Broken Windows

[Robbo9]

I inadvertently "fixed" the detected Microsoft Active Desktop with Spybot and it froze during the process. After trying to reboot my computer windows will not boot anymore either mormally, with last good config or in safe mode. Perhaps there is a way to repair this problem without reinstalling windows and losing my data on the drive. Any help is appreciated. Thanks in advance.

[Robbo9]

Bump...

So no ideas on this problem here? I guess I`ll just begin the laborious task of trying to extract all the data then wiping the hard drive.

[md usa spybot fan]

Robbo9

Windows XP?

Instead of Last Known Good Configuration try using System Restore and restoring back to a known good restore point.

I had two occasions were Last Known Good Configuration did not work yet I was able to use System Restore, restoring to the last recorded restore point and the system successfully recovered.

[Robbo9]

Yes it`s XP. But when I got this system I had disabled system restore for reasons I forgot. Anyhow the system won`t boot up at all so I don`t think that would help anyhow. I`ll think I`ll be going with extracting what I need off the drive by putting it in another system and then reformating the drive and going from there. I`ll lose a bunch of stuff but if that`s what needs to be done so be it.

Funny it happened while I was configuring another system to install a distribution of linux. Hence my oversight in trying to fix the active desktop item to begin with. Maybe I`ll finally be able to wean my self from MS products and eliminate all these windows based headaches in the future.

[Robbo9]

Just out of curiosity why does spybot detect activedesktop as a threat and when fixed what does it delete or quarantine? Perhaps a solution is in the answer. Of course answers usually just open up more questions.

I`m about to do my drive swap now just for fyi.

Thanks.

[Robbo9]

Followup.

Whatever happened my drive appears to be unusable. In another computer chkdsk was trying to do it`s thing and also came to a point where it froze. It was finding missing file after missing file. Replacing o fixing files etc and just came to a point where it stopped. In trying to look at the drive and get files it appeared it was just wiped clean. Though chkdsk was seeing files that existed on there. No info such as drive size etc appeared in the side window. The only thing it appears I`m able to do is format it. Like it has nothing on it. I am not sure it was spybot that caused this to happen now but whatever happened it did it while removing activedesktop.

Now I am a big fan of spybot and feel the same as all the passion I saw in the thread here concerning symantec. But if there is a risk in taking action on the activedesktop warning I could not find it in searching the forums. But I certainly think it should be addressed to prevent any problems in the future.

[md usa spybot fan]

Robbo9:

There are seven (7) detections that I am aware for Microsoft.Windows.ActiveDesktop. The checks are done in the following registry key:

Code:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop]

Spybot looks for the following entries:

• "NoChangingWallpaper"=dword:00000000
• "NoAddingComponents"=dword:00000000
• "NoDeletingComponents"=dword:00000000
• "NoEditingComponents"=dword:00000000
• "NoCloseDragDropBands"=dword:00000000
• "NoMovingBands"=dword:00000000
• "NoHTMLWallPaper"=dword:00000001

If it finds a corresponding entry and the dword is not equal to the above value it lists it a possible problem. If you fix the problem, the dword is change to the value indicated above.

There is a brief explanation of what these settings indicate in the following:

• Active Desktop Restrictions
  http://www.winguides.com/registry/display.php/443/

Note: The above article also lists the following entry that does not appear to checked by Spybot:

• "NoComponents"=dword:0000000?

*********************

I at a loss to try to explain what may have happen during the fixing of this type of problem. My Windows XP Home system does not normally have these particular registry entries because they are group policy entries usually only found on systems with Windows 2000, 2003 and XP Pro. I added them to my system so that they would be detected by Spybot-S&D.

