Buddylist Trojan Horse Virus: Screensaver Is Always Set to "Blank" (293149)

SYMPTOMS

After you select any screensaver and then restart the computer, the screensaver selection may be unexpectedly changed to Blank.

When you click Selective startup on the General tab in the System Configuration utility, click to clear the Load startup group items check box, and then restart the computer, Aimreminder.exe may be selected again on the Startup tab of the System Configuration utility.

When you view the [boot] section of the System.ini Windows system file, the following line may be displayed:

SCRNSAVE.EXE=C:\WINDOWS\SYSTEM\WINSAVER.EXE

RESOLUTION

Microsoft does not provide software that can detect or remove computer viruses. If you suspect or confirm that your computer is infected with a virus, obtain current antivirus software. For a list of antivirus software manufacturers, click the following article number to see the article in the Microsoft Knowledge Base:

49500 List of Antivirus Software Vendors

MORE INFORMATION

The Buddylist.exe Trojan Horse is a password-stealing program that targets America Online (AOL) users. The Buddylist.exe program creates the Registryreminder.exe file in the following folder:

C:\WINDOWS\SYSTEM\NortonAntiVirus

The Registryreminder.exe program loads from the Win.ini Windows system file and creates the other Trojan Horse-related files.

After removing this program, you may want to contact America Online to report that your user account information and passwords may have been stolen.

The third-party products that are discussed in this article are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, regarding the performance or reliability of these products.

Buddylist Trojan Horse Virus: Screensaver Is Always Set to "Blank" (293149)

SYMPTOMS

CAUSE

RESOLUTION

MORE INFORMATION