Trojan.Desktophijack.B

Introduction

The Trojan.DesktopHijack.B infection also known as smitfraud (W32.Desktophijack) or CWS.Cassandra, is a Trojan that will modify your desktop settings in order to replace your desktop wallpaper and features with various bad things. This malicious bug may also update itself over the internet.

Technical Information

"Trojan" horse programs are named after the Greek legend. This kind of program looks like a gift but actually carries the ability of someone coming in to your computer over the internet and taking complete control. This may allow them to use your computer to do anything; attack other computers, send spam email, be a relay point for pirate programs or pornography, or even allow someone to view you using your webcam. This Trojan will infect systems with Windows versions from Win95 to WinXP. The associated files will include a randomly named EXE file and DLL files possibly called oleadm.dll, oleadm32.dll ... with various support files such as wp.bmp (new wallpaper image).

The Trojan adds the values:

"NoDispBackgroundPage" = "1""NoDispAppearancePage" = "1"

to the subkey:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System

and...

"Background" = "0 0 0""WallpaperStyle" = "0"

to the subkey:

HKEY_CURRENT_USER\Control Panel\Colors

in order to modify the desktop wallpaper... and typically with some virus alert or warning. There other registry entries that must be corrected. If you are having trouble getting rid of this, please contact a technician at support.com. There are many variations of this and is also related to CoolWebSearch. The new wallpaper displays a smitfraud warning banner as well... obvious evidence that something is infecting your system.

Detection

Most anti-virus and anti-spyware programs will detect DesktopHijack, but may not be able to get rid of it.

Method of Infection

Infection occurs usually with the consent of the victim when visiting a website and giving permission to download and open. It can also be transmitted via email attachment or chat messenger.

Summary

If your Antivirus or spyware tools are not able to get rid of DesktopHijack, then call us at support.com and an expert will remove it for you. If you have a banner across your screen saying anything about "smitfraud"... you most likely are infected with it.