I cannot change desktop background

Discussion in 'Windows & Other OS Discussion & Support' started by Johnny Chimpo, May 25, 2005.

  1. Johnny Chimpo

    Johnny Chimpo New Member

    Recently my laptop became infected with Aurora / Nail.exe. During this infection it would download and install a wide variety of adware/spyware and various dialers and apps. Also during infection my background changed to a red box in the center stating that Windows had dedected spyware and I should clean my pc. I'm not sure exactly what it said, but i was something like that. I finally got rid of the infection using Kaspersky personal AV Demo. I have since run Adaware, Spybot S&D and Microsoft anti spyware to clean up any remains. Also I ran CleanUP!

    Problem is, now I cannot change my background. It is stuck solid blue, no red box. When I try to change it through display properties>desktop the buttons are all grayed out. If I select an image on line and set as background it still does nothing. Now when I first log in, before the the icons appear I can see my background. As soon as the icons appear my background changes to blue.

    I have tried searching various forums but have not found any tips that help.
    Can anyone help me get my backgrounds back?

    Also, now when windows first loads, after logging in I get a message... svhost file is not found. I dont know if that is related to my background problem.

    Compaq Presario 700 (900 MHZ AMD, 256 MB RAM)
    WinXP Home SP2 I am current with all updates.
  2. PangingJr

    PangingJr Member

    [​IMG]

    a few questions first...
    you said "the buttons are all grayed out",
    now, in this pic what button that grayed out? does the Browse.. is also grayed out?
    if not, then try to use it to browse for a new B/G image, and then use Save As under the Themes tab to create/save a new xxxx.theme file and see.

    also, click on the tab "Themes"... what is the name of theme that you are now using?
    now, if the Theme name is for example "Luna", search your local drives for a file called "Luna.theme",
    normally, this file will be in :\WINDOWS\Resources\... or :\WINDOWS\Resources\Themes or in your Documents folder if you used Save As to save the theme file and have not moved it to any where yet.
    once you find the Luna.theme file open it with your text editor and copy the contain info of the file and post here. later.

    also, open up Registry Editor and go to these two following registry keys...
    "HKLM\SOFTWARE\M icrosoft\Windows\CurrentVersion\policies\ActiveDesktop"
    and
    "HKCU\Software\Mi crosoft\Windows\CurrentVersion \Policies\ActiveDesktop"
    and see if the registry value name "NoChangingWallpaper" is there.
    if so, make sure that the dword value is set to 0 (zero).
    or, backup and delete this registry value from your registry and reboot your PC. some viruses may create this registry value or change the value data to 1.
    Last edited: May 25, 2005
  3. Johnny Chimpo

    Johnny Chimpo New Member

    [​IMG]
    That is my display properties, I cannot even scroll the backgrounds. I can change the color but it will not stick.

    as far themes go, I cannot change it from "modified theme".
    It does not list Luna. But I found Luna in C:Windows>Resources>Themes

    Below is Luna opened with notepad

    ; Copyright © Microsoft Corp. 1995-2001
    [Theme]
    DisplayName=@themeui.dll,-2017
    ; My Computer
    [CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\DefaultIcon]
    DefaultValue=%WinDir%explorer.exe,0
    ; My Documents
    [CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\DefaultIcon]
    DefaultValue=%WinDir%SYSTEM32\mydocs.dll,0
    ; My Network Places
    [CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\DefaultIcon]
    DefaultValue=%WinDir%SYSTEM32\shell32.dll,17
    ; Recycle Bin
    [CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon]
    full=%WinDir%SYSTEM32\shell32.dll,32
    empty=%WinDir%SYSTEM32\shell32.dll,31


    [Control Panel\Cursors]
    Arrow=
    Help=
    AppStarting=
    Wait=
    NWPen=
    No=
    SizeNS=
    SizeWE=
    Crosshair=
    IBeam=
    SizeNWSE=
    SizeNESW=
    SizeAll=
    UpArrow=
    DefaultValue=Windows default
    DefaultValue.MUI=@themeui.dll,-2043
    [Control Panel\Desktop]
    Wallpaper=%WinDir%web\wallpaper\Bliss.bmp
    Wallpaper.MUI=@themeui.dll,-2036
    TileWallpaper=0
    WallpaperStyle=2
    Pattern=
    ScreenSaveActive=1


    Only the HKLM key has "nochangingwallpaper" Dword = 0

    HKLM\SOFTWARE\M icrosoft\Windows\CurrentVersion\policies\ActiveDes ktop"
    and
    "HKCU\Software\Mi crosoft\Windows\CurrentVersion \Policies\ActiveDesktop"


    If you need any more info from me just ask.
  4. Johnny Chimpo

    Johnny Chimpo New Member

    [​IMG]


    Also, I get this everytime I log on to windows. It appears right before my icons load.

