Solved No more desktop icons, nor task bar or manager

April 2, 2012 at 04:05:56
Specs: Windows 7 64x
Hi everyone,
I know this problem has already been solved somewhere else but I'm asking for your help again. Since this morning I don't have any icons on my desktop, nor task bar or task managers. Firefox is working well but chrome is bugging, so I shut down my wi-fi card and i'm writing from my phone.
The only thing that appears when I boot computer is the file explorer so I can still access files and programs. Skype for example seems to work well.
I noticed that in Avira's folder, I don't see any .exe file except one called apnstub.exe and signed by Ask.com. I managed to launch Avira's control center through the configuration panel and tried to run a scan on active processes.
Scan doesn't launch in administrator mode but says everything's fine when launched in normal mode. Just launched a complete system scan now.
What do you guys think? Is it important? Can I get back my desktop and see my gmail on chrome again?
Thank you!

Edit: sorry the .exe in avira's folder are still there, I just didn't saw them^^


See More: No more desktop icons, nor task bar or manager

Report •


✔ Best Answer
April 2, 2012 at 16:01:19
OK.

Looks like this is the Bundespolizei Virus (federal police).

If you put the file name "ch810.exe" in Google there are a lot of hits (all in German).
My German is only conversational so it won't help much, and the translators are often difficult to understand.

EDIT:
Some English hits in Google using the string "Bundespolizei Virus" - some even from this website. Sounds like a tricky one although MalwareBytes can get it if you are able to run it. Otherwise it means diving into the registry which is fine if you are familiar in that area, risky if you are not. Seems as if you can get shot of it fairly easily once it is weakened.

Apart from anything in Google there is a program called Rkill. If you can get that to run it kills running viral processes. You then "leave Rkill running" and try MalwareBytes again - or whatever else you care to throw at it.

Always pop back and let us know the outcome - thanks



#1
April 2, 2012 at 10:29:08
http://www.sevenforums.com/tutorial...

Always pop back and let us know the outcome - thanks


Report •

#2
April 2, 2012 at 11:07:00
So It seems i dont have the right clic working on the screen so . My desktop is actually hidden by the usual background pic, I mean that is can see the icons when I boot and when I turn off the computer.

I'm right now on the phone with a friend that is trying to help me. We put the safe mode and try to restore system but it crashed with blue screen during the restoration.


Report •

#3
April 2, 2012 at 11:37:28
Does your mouse right click in any other situation?

Does it boot up (with icons not hidden) in Safe Mode?

Always pop back and let us know the outcome - thanks


Report •

Related Solutions

#4
April 2, 2012 at 11:55:15
Yes in safe mode the mouse right click on everything and everything seems fine. In normal mode it right click on files in the file explorer. As I tried to describe it it seems that my desktop is hidden by its background, as I can see the icons (and task manager that I wanted to open before) when I boot and turn off the computer, but it's probably worse than that.

Other thing: after the failed restoration we tried again normal mode. It has gotten worse as I had a white screen saying that the police and that france's minister of defense (I'm french) blocked my computer because I outpass the law . This message is written in very bad french with wrong spelling of some words, etc. It's asking me to pay 100 euros on UKASH.COM (!) What is this joke? :)

Thank you guys for your help, much appreciated


Report •

#5
April 2, 2012 at 11:56:47
I am now doing a scan in Safe Mode. 41% completed.

Report •

#6
April 2, 2012 at 12:08:24
Not a joke, something viral.

After your scan, download, install, update and run the freebie MalwareBytes, as it can often find and fix these sort of things. Best to Save the download as a file somewhere (rather than Running it), then double click it to install. If it won't install or run, download the file on another computer and copy it onto the dud one using a flash drive.

Note also that with MalwareBytes if its "exe" won't run then change the extension to "cmd" or "bat". This applies to both the download and the program exe's.

Always pop back and let us know the outcome - thanks


Report •

#7
April 2, 2012 at 12:14:01
I will do that and keep you informed. Thank you!

