Virus removal no desktop.

April 3, 2011 at 08:21:46
Specs: Windows XP
How can i remove a virus that wont let any of my programs load nor my desk top. I have windows XP and the only thing it will do is load my desktop picture, no icons nor the tool bar at the bottom of the screen. I have to press ctrl alt delete to even get to my doucuments but nothing will run. I think antvirus 8 was installed but i cant find it anywhere in my registry. Could someone help me manually delete this virus. I cant access the internet either on that computer..


See More: Virus removal no desktop.

Report •

April 3, 2011 at 22:21:14
Install RKill, then run MBAM, Eset, kaspersky, unhackme, hitmanpro, combofix, SUPERAntiSpyware & ATF.
Then finally start with clean Restore points.

RKill Forum - What it does and What it Doesn't - A brief introduction to the program
RKill is a program developed at that was originally designed for the use in our malware removal guides. It was created so that we could have an easy to use tool that kills known processes that stop the use of our normal anti-malware applications. Simple as that. Nothing fancy. Just kill known malware processes so that anti-malware programs can do their job.

Malwarebytes' Anti-Malware ( MBAM )
Error codes
Common Issues, Questions, and their Solutions, Frequently Asked Questions.
VIPRE Rescue Program
Try it in Safe mode.
If it won't run, rename the downloaded mbam-setup.exe file to mb.exe to help work around certain malware that will block it from being run.
If it still will not run.
1: Go to Control Panel > Programs and Features and uninstall Malwarebytes.
Next redownload Malwarebytes but rename it before you download it to your desktop. As you are in the process of downloading when you get to the point that the "enter name of file to save to" box appears, in the "filename" slot, rename mbam-setup.exe to something.exe, then click Save.
If it installed but will not run, navigate to this folder:
2: C:\Programs Files\Malwarebytes' AntiMalware
At the top of the page, Tools > Folder Options > View, click > Show hidden files and folders and untick > Hide extensions for known file types.
How to see hidden files in Windows
Rename all the .exe files in the Malwarebytes' Anti-Malware folder and try to run it again.
When it opens, update 1st.
If it won't update after installing, update manually.
Download & install.

Using ESET's Online Scanner
General clean up and Prep (Do prior to any AV scans)
How can I view the log file from ESET Online Scanner?
The ESET Online Scanner saves a log file after running, which can be examined or sent in to ESET for further analysis. The path to the log file is "C:\Program Files\EsetOnlineScanner\log.txt". You can view this file by navigating to the directory and double-clicking on it in Windows Explorer, or by copying and pasting the path specification above (including the quotation marks) into the Start ? Run dialog box from the Start Menu on the desktop.

Kaspersky Online Scanner

UnHackMe is a first bootwatch antirootkit.

Hitman Pro
Unlimited free scanning and free 30-day version to remove detected malware.
Download now (32-bit)
Download now (64-bit)

A guide and tutorial on using ComboFix
We are almost ready to start ComboFix, but before we do so, we need to take some preventative measures so that there are no conflicts with other programs when running ComboFix. At this point you should do the following:
* Close all open Windows including this one.
* Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix. Instructions on disabling these type of programs can be found in this topic.


ATF Cleaner
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browser
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.
This will remove all files from the items that are checked so if you have some cookies you'd like to save, please move them to a different directory first, or use CCleaner.
Notes for Windows Vista users:
On Windows Vista that "Windows Temp" is disabled, to empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator" This program is for Windows 98/ME/2K/XP and Vista! ( I also use it on W7 )

How Do I Disable & Re-Enable a System Restore After a Virus Infection?
Safe mode

How to Turn On and Turn Off System Restore in Windows XP
Windows 7

Report •

April 4, 2011 at 15:14:28
I cant access the internet from that computer.. Is there anything i can do like looking through my registry for virus names or things of that nature.. I want to manually remove this virus. Again im working with widows XP

Report •

April 4, 2011 at 15:42:49
Did you try Safe mode?

Infection has enabled proxy
Start > Control Panel > Internet Options > Connections > LAN settings, untick > Use a proxy server for your LAN. Click OK twice.

If an infection has disabled your connection.
How to configure TCP/IP
On the General tab, make sure "Obtain an IP address automatically" and "Obtain DNS server address automatically" are both ticked.

"I think antvirus 8 was installed but i cant find it anywhere in my registry"

As you looked in the registry, I had to assume it was not AV8, because if it was, it's certainly there.

antivirus 8 how to remove

Associated Antivirus8 Files:

c:\Documents and Settings\All Users\Start Menu\AV8\
c:\Documents and Settings\All Users\Start Menu\AV8\Antivirus8.lnk
c:\Documents and Settings\All Users\Start Menu\AV8\Uninstall.lnk
C:\Program Files\AV8\
C:\Program Files\AV8\av8.exe

File Location Notes:

%UserProfile% refers to the current user's profile folder. By default, this is C:\Documents and Settings\ for Windows 2000/XP, C:\Users\ for Windows Vista/7, and c:\winnt\profiles\ for Windows NT.

Associated Antivirus8 Windows Registry Information:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "AV8"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform "WinNT-A8I 23.09.2010"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe "Debugger" = "C:\Program Files\AV8\av8.exe -d"

Remove Fake Antivirus

Report •

Related Solutions

Ask Question