    Any idea what that is from, or if it is my problem?

    Thanks.
  5. pr0digal jenius

    pr0digal jenius Delete Me

    svchost should be there, yes...that's wierd.
  6. PangingJr

    PangingJr Member

    in this case, the actual Windows system file is "svchost.exe", the svhost.exe is not and it's just a part of a virus attack.
    your virus or spyware scanner may not properly remove it...

    Johnny C.,

    to stop the "Could not load or run..." dialog from popping up at everytime you start Windows you need to remove the regisrtry value "svhost.exe" from your Run registry keys...
    to do this open your Registry Editor and go to these below registry keys...

    HKCU\Software\Microsoft\Windows\CurrentVersion\Run (and RunOnce if present)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run (and RunOnce if present)

    look in the right pane for value name svhost.exe or for value data "X:\WINDOWS\system32\Svhost.exe"
    and delete this value form your registry. and then, search your local drive for a file named "svhost.exe" (not svchost.exe) and remove it and reboot the PC.

    as for the problem about the wallpaper...
    i'm sure that this can also be fixed, it's just take time since there are/can be many registries associated with the problem... and i need to look at your registry for more info before i can give you the right solution, but i can't, you cannot sent it to me because it'll be a big file and i will not be able to recieve it since, i'm on a very slow net connection. i'll get on one of a newsgroups and PM you some links in a few mins.

    in the mean time, i like to see the contain info of the xxxx.theme file that you're using now (not the Luna ones),
    and i like you to D/L this .reg file --- http://www.kellys-korner-xp.com/regs_edits/wallpaperenable.reg
    once you have the file import/merge it into your registry and reboot the PC and see if this helps,
    if it does not then pls wait for my PM.
  7. PangingJr

    PangingJr Member

    my surprise. there are a lot of cases that people will not be able to change their wallpaper or desktop background after some viruses or virus-like attacked.

    anyway, i just posted some links on your private message,
    read them and check them out. one of those fixing registry is the solution for your case.
    and please, feel free to post any question you may have in this thread.

    after read a few of cases and if i understand correctly this is a small registry problem, some small and not so important parts of your registry are missing, or, some value that exists in your registry are not supposed to be there. this causes the problem that you've already found in/about the desktop background only.
    this's unlike some other registry problems, sometimes just a small or one missing registry key can do a lot of damages to Windows. but anyway, do a complete virus/trojan/spyware scan again.
    as i said, check the links that i give you for a solution first. you could think about repair Windows install later. and if you want to do a repair install i'd suggest you to backup your files and go for a re-format and a clean Windows install instend.
    i hope it won't come to this.:)
    Last edited: May 27, 2005
  8. Johnny Chimpo

    Johnny Chimpo New Member

    OK I tried the reg entry from Kelly's and that did not help.

    Here is the theme that I am using. I cannot change away from this theme either. I tried to browse to luna and activate, but it reverts back to "modified theme", which looks the same as windows classic.

    ; Copyright © Microsoft Corp. 1995-2001

    [Theme]

    ; My Computer
    [CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\DefaultIcon]
    DefaultValue=C:\WINDOWS\Explorer.exe,0

    ; My Documents
    [CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\DefaultIcon]
    DefaultValue=C:\WINDOWS\SYSTEM32\mydocs.dll,0

    ; My Network Places
    [CLSID\{208D2C60-3AEA-1069-A2D7-08002B30309D}\DefaultIcon]
    DefaultValue=C:\WINDOWS\system32\SHELL32.dll,17

    ; Recycle Bin
    [CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon]
    full=C:\WINDOWS\System32\shell32.dll,32
    empty=C:\WINDOWS\System32\shell32.dll,31



