I recently opened an e-greeting card in hotmail, when i clicked on the link, my desktoppicture changed to a blue background with a window i couldnt close saying the computor was infected with spywear. i tried cleaning the regestry and searching for spywear with advanced system optimizer. after doing this i restarted the computor, only to find no start menu, icons or trash bin. i used system restore, and initially this worked, but i started getting messages from windows security centre, which i have not used before. once again itried deleting the spywear with garbage clean, v3 and advanced system optimizer, explorer.exe was missing again, i have tried running it via ctrl alt and delete, but got a message saying it could not be found. i have tried system restore, a few times but i cant restore past todays date. Recently when starting up this computor i lose internet connection, including in the pc, i am using at the moment (HP Running vista home premium) Please can anyone help i have been stuck with this problem for 4 days, and its starting to take over my life, please help. Ardenus

Have you tried Safe mode?? I had a similar problem with a friend's computer, and so did someone else who posted here recently. See this, especially response 3: http://www.computing.net/answers/wi... NOTE: if you copy or print any of that, when there are links in the posts on this site, if they are longer they are automatically shortened to save space in the post and are a link to the actual link. If you merely copy the post with the shortened link in it, or print the post with the shortened link in it, the shortened link will not work. You have to click on the shortened link, and copy the address of where it goes to, and paste that into the copy, and you might as well delete the shortened link in the copy at the same time. If think your problem could be cured by those programs, but you find you can't download anything, or you can but not to where you can get at it, download Malwarebytes and SmitFraudFix to a USB flash drive on another computer - in my case I was able to access USB flash drives fine with the malware still on the computer. Copy the download to the desktop, not somewhere else, if you can, or you should be able to run the installs from the flash drive but they would execute slower. A thing to try. This worked with that malware. Click on Start, RIGHT click on a blank part of the box, choose Properties - Start Menu - Customize - Advanced Enable anything you like in the list, including Run, Control Panel, Help And Support, Search, Administrative Tools. In my case, whatever you enable will then be in the Start Menu box, but eventually, only Administrative Tools stayed there - the rest disappeared in a few minutes. - Search worked but I could not see the same drives I couldn't see with My Computer or Windows Explorer - Run worked, but if you typed regedit or msconfig - access denied System Info worked (msinfo32). You could try explorer.exe - it might work. I had an icon on the desktop for Windows Explorer, which uses the same command with a switch - it worked, but it coudn't see the drives that are invisible either - in my case, I still had an icon to - Control Panel worked - Run - cmd worked - I could see the drives that were invisible in Windows, and their contents were still there. Alt-Ctrl-Del didn't work, and Taskmanager was greyed out when I RIGHT clicked on the taskbar, because it had been disabled by the malware. regedit and msconfig access was disabled by lines put into the registry by it. "i have tried system restore, a few times but i cant restore past todays date." If you turned off System Restore before that, or if something you used did, all previous restore points are always lost. In most cases the malware doesn't do that itself. I've seen info that says experts now recommend you DO NOT turn off System Restore until AFTER your malware has been removed, despite you frequently seeing that suggested, their reasoning being any malware found in the restore points cannot re-infect your computer unless you load those restore points, and there have been many instances of anti-malware software, especially anti-spyware software, having bugs and removing something it should not remove, and in some cases you cannot fix what the anti-malware did wrong unless you have previous restore points - otherwise you have to re-install Windows, or run a Repair "Install" of Windows.

i have managed to restore the start menu by booting up with my xp cd and running restore. i keep getting pop ups from a programme called antivirus xp 2008, which then scans my computor even when i close the tab, and tells me i have a huge amount of spywear and need to pay to download there programme. I had never seen or heard of this programme before opening that damn greeting card. i have read other post, related to my issues but still cannot remove this spywear.

Just to add to my previous comments i have used all of the antispywear programmes listed for atleast 6 months with no problems, with the exception of garbageclean Found this interesting site on antivirus xp 2008 here: http://spyware-removal-guide.net/12... but unfortunatly i tried the sugested steps but didnt have the files mentioned. ANd more info here:http://www.windowsvistaplace.com/xp-antivirus-2008-removal-instructions-xp-antivirus-2008/spyware-removal i have followed all steps but to no avail. I have now found a programm in the add/remove programmes list called antivirXP08 which i cant uninstall, and a folder in the programme files folder in my c drive named rhcn53j0e7d, which i cant delete. Please \help

