Articles

Solved virus, now no desktop or start up icons

October 29, 2011 at 16:00:47
Specs: Windows 7

Had a virus now no desktop or startup icons, task manager disabled, system restore disabled even in safe mode. I have no more ideas, any help? I had some icons before but ran Avira and Avast and halfway through computer suddenly shutdown. When I rebooted everything was missing.
A) can i fix this?
B) if not, can i get files off this computer without spreading infection?

See More: virus, now no desktop or start up icons

Report •


#1
October 29, 2011 at 16:48:05

The files are still there, they are hidden. and the virus is still there somewhere in the system folder loading as a driver. The registry is FUBAR as well.
you can:
slave the dive and copy your files you need to a new installation
or
Use a linux rescue disk like hirens and boot in and try to remove it. From our experience, it is almost impossible to complete repair the damage. Notice I said almost. I have, after spending hours on a person's computer repaired the damage but it was way more time than it is was worth.

Report •

#2
October 29, 2011 at 18:37:36
✔ Best Answer

andeeman,

If you cannot download programs to the infected computer, do you have access to a clean computer, to download programs there, and then, use a USB drive to move programs over to the Desktop of the infected computer?

If so, please do so, and download the latest version of OTL:
http://oldtimer.geekstogo.com/OTL.exe

Save to the Desktop

XP: Double-click on the 'OTL' icon on your Desktop.
Vista/Seven: Right-click and select: Run as Administrator

Check: 'Scan All Users'

Click the 'Run Scan' button.

When done, two reports open:
-OTL.txt
-Extra.txt: is minimized to the TaskBar

Please provide them in your reply. However, you will need to upload these reports:

Go to the ‘Uploading’ website:
http://uploading.com/files/upload/

In: Select files to upload, click 'Browse', and 'Look in' the Desktop.
Select the DDS.txt report, and click on 'Open'
You will see the following:
“Your file has been uploaded successfully: (Name and size of the file)”

Please copy the 'Download link', and provide it in your reply.

Do the same with the Attach.txt.


~~~~

Please download RogueKiller:
http://tigzy.geekstogo.com/Tools/Ro...
http://www.sur-la-toile.com/RogueKi...

Save it to your Desktop.

Now, close all open programs.

Vista/Windows 7, right-click the file and select: Run as Administrator
XP, double-click RogueKiller.exe to run the program

When prompted, type 1 and Press Enter.

An RKreport.txt appears on the Desktop.

Note: If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe

Please post the contents of the 'RKreport.txt' in your reply


Under no circumstances should you empty your temp folders. Copies of the missing shortcuts are usually found there, and can be put back in place once the infection has been cleaned.


Thanks.

~~~~
Retired - Doin' Dis, Dat, and slapping malware.
Malware Eliminator/Member of UNITE and the
Alliance of Security Analysis Professionals


Report •

#3
October 30, 2011 at 05:39:53

I will be trying both suggestions when I get a moment. what kind of risk am I in from an identity theft standpoint? I was connected to the internet for about a day after the virus took over (while trying to download and fix it.....) my wife and I keep a txt file of passwords on our computer....

Report •

Related Solutions

#4
November 12, 2011 at 16:10:30

Here's the links: (note: only way to get off infected pc was to print to pdf, then copy and paste to notepad on new computer so page numbers were added and any lines over 8.5 x 11 paper lines were carried over to next line)

http://uploading.com/files/1a78dacf...
http://uploading.com/files/9dd2fb6e...