Code:

[HKEY_USERS\S-1-5-21-1957994488-790525478-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop]
@=""
"NoChangingWallpaper"=dword:00000001
"NoComponents"=dword:00000001
"NoAddingComponents"=dword:00000001
"NoDeletingComponents"=dword:00000001
"NoEditingComponents"=dword:00000001
"NoCloseDragDropBands"=dword:00000001
"NoMovingBands"=dword:00000001
"NoHTMLWallPaper"=dword:00000000

I then ran a scan and fixed the problems:

Code:

 --- Report generated: 2007-01-16 12:19 ---

Microsoft.Windows.ActiveDesktop: User settings (Registry change, fixed)
  HKEY_USERS\S-1-5-21-1957994488-790525478-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoAddingComponents!=W=0

Microsoft.Windows.ActiveDesktop: User settings (Registry change, fixed)
  HKEY_USERS\S-1-5-21-1957994488-790525478-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoDeletingComponents!=W=0

Microsoft.Windows.ActiveDesktop: User settings (Registry change, fixed)
  HKEY_USERS\S-1-5-21-1957994488-790525478-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoEditingComponents!=W=0

Microsoft.Windows.ActiveDesktop: User settings (Registry change, fixed)
  HKEY_USERS\S-1-5-21-1957994488-790525478-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoHTMLWallPaper!=W=1

Microsoft.Windows.ActiveDesktop: User settings (Registry change, fixed)
  HKEY_USERS\S-1-5-21-1957994488-790525478-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper!=W=0

Microsoft.Windows.ActiveDesktop: User settings (Registry change, fixed)
  HKEY_USERS\S-1-5-21-1957994488-790525478-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoCloseDragDropBands!=W=0

Microsoft.Windows.ActiveDesktop: User settings (Registry change, fixed)
  HKEY_USERS\S-1-5-21-1957994488-790525478-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoMovingBands!=W=0


--- Spybot - Search & Destroy version: 1.4  (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2006-05-01 TeaTime SyreneD Patch.exe (1.4.0.2)
2007-01-05 TeaTimer 1.5.exe (1.5.0.2)
2006-10-24 TeaTimer Beta I.exe (1.5.0.0)
2005-05-31 TeaTimer ResourceHacker.exe (1.4.0.2)
2005-05-31 TeaTimer.exe (1.4.0.2)
2006-01-16 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2006-10-13 advcheck-2007-01-05.dll (1.0.2.0)
2007-01-15 advcheck-2007-01-15.dll (1.2.1.0)
2006-02-06 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2007-01-02 Tools.dll (2.0.1.0)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2007-01-12 Includes\Beta.sbi
2005-02-16 Includes\Beta.uti
2007-01-12 Includes\Cookies.sbi
2006-12-08 Includes\Dialer.sbi
2007-01-12 Includes\DialerC.sbi
2006-11-24 Includes\Hijackers.sbi
2007-01-12 Includes\HijackersC.sbi
2006-10-27 Includes\Keyloggers.sbi
2007-01-12 Includes\KeyloggersC.sbi
2007-01-12 Includes\Malware.sbi
2007-01-12 Includes\MalwareC.sbi
2006-10-20 Includes\PUPS.sbi
2007-01-12 Includes\PUPSC.sbi
2007-01-12 Includes\Revision.sbi
2006-12-08 Includes\Security.sbi (*)
2007-01-12 Includes\SecurityC.sbi (*)
2006-10-13 Includes\Spybots.sbi
2007-01-12 Includes\SpybotsC.sbi
2005-02-17 Includes\Tracks.uti
2006-12-08 Includes\Trojans.sbi
2007-01-12 Includes\TrojansC.sbi

The registry entries after the fixing:

Code:

[HKEY_USERS\S-1-5-21-1957994488-790525478-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop]
@=""
"NoChangingWallpaper"=dword:00000000
"NoComponents"=dword:00000001
"NoAddingComponents"=dword:00000000
"NoDeletingComponents"=dword:00000000
"NoEditingComponents"=dword:00000000
"NoCloseDragDropBands"=dword:00000000
"NoMovingBands"=dword:00000000
"NoHTMLWallPaper"=dword:00000001