# Can't Change Desktop Wallpaper



## Wolfe

Hello, I'm using Windows Xp SP1 and I got the Trojan-Spy.HTML.Smitfraud.c virus.  I think that I got it removed from my computer and I no longer have the blue error screen as my desktop wallpaper, but I can't set anything as my wallpaper,  it just stays black.  If I go to the Display Properties window, the only two options that I have are Screen Saver and Settings.  There is no Desktop (Background), Apperance, or any other tabs.  Can someone please help me.

Thanks,

Tim


----------



## Lax

Did you run a TrendMicro scan to be sure you got rid of everything? www.trendmicro.com search for House Call and let it do it's thing, see if it gets anything. If there is nothing then the vorus may have messed with some settings. It most likely has the same properties as http://securityresponse.symantec.com/avcenter/venc/data/joke.smitfraudoid.html so if you know your way around a registry you should be able to fix all that if Norton or whatever you used didn't do it.


----------



## mgoldb2

Ok let see if I can remember how to do this 

first go to control panel
secound display
then to desktop tab
then hit customize desktop
then hit the web tab
delete anything in this web tab.

I think this will fix it.  I doing this from memory so I might be slightly off.


----------



## Wolfe

Thanks, I ran house call but it did nothing.  I followed the symantec instructions for editing my registry and I think I messed up.  I did the following steps and I thought that I was suppose to delete the entire thing, but now I think I was only suppose to delete the numerical value "1" in each of the situations.  I now have all of the tabs in my display properties, but I cannot change my desktop still.  All of the windows default wallpapes are frozen as is the browes button.  I tried setting a picture as the wallpaper by right clicking on it but there is still nothing.  Any more help?

Navigate to the subkey:

HKEY_CURRENT_USER\Software\Micorsoft\Windows\CurrentVersion\Policies\Explorer


In the right page, delete the value:

"NoActiveDesktopChanges" = "1"


Navigate to the subkey:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System


In the right pane, delete the values, if they are not required:

"NoDispBackgroundPage" = "1"
"NoDispAppearancePage" = "1"


----------



## Wolfe

mgoldb2 said:
			
		

> Ok let see if I can remember how to do this
> 
> first go to control panel
> secound display
> then to desktop tab
> then hit customize desktop
> then hit the web tab
> delete anything in this web tab.
> 
> I think this will fix it.  I doing this from memory so I might be slightly off.



There is only 

My Current Homepage

in the web tab and it wont allow me to delete it


----------



## kingyoun

have you use regedit.exe
maybe the virus have write a dword value in your regedit.
you can change HKEY_CURRENT_USER\Software\Microsoft\Currentversion\policies
find the nochangewallpaper string then delete it.


----------



## Rebel PC Guru

Wolfe said:
			
		

> Hello, I'm using Windows Xp SP1 and I got the Trojan-Spy.HTML.Smitfraud.c virus.  I think that I got it removed from my computer and I no longer have the blue error screen as my desktop wallpaper, but I can't set anything as my wallpaper,  it just stays black.  If I go to the Display Properties window, the only two options that I have are Screen Saver and Settings.  There is no Desktop (Background), Apperance, or any other tabs.  Can someone please help me.
> 
> Thanks,
> 
> Tim



Security warning    A fatal error in IE has occured at 0028:C0011E36 in VXD VMM(01) + 00010E36. Error was caused by Trojan-Spy.HTML.Smitfraud.c.

is this the error?


----------



## Rebel PC Guru

Rebel PC Guru said:
			
		

> Security warning    A fatal error in IE has occured at 0028:C0011E36 in VXD VMM(01) + 00010E36. Error was caused by Trojan-Spy.HTML.Smitfraud.c.
> 
> is this the error?


if so try thisHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run


In the right pane, delete the value:

"WindowsFY" = "[program name]"


Navigate to and delete the subkey:

HKEY_CLASSES_ROOT\CLSID\{145E6FB1-1256-44ed-A336-8BBA43373BE6}


Navigate to the subkey:

HKEY_CURRENT_USER\Software\Micorsoft\Windows\CurrentVersion\Policies\Explorer


In the right page, delete the value:

"NoActiveDesktopChanges" = "1"


Navigate to the subkey:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System


In the right pane, delete the values, if they are not required:

"NoDispBackgroundPage" = "1"
"NoDispAppearancePage" = "1"


----------



## Praetor

> was only suppose to delete the numerical value "1" in each of the situations


Change it to 0


----------



## Byteman

Some of the others have already mentioned some of these keys, however, you will want to look at them all and see which ones apply to your hijack.  I've see at least a couple different desktop hijacks in the past few weeks.

Navigate to the following key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop
Look for a DWORD value called "NoChangingWallPaper"
When located right click and delete it!

In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
you should NOT have the following VALUES, RIGHTCLICK AND DELETE THEM...

NoActiveDesktop
ForceActiveDesktopOn

And for the following ActiveDesktop KEY:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop
There should only be the (default) string here, right click and delete all of these entries. Remove everything but the (default) string. not the following:

NoComponents
NoAddingComponents
NoDeletingComponents
NoEditingComponents
NoHTMLWallpaper


If you still have problems, after this, we will have to start you from the beginning of this hijack removal.


----------



## Wolfe

Ok, but my problem is that I deleted some of the keys instead of changing the values to 0.  How do I get the keys back?


----------



## Lax

uh........for that you're gonna have to talk to prae. I know there's a way to restore the reg from a point (if you have system restore on). If it IS on you can restore it to a day before you messed with the reg. And next time you mess with the reg remeber to back it up first. Pretty sure it's in File-->Export-->all and just name it bak or seomthing. As for the restoring, I haven't a clue, prae will have to enlighten me on that one.


----------



## stratford

Why Not Boot Up Xp Disk And Repair Corrupt Files.
Or For The Sake Of A Hour Complete Format And Reload Windows.


----------