Here's Rogue killer stuff:

RogueKiller V6.1.7 [11/05/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/file...
Blog: http://tigzyrk.blogspot.com
Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Compaq_Owner [Admin rights]
Mode: Scan -- Date : 11/12/2011 19:56:15
¤¤¤ Bad processes: 3 ¤¤¤
[HJ NAME] notepad.exe -- C:\WINDOWS\notepad.exe -> KILLED [TermProc]
[HJ NAME] notepad.exe -- C:\WINDOWS\notepad.exe -> KILLED [TermProc]
[RESIDUE] GoogleUpdate.exe -- C:\Documents and Settings\Compaq_Owner.JESSANDYNOV2008\Local
Settings\Application Data\Google\Update\GoogleUpdate.exe -> KILLED [TermProc]
¤¤¤ Registry Entries: 6 ¤¤¤
[SUSP PATH] GoogleUpdateTaskUserS-1-5-21-1397932245-1334317816-4008901746-1009UA.job :
C:\Documents and Settings\Compaq_Owner.JESSANDYNOV2008\Local -> FOUND
[SUSP PATH]
GoogleUpdateTaskUserS-1-5-21-1397932245-1334317816-4008901746-1009Core1cc0b19dc6ba2d2.job :
C:\Documents and Settings\Compaq_Owner.JESSANDYNOV2008\Local -> FOUND
[HJPOL] HKCU\[...]\System : DisableTaskMgr (1) -> FOUND
[HJPOL] HKCU\[...]\Explorer : NoDesktop (1) -> FOUND
[WallPP] HKCU\[...]\Desktop : Wallpaper () -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver: [LOADED] ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
Finished : << RKreport[1].txt >>
RKreport[1].txt


let me know if you need anything else, Thanks again!!!


Report •

#5
November 12, 2011 at 16:52:16

Here's the links: (note: only way to get off infected pc was to print to pdf, then copy and paste to notepad on new computer so page numbers were added and any lines over 8.5 x 11 paper size were carried over to next line)

http://uploading.com/files/1a78dacf...
http://uploading.com/files/9dd2fb6e...

let me know if you need anything else, Thanks again!!!


Report •

#6
November 12, 2011 at 17:08:45

andeeman,

Please...
•Close all open windows and browsers
•Vista/Win7 - Right click the RogueKiller icon and select: Run as Administrator.
•When prompted, type 2 (DELETE) and then press Enter
•A report will open: RKreport.txt

Please copy and paste this report in your reply.

In the meantime, will be checking the reports you uploaded.

~~~~
Retired - Doin' Dis, Dat, and slapping malware.
Malware Eliminator/Member of UNITE and the
Alliance of Security Analysis Professionals


Report •

#7
November 13, 2011 at 10:32:23

Here's the results of running RK and "delete"
(FYI, after RK delete ran, the background picture we had showed up again, whereas before it had been just a blue screen)
I think now I can upload normal results as txt file for the OTL if that's easier.....

RogueKiller V6.1.7 [11/05/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/file...
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Compaq_Owner [Admin rights]
Mode: Remove -- Date : 11/13/2011 13:26:56

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 6 ¤¤¤
[SUSP PATH] GoogleUpdateTaskUserS-1-5-21-1397932245-1334317816-4008901746-1009UA.job : C:\Documents and Settings\Compaq_Owner.JESSANDYNOV2008\Local -> DELETED
[SUSP PATH] GoogleUpdateTaskUserS-1-5-21-1397932245-1334317816-4008901746-1009Core1cc0b19dc6ba2d2.job : C:\Documents and Settings\Compaq_Owner.JESSANDYNOV2008\Local -> DELETED
[HJPOL] HKCU\[...]\System : DisableTaskMgr (1) -> DELETED
[HJPOL] HKCU\[...]\Explorer : NoDesktop (1) -> DELETED
[WallPP] HKCU\[...]\Desktop : Wallpaper () -> REPLACED (C:\Documents and Settings\Compaq_Owner.JESSANDYNOV2008\Local Settings\Application Data\Microsoft\Wallpaper1.bmp)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED ()

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost


Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt


Report •

#8
November 14, 2011 at 07:44:46

One more time!

Please...
•Close all open windows and browsers
•Vista/Win7 - Right click the RogueKiller icon and select: Run as Administrator.
•When prompted, type 6 (Shortcut HJFix) and then press Enter
•A report will open: RKreport.txt

Please copy and paste the new report in your reply.