    [Control Panel\Colors]
    ActiveTitle=128 0 0
    Background=0 0 0
    Hilight=128 0 0
    HilightText=255 255 255
    TitleText=255 255 255
    Window=255 255 255
    WindowText=0 0 0
    Scrollbar=192 192 192
    InactiveTitle=128 128 128
    Menu=192 192 192
    WindowFrame=0 0 0
    MenuText=0 0 0
    ActiveBorder=192 192 192
    InactiveBorder=192 192 192
    AppWorkspace=255 255 255
    ButtonFace=192 192 192
    ButtonShadow=128 128 128
    GrayText=128 128 128
    ButtonText=0 0 0
    InactiveTitleText=192 192 192
    ButtonHilight=255 255 255
    ButtonDkShadow=0 0 0
    ButtonLight=192 192 192
    InfoText=0 0 128
    InfoWindow=255 255 255
    GradientActiveTitle=0 16 168
    GradientInactiveTitle=186 190 201
    ButtonAlternateFace=192 192 192
    HotTrackingColor=128 0 0
    MenuHilight=128 0 0
    MenuBar=192 192 192


    [Control Panel\Cursors]
    Arrow=
    Help=
    AppStarting=
    Wait=
    NWPen=
    No=
    SizeNS=
    SizeWE=
    Crosshair=
    IBeam=
    SizeNWSE=
    SizeNESW=
    SizeAll=
    UpArrow=
    DefaultValue=Windows default
    Link=

    [Control Panel\Desktop]
    Wallpaper=C:\WINDOWS\desktop.html
    TileWallpaper=0
    WallpaperStyle=0
    Pattern=
    ScreenSaveActive=0

    [Control Panel\Desktop\WindowMetrics]

    [Metrics]
    IconMetrics=76 0 0 0 75 0 0 0 75 0 0 0 1 0 0 0 245 255 255 255 0 0 0 0 0 0 0 0 0 0 0 0 144 1 0 0 0 0 0 1 0 0 0 0 77 105 99 114 111 115 111 102 116 32 83 97 110 115 32 83 101 114 105 102 0 0 0 0 0 0 0 0 0 0 0 0
    NonclientMetrics=84 1 0 0 1 0 0 0 13 0 0 0 13 0 0 0 19 0 0 0 19 0 0 0 241 255 255 255 0 0 0 0 0 0 0 0 0 0 0 0 188 2 0 0 0 0 0 1 0 0 0 0 84 105 109 101 115 32 78 101 119 32 82 111 109 97 110 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 17 0 0 0 17 0 0 0 243 255 255 255 0 0 0 0 0 0 0 0 0 0 0 0 188 2 0 0 0 0 0 1 0 0 0 0 84 105 109 101 115 32 78 101 119 32 82 111 109 97 110 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 18 0 0 0 18 0 0 0 243 255 255 255 0 0 0 0 0 0 0 0 0 0 0 0 144 1 0 0 0 0 0 1 0 0 0 0 84 105 109 101 115 32 78 101 119 32 82 111 109 97 110 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 243 255 255 255 0 0 0 0 0 0 0 0 0 0 0 0 144 1 0 0 0 0 0 1 0 0 0 0 84 105 109 101 115 32 78 101 119 32 82 111 109 97 110 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 243 255 255 255 0 0 0 0 0 0 0 0 0 0 0 0 144 1 0 0 0 0 0 1 0 0 0 0 84 105 109 101 115 32 78 101 119 32 82 111 109 97 110 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0

