Please help get rid of smitfraud remnants

[Mosaic1]

Are you able to delete the custom.theme file?


There may be more to it than just ownership. Please give me any and all error messages you get when you try to delete custom.theme

I have a FAT32 file system and can't test, but there could be special permissions set on custom theme.


Let's do something we were going to do and haven't yet.

Run filemon
Set the filter to
rundll32.exe

Open display properties. Try to change your desktop wallpaper.

Just let it go as usual.

Then save the log and look for access denied messages.

Or email it to me and I'll have a look.

[Mosaic1]

Once I see those Access denied messages we can check the files and/or folders involved using a tool you already have called cacls.

[Millslord]

This access denied message did not reappear.

Thx

Mills

[Mosaic1]

Can you please run Filemon according to my last directions and send me the log?

[Millslord]

Dear Mosaic,

No error messages when deleting custom theme.

I've emailed you two files. The first depicts the system in the state it was after I ran smitfraud.fix - if you remember it corrected the problem when run under WinXP normal mode - and the second file is after I rebooted - with the problem reoccuring.

[Mosaic1]

Let's see if regmon gives us anything.

Make sure your dsplay properties doesn't work.


Then set the Regmons filter to rundll32.exe

Open display properties and try to change the wallpaper.

Send me the regmon report please.

You never told me if you are able to change your screensaver or anything else . Is this more than just the wallpaper? This information is important.


When you ran Filemon, did you do it exactly the same as when the error was generated? Did you use the Scroll on the mouse? If not, can you do it that way please.


Also, use serch and search for *.theme

Let me know what you find.

[Mosaic1]

When you double click on Custom.theme, does it open in Display Properties?

[Mosaic1]

This has been a long topic. Please be careful to do everything and post all results here.

I'd like to see some registry keys too.

Download and save the zip. Extract the batch it contains (exportit.bat) and then double click on it. When it has finished and the command window closes, there will be a file named themes.txt.

Please upload themes.txt in you next reply here.

[Millslord]

Hi again,

I am able to change screensaver.

I am unable to change wallpaper or theme.

I will do the tests later on and let you know asap.

thx

[Millslord]

Yes, display properties pops up when I double-click on custom.theme.

I've e-mailed you the results of the tests.