~~~~
Retired - Doin' Dis, Dat, and slapping malware.
Malware Eliminator/Member of UNITE and the
Alliance of Security Analysis Professionals


Report •

#9
November 15, 2011 at 02:12:29

(Icons reappeared on desktop after running RK)

Here's the new report:

RogueKiller V6.1.7 [11/05/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/file...
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Compaq_Owner [Admin rights]
Mode: Shortcuts HJfix -- Date : 11/15/2011 05:07:44

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 14400 / Fail 0
Quick launch: Success 10 / Fail 0
Programs: Success 53404 / Fail 0
Start menu: Success 391 / Fail 0
User folder: Success 8821 / Fail 0
My documents: Success 2269 / Fail 0
My favorites: Success 265 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 132859 / Fail 0
Backup: [FOUND] Success 290 / Fail 0

Drives:
[C:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[D:] \Device\HarddiskVolume1 -- 0x3 --> Restored
[E:] \Device\CdRom0 -- 0x5 --> Skipped
[F:] \Device\Harddisk1\DP(1)0-0+7 -- 0x2 --> Restored
[G:] \Device\Harddisk2\DP(1)0-0+8 -- 0x2 --> Restored
[H:] \Device\Harddisk3\DP(1)0-0+9 -- 0x2 --> Restored
[I:] \Device\Harddisk4\DP(1)0-0+a -- 0x2 --> Restored
[L:] \Device\Harddisk5\DP(1)0-0+c -- 0x2 --> Restored

¤¤¤ Infection : Fake HDD ¤¤¤

Finished : << RKreport[4].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt

Let me know what else I need to do. Thanks so much for your help!!!!

Andy


Report •

#10
November 16, 2011 at 19:15:48

andeeman,

My apology for the delay...

Before we proceed, please provide an update on your initial concerns:

1. No desktop or startup icons
2. Task manager disabled
3. System Restore disabled even in Safe Mode

Are you still having any of these problems?

~~~~
Retired - Doin' Dis, Dat, and slapping malware.
Malware Eliminator/Member of UNITE and the
Alliance of Security Analysis Professionals


Report •

#11
November 26, 2011 at 04:57:15

Sorry about the delay, I thought I'd already posted a response! Maybe I accidentally started a new thread or something, argh!

Anyway, It looks like all icons have returned. I can get into task manager, but system restore is still disabled for any time before the virus hit. Now I checked again and system restore doesn't even give me an option to restore that far back in time so maybe that's redundant.

I have a feeling its still on here in the background, but you would know better than I. The computer is functional right now we just disconnect from the web when we aren't using it and don't do any banking/sensitive work on it.

Any further suggestions to clean this puppy up?


Report •

#12
November 26, 2011 at 14:28:14

Please download TangoSoft Re-Enable:
http://www.tangosoft.co.uk/download...

Select: Installer, Setup.exe

Save the download to the Desktop

XP: Double-click the program to run it.

Reference Image:
http://img.informer.com/screenshots...

Press: 'Check/Uncheck All'
Next, check: 'System Restore'

Press: Re-Enable

The program has the ability to restore functionality to System Restore and other functions.

Restart the computer.

Any Progress?

~~~~
Retired - Doin' Dis, Dat, and slapping malware.
Malware Eliminator/Member of UNITE and the
Alliance of Security Analysis Professionals


Report •

#13
December 4, 2011 at 14:40:14

You ROCK!!! God bless you man, system restore is functional! I imagine there may be a virus lurking in there somewhere, but everything seems to work fine so I just won't do any banking on that one.

I have a recent development on my new computer that may prove more challenging, I will start a new thread to explain (keep getting a pop-up that i need to back up HD as it may be corrupted- easier said than done...)

Thank you so much


Report •


Ask Question