    [boot]
    SCRNSAVE.EXE=%WinDir%system32\logon.scr


    [MasterThemeSelector]
    MTSM=DABJDKT
    ThemeColorBPP=4


    [AppEvents\Schemes\Apps\.Default\.Default\.Current]
    DefaultValue=%WinDir%media\Windows XP Ding.wav
    [AppEvents\Schemes\Apps\.Default\AppGPFault\.Current]
    DefaultValue=
    [AppEvents\Schemes\Apps\.Default\Close\.Current]
    DefaultValue=
    [AppEvents\Schemes\Apps\.Default\DeviceConnect\.Current]
    DefaultValue=%WinDir%media\Windows XP Hardware Insert.wav
    [AppEvents\Schemes\Apps\.Default\DeviceDisconnect\.Current]
    DefaultValue=%WinDir%media\Windows XP Hardware Remove.wav
    [AppEvents\Schemes\Apps\.Default\DeviceFail\.Current]
    DefaultValue=%WinDir%media\Windows XP Hardware Fail.wav
    [AppEvents\Schemes\Apps\.Default\LowBatteryAlarm\.Current]
    DefaultValue=%WinDir%media\Windows XP Battery Low.wav
    [AppEvents\Schemes\Apps\.Default\MailBeep\.Current]
    DefaultValue=%WinDir%media\Windows XP Notify.wav
    [AppEvents\Schemes\Apps\.Default\Maximize\.Current]
    DefaultValue=
    [AppEvents\Schemes\Apps\.Default\MenuCommand\.Current]
    DefaultValue=
    [AppEvents\Schemes\Apps\.Default\MenuPopup\.Current]
    DefaultValue=
    [AppEvents\Schemes\Apps\.Default\Minimize\.Current]
    DefaultValue=
    [AppEvents\Schemes\Apps\.Default\Open\.Current]
    DefaultValue=
    [AppEvents\Schemes\Apps\.Default\PrintComplete\.Current]
    DefaultValue=
    [AppEvents\Schemes\Apps\.Default\RestoreDown\.Current]
    DefaultValue=
    [AppEvents\Schemes\Apps\.Default\RestoreUp\.Current]
    DefaultValue=
    [AppEvents\Schemes\Apps\.Default\RingIn\.Current]
    DefaultValue=
    [AppEvents\Schemes\Apps\.Default\Ringout\.Current]
    DefaultValue=
    [AppEvents\Schemes\Apps\.Default\SystemAsterisk\.Current]
    DefaultValue=%WinDir%media\Windows XP Error.wav
    [AppEvents\Schemes\Apps\.Default\SystemExclamation\.Current]
    DefaultValue=%WinDir%media\Windows XP Exclamation.wav
    [AppEvents\Schemes\Apps\.Default\SystemExit\.Current]
    DefaultValue=%WinDir%media\Windows XP Shutdown.wav
    [AppEvents\Schemes\Apps\.Default\SystemHand\.Current]
    DefaultValue=%WinDir%media\Windows XP Critical Stop.wav
    [AppEvents\Schemes\Apps\.Default\SystemNotification\.Current]
    DefaultValue=%WinDir%media\Windows XP Balloon.wav
    [AppEvents\Schemes\Apps\.Default\SystemQuestion\.Current]
    DefaultValue=
    [AppEvents\Schemes\Apps\.Default\SystemStart\.Current]
    DefaultValue=%WinDir%media\Windows XP Startup.wav
    [AppEvents\Schemes\Apps\.Default\SystemStartMenu\.Current]
    DefaultValue=
    [AppEvents\Schemes\Apps\.Default\WindowsLogoff\.Current]
    DefaultValue=%WinDir%media\Windows XP Logoff Sound.wav
    [AppEvents\Schemes\Apps\.Default\WindowsLogon\.Current]
    DefaultValue=%WinDir%media\Windows XP Logon Sound.wav
    [AppEvents\Schemes\Apps\Explorer\EmptyRecycleBin\.Current]
    DefaultValue=%WinDir%media\Windows XP Recycle.wav
    [AppEvents\Schemes\Apps\Explorer\Navigating\.Current]
    DefaultValue=%WinDir%media\Windows XP Start.wav



    ctrl-alt-del, I have started reading through the info from the PM you sent. Much of that I have already tried, and not helped yet. I also did thorough AV and spyware scans again, all clean. I will continue to read through what you sent me. Let me know if you need anything.

    Thank you.
  9. PangingJr

    PangingJr Member

    check again that the "Themes" service is set to Automatic or Manual and is Started,
    then you should be able to see the theme named "Windows XP" (Luna theme) in themes tab of the Display Properties. No?
  10. Johnny Chimpo

    Johnny Chimpo New Member

    Themes service is set to automatic and running. I can see "Windows XP" theme, but if I select and apply, nothing changes. Still classic.
  11. PangingJr

    PangingJr Member

    so, at this point there is no other problem with Windows but this desktop B/G problem ?
    i'll look around in other newsgroups and let you know when i find anything.

