for the support

i can only say that i took it from a site - don't enter it unless you trust your antivirus


Don't you know that the site has a trojan waiting for visitors on the main page? :) You should never enter it with IE and without a good antivirus. Anyway, just take the name of the trojan and search for a cleaner specially made for it. That would probably kill only the "original" body and clean the mess he made.

PS : As Winyett Grayanus said you should delete the link. We figured out what's the problem ;) .

It's probably Trj/Downloader.JH, a - as the name says - download-trojan. And yes, you should watch out for that stuff on this side.
Maybe it's better to delete the link?

@trojan: Wanna play with it?

Stinger (http://vil.nai.com/vil/stinger/)
Ad-Aware (http://www.lavasoftusa.com/software/adaware/)
Antivir (http://www.freeav.de/)
XPClean (http://www.xpclean.de)
Avast 4 home (http://www.avast.com/)
Spybot (http://www.safer-networking.org/de/index.html)
Housecall (online scanner) (http://de.trendmicro-europe.com/enterprise/products/housecall_launch.php)

You should never enter it with IE and without a good antivirus. Anyway, just take the name of the trojan and search for a cleaner specially made for it. That would probably kill only the "original" body and clean the mess he made.
i dunno if i enterd with IE... i usually use mozilla firefox
the problem is i can't find the name of the trojan.. nothing detects it now - i deleted everithing the spy cleaners found and now they don't see any problem

@Winyett Grayanus: i already used Ad-Aware, Spybot, Avast 4 home, Housecall with no effect - i'll try the others but i doubt they will help

anyway deleteing it had no effect
That´s why trojaner kinda harder than just a simple virus! ;)

azeSearch
That´s a torjaner-toolbar.
- If you not have, install SP2.

(i have the german windows, so some words underneath could be not correct like it is in the english windows, but i think you will find it):

- Start -> Systemcontroll -> Display -> Desktop -> Adjust Desktop -> web:
There you should have something like "secure", delete it! (The only entry which should left over is "actuall webpage" (not activated)

Then search your system (c: ) for "desktop.htm" and "guard.htm", delete them!
(In the folder you must be able to see system-files:
Open explorer (not internet explorer) -> extra (specials) -> folderoptions -> view -> systemfiles invisible (make the hook away) and "show all files and folders).
Of course a restart after that.

But that´s only for the azesearch, if you got more trojaners than this, a name would be helpful ;) ,... otherwise a format brings back a clean PC! :)

the problem is i can't find the name of the trojan.. nothing detects it now - i deleted everithing the spy cleaners found and now they don't see any problem

Well how hard can it be to make a new scan and see?

Anyway, another way doing this to save any non-*.exe file(wich you need) you have on C: (or where is your windows installed) .
After that make a search on My Computer for *.exe files.
After the search is done select all files and delete them. ALL of them.
Then restart from the button and start the windows installer from a bootable CD, format C: (or where you have your windows installed) and install win as you would do it normally. ;)

This is a brute-clean, you will loose all of your .exe files(games,programs).
But the easiest way is to make an update at the antivirus and i'm sure that it will clean it.

PS : That link with the illegal site should be deleted.

@wernerTWC: i only found start_desktop.htm and HomePage_desktop.htm and i don't think these have anything to do with the trojan
at customize desktop there's nothing except "actuall webpage" but you're right here cause the background apears as "adw" - not the pic i put as background
@rockfest: i think u don't understand - i did a new scan and it doesn't find anything and my antiv is updated, as for the link you're right i'll delete it

@wernerTWC: i only found start_desktop.htm and HomePage_desktop.htm and i don't think these have anything to do with the trojan
I see it in this way, if you don´t beat that trojan, you´ll have to reinstall windows, so why don´t try to delete these files?
They are only *.htm files, nothing important, give it a try!

i deleted them and i also deleted that "adw.htm" i was talking about - nothing happened

i deleted them and i also deleted that "adw.htm" i was talking about - nothing happened
Ok, i think you have a couple of trojans, i have once saw something like that at a PC of a friend, i tried to kill a trojan there, but when i killed one, 2 others showing up,... -> result: Format all harddisks (all!!!).

So this is the only left i can recommend: format all harddisks and give it a clean install.... sorry for not beeing a better help than that.

2 hints for the future:

- If you got an trojaner again, make a screenshot and/or note the name, error-messages,... all what could contain infos.

- Never ever visit such a webside again!

Ussualy a trojan infects only .exe files. I have never seen one wich could attack other stuff. I don't know, do what you think, delete all the PC or save some information first. This depends on how important is the data on the pc.

Uhmm, thegame_, is your machine part of a network ? The window with "this system is shutting down in 60secs " is frequently caused by worms, and worms are the cause of a deorganized network.You can stop the automatic shutdown by the comand "shutdown -a" typed in Run.You cand wait until 1 sec remaining, to feel like Rambo :D I thought to tell you this, might help you somehow :)

Uhmm, thegame_, is your machine part of a network ? The window with "this system is shutting down in 60secs " is frequently caused by worms, and worms are the cause of a deorganized network.You can stop the automatic shutdown by the comand "shutdown -a" typed in Run.You cand wait until 1 sec remaining, to feel like Rambo :D I thought to tell you this, might help you somehow :)
i solved that problem first... it was caused by Windows Data Execution Prevention and i only had to shut down DEP

Well i'm going to format all the hdd but i'm not in a hurry... after that i only need to get a better antivirus (safety first ;) )
i'm really not that angry about this - shit happens - i'll burn some cds with what i need and i don't think i'll lose to much things

thx to all for the help

i got rid of the trojan... in fact it was a 2 in 1
Trojan.StartPlace.EF and Trojan.Clicker.C
the only antivirus that was able to disinfectate them was BitDefender 8 Professional Plus