Originally Posted by
rherrera
Sounds like you have what I just got yesterday. It is the virus that comes from the newgenlook site, belongs to some web ad company I guess. I am using Windows 2000. The following procedure should help.
1) First you need to press CTRL-ALT-DEL and bring the Task Manager. Go to Processes and look for a file running named BSE.exe or BE.exe. Kill it by selecting it and clicking on End Task. Then delete that file from your root directory along with the .gif file that is being used as your wallpaper. Delete them both.
2) Use My Computer and go to the C: drive. Go to \winnt\Downloaded Program Files. Right click and Remove any of these ActiveX snippets that you are not able to recognize. There were some that I did not remember installing and I deleted them.
3) Restart the computer. You have to boot up your computer in Safe mode with command prompt. In win 2000 you can press F8 will 2000 is loading to bring up the boot menu. It should be option 3. After loading up, you will then type C: to go to the hard drive and then CD C:\winnt\system32 to go to that directory. Then delete all the .ico files and the param32.dll. The param32.dll is what gives you the X in the red circle on your taskbar. It is also responsible for creating the icons on your desktop and opening the newgenlook website on a browser window every few minutes.
4) Restart your computer and delete the icons from your desktop.
4) Afterwards make sure that under Internet Options you place the newgenlook.com and antispy.newgenlook.com website on the restricted sites list so you are not rerouted there without your consent in the future. In fact, you should restrict any site that contains newgenlook just in case.
I was using the Microsoft AntiSpyware Beta at the time and it did not protect me. I used it to scan the computer afterwards and it could not find it. Neither did AdAware SE.
This newgenlook trojan I believe is called Troj/Warspy-G. Sophos antivirus does recognize it.
My first instinct was to go to Display Properties to change the wallpaper but seems like this trojan changes the look of Display Properties and the wallpaper option is gone. The solution I have read on this thread does fix it. I have read that there are other registry keys that this trojan creates or affects but after going through the process that I just told you, the computer seemed to be back to normal. I have rebooted 3 times since then and the trojan is still not coming back.
Bookmarks