    -------

    Make a registry edit (backup each registry key before deleting each value)

    Delete the value named "NoChangingWallPaper" from these two registry keys
    HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop
    and/or
    HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop

    Delete any default wallpaper value set in this key (if it does already exist)
    HKCU\Software\Policies\Microsoft\Windows\System

    HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System
    Delete these two values named "Wallpaper" and "WallpaperStyle" (if it does exist)

    HKEY_USERS\.DEFAULT\Control Panel\Desktop
    Modify the value data of the value named "Wallpaper"
    from whatever value you're now having to "(None)"
    (if it does exist)

    i'll continue to add more info when i can find more...
    Last edited: May 29, 2005
  12. PangingJr

    PangingJr Member

    this is what i've found for now about the "desktop.html"
    it may not be same virus but check all the keys and values...
    if they do exists, let me know which ones because some of them will need to be removed (mostly). but some of them will need to be replaced with/using atleast Windows default values.


  13. Beg4Mercy

    Beg4Mercy New Member

    Hi I am new to this forum and I believe I found the answer to your question since I had the same problem. A key in your registry is probably pointing to a deleted file refered to as desktop.html

    If you go into your regedit and follow this path: HKEY_CURRENT USER/SOFTWARE/MICROSOFT/WINDOWS/CURRENTVERSION/POLICIES/SYSTEM

    In there you may see a key that points to the C:\Windows\Web\desktop.html

    If you see that key DELETE IT. Your virus software probably found this hijack desktop viruz and deleted the infected file already.

    This took me 2 days to figure out and it was this forum that helped me figure it out. THANKS and I hope this helps!
    Last edited: Aug 4, 2005
  14. bunk

    bunk New Member

    Free at last

    Excellent this worked I use regcool and search desktop.html and deleted all keys ( after backing up) and presto I'm FREEEEEEEEEEEEEE. Spy sheriff is the culprit for me. That company should be tarred and feathered for that POS hijack!!!!

    thanks Beg4!!!

    Bunk





  15. The_Neon_Cowboy

    The_Neon_Cowboy New Member

    Always use spybot, ad-aware and spyware blaster!

    But I to be safe format and reinstall becouse after the system is seriouly compramised you
    will never be able to 100% reverse the damage done. Alot of them adjust security settings
    replace windows os files etc...
  16. e v o

    e v o New Member

    i 2nd those three. Those are the only ones that i use. More and i feel like im over doing it. I've also found that those three have the least problems working with each other...

    Ben
  17. theavenger

    theavenger New Member

    hey i am not sure if i should back up the C:\WINDOWS\desktop.html then delete it.. or should i just delete right away. Also if i have to back up then delete.. how do i back up..? thank you
  18. PangingJr

    PangingJr Member

    that file (desktop.html) itself might not be an virus infection file or a malicious file but it is belong to a computer virus. no reason to keep it. but if you're not sure you can just zip/rar it.

    but for registry... there is always a good idea for you to make a backup of your registry info before modifying it in case the original of the good values in the same registry keys/subkeys was accidentally damaged or erased during the modification process.
  19. slashpine

    slashpine New Member

    Unfortunately I also got this virus which disables the background setting. I was able to undo the changes thanks to the information made public on this forum! Thank you again!

    I also found out that SVCHOST.EXE in WINDOWS\SYSTEM32 was part of the virus itself.
    Also, a file named KERNEL32.EXE ABC.EXE and several others are all part of the same package!!! Also, you may find a file called SYS35*.* -- these are also parts of the virus.
    And another which is called VR_SYS.DLL - I think this is also part of the virus. And there was another called USER32M.EXE or something like that.

    These files must be essential part of the virus, because I checked the file creation date and time. These files were created exactly at the moment when I clicked on a bad link and my computer was infected. When I discovered this, I restarted my computer from a Win98 boot disk, and I manually deleted these files. After I deleted them, the virus was gone! Actually, SpySheriff is a spyware itself. It says that your computer is infected, and you need to purchase it in order to get rid of it.
    :x

    SpySheriff also adds a bunch of bad websites to your list of trusted sites! Make sure that you remove all of them! Go to Internet Options >> Security >> Trusted Sites. And click on the Sites button. You will see what I'm talking about...
    Last edited: Aug 12, 2005
  20. swimtech

    swimtech New Member

    Agreed, but I can get away with using spybot manually, the others in the backround...

Share This Page