Are you able to run regedit? (Start - Run - type: regedit) If you are, things that keep you from deleting files or changing settings can removed from the registry. Do you know how to use it to search and re-search the registry properly? XP's regedit opens at the place you were last at in the registry the last time you used regedit. Make sure My Computer is highlighted at the top of the folder "tree" at left each time you want to search from the begining of the registry, otherwise it will start searching at the saved place. - when an instance of something you are searching for is found, to search further in the registry for the same thing press F3 - keep pressing F3 until no more are found - reset the search to the top of the tree at left if you then want to search for something else .... antivirus xp 2008 and antivirXP08 appear to be the same thing. ... I found a good thing to look for. Look for something like this - a program listing that is just as oddball looking as that file you can't delete. Uninstallation Command: "C:\Program Files\rhcnkrj0etfg\uninstall.exe" If you can run the uninstall for the daxm thing, it should remove all the crxp related to it in one shot. There has to be something like that because the intention is for them to get you to buy their anti-malware, and they would need an easy way to un-install the crxp they loaded when you pay. It's not necessarily rhcnkrj0etfg, it may be randomly generated, but it would be similarly random looking. If you see something like that, try double clicking on uninstall.exe to un-install the daxx thing. If you get an access denied message, let me know, and I'll try to come up with how you can get it to work. ........ The first link I pointed to in response 1 has general info about how to find info about these things. Keep in mind these things, including this one, often generate some things randomly, such as the file names like your rhcn53j0e7d you can't delete. Any manual removal instructions you find may have info about entries that are out of date or similar but not the same. Your first link in response 3 has a lot of useful comments further down on the page from other people, and this one here: http://www.bleepingcomputer.com/mal... tells you a lot about what is random, and says Malwarebytes will remove it, although your first link in response 3 says some people say it didn't get rid of it completely when they tried it (it may now). If you try Malwarebytes, be sure to update it before you run it, then run it in Safe mode, or Safe mode with networking, because less stuff would be running. Also disable your own anti-malware while running it, if you can, to prevent it interfering.

when i try Uninstallation Command: "C:\Program Files\rhcnkrj0etfg\uninstall.exe" (replacing rhcnkrj0etfg with rhcn53j0e7dthe folder i cant delete in programme files i get this message: C:\program' is not recognized as an internal or external command, operable program or batch file. i will check the bottom of the first link for further comments as you sugessted. Thanks for your input.

Please answer these: Have you tried Safe mode?? (press F8 repeatedly while booting, don't hold down the key, starting right after the mboard beeps once, whether you can see a display at that point or not - you should see a menu pop up on a black screen - at the top of the list select Safe mode, or Safe mode with networking - you will see a lot of lines about things loading, the display then won't change for a short time, then you log in as either yourself if you have administator rights, or as Administrator - click on the left choice on the next window you see - the desktop should then load) Does regedit work? (Start - Run - type: regedit (click on OK) .......... What you need to do is go to the \Program Files folder, and look for a program listing similar to but not necessarily the same as \rhcnkrj0etfg - it will look odd, it's prorably randomly generated If you see that, click on the folder with the odd program name, and if you see uninstall.exe, try double clicking on it. .... If you don't see uninstall.exe, it may be a hidden file, and you need to change some settings. Go to Control Panel - Folder Options - View tab In order to show all possible types of files.... click on the circle or square box beside these things to make a dot show up, or remove one, if they are not already set this way... (the default settings are opposite these) Show hidden files and folders (should have a dot) Hide extensions for known file types (should NOT have a dot) Hide protected operating system files (should NOT have a dot) click on OK to save settings. If My Computer, or Windows Explorer, is open, you may need to close it and then open it again for the View changes to show files you couldn't see before. .... If that doesn't help, because access is denied or similar, if regedit works for you, I MIGHT be able to figure out how you can delete or edit a line in the registry that will enable that uninstall.exe to work for you. ... If msconfig works on your computer.... Start- Run - type: msconfig (click on OK) then that gives you more possibilities of what you can try. ... In any case, Malwarebytes should get rid of all of this malware, or at least nearly all of it. However, these things often load other crxp as well. If it does stop the malware but some symptom(s) still remain(s), you could try SmitFraudFix to clean up the changes it made that are not actually malware but are changes to standard settings. If that's still not enough, I've heard this anti-spyware/trojan/adware program gets rid of more of the more difficult to remove ones - SuperAntiSpyware Or - if you haven't already tried them, try ClamWin and/or ClamAV, Spyware Terminator, Kaspersky Free Online Scan, Panda Free Online Scan, Symantec free online scan