Report •

#8
April 2, 2012 at 13:52:35
Ok so another problème adds up to the thing: the file explorer which showed up after booting before, doesn't show up anymore.

I downloaded Malwarebytes and putted it on a SD Card but do you have a way to transfer the file without a file explorer? I tried to call it with the shortcut Win+E but error message: explorer won't launch...


Report •

#9
April 2, 2012 at 14:45:11
Not sure what you mean by "file explorer". Do you mean "Computer" (where your drives show up)? If not you could use that.

Always pop back and let us know the outcome - thanks


Report •

#10
April 2, 2012 at 14:49:12
I indeed mean Computer, the "browser" in windows that lets you explore your drives, my documents, configuration panel, etc.

Thank you again Derek.


Report •

#11
April 2, 2012 at 14:55:37
Oh dear. I think this nasty has messed things up quite badly, putting us between a rock and a hard place. Even if MalwareBytes (or anything else) removes this virus it looks like it will still leave your system with various things not working.

I wonder if you could do System Restore from Safe Mode? Accepted that might have been disabled too by this "thing". The other possibility is that it has copied itself to restore but only trying it will tell (if it lets us).

EDIT:
My server has just decided to keep failing, so lets hope we can keep comms going.


Always pop back and let us know the outcome - thanks


Report •

#12
April 2, 2012 at 15:04:43
That's embarrassing... I actually already tried System Restore in safe mode (i have a restore point on March 30), and it crashed with blue screen... Tried it two times, and it crashed the two times...

Report •

#13
April 2, 2012 at 15:09:05
Unless anyone else comes along with a better idea I think we might be talking about some sort of restore. Have you got a manufacturer's restore disk?

I know this is not what you want to hear but if you go that way there are ways to get your important stuff off onto a flash drive first without using Windows. You create a Linux Live CD (such as Puppy Linux) on another computer, then set your CD drive in BIOS ahead of the C drive, then boot with the Linux CD in the drive. You will be able to access the HD but it is not used by these Live Linux CD's at all (just the CD & RAM). You then drag and drop your files to a flash drive.

The other ways to access your data are using a "Heren's boot disk" or "Barts PE" but I haven't used either for years so won't be able to help much.

Always pop back and let us know the outcome - thanks


Report •

#14
April 2, 2012 at 15:24:30
Mmh well so I think I will have to format as I don't think I even have a manufacture's restore disk... have to check it though.

I will expose the problem to a computer specialist friend of mine on Wednesday and will show him your message. If I want to save some files I can do it with Safe Mode I think. I also have some of it on Dropbox so I hope they won't be affected.


Until then if someone has an other idea I'd be very glad to read about it :)


Report •

#15
April 2, 2012 at 15:29:14
Yes, a bit of "hands-on" might help.

Not sure how you will save files through Safe Mode unless you can access Windows Explorer from there. In which case you should be able to run MalwareBytes from there too, although if your computer is messed up badly it could still leave you in trouble.

Always pop back and let us know the outcome - thanks


Report •

#16
April 2, 2012 at 15:44:46
Sorry I don't know where I had my mind: Safe Mode runs well! It is just the system restore that crashed with blue screen.

I also just realized something, look at this: I shut down the computer by pressing ctrl/alt/del and selecting shut down; then Seven puts a darker screen and says "please wait while these programs are closing" etc. ; so I just canceled the shutting down at that point and I can see now my desktop.
Here I can see the icons, the Task manager I called before, as well as several "Computer" windows that I called by pressing Win+E, but that I couldn't see before.
There is also an error message saying the following : "error in C:\Users\CLM~1\AppData\Local\Temp\ch810.exe missing entry : NameFunEx"

I will then put the Safe Mode and try to run MalwareBytes.
I also hope it is not too harmful to read my english!! Will keep you informed about what MB says.


Report •

#17
April 2, 2012 at 15:53:44
Oh, maybe its not as grim as I thought. Yes, go ahead with MalwareBytes in Safe Mode - I now feel a bit more confident.

If you get stuck with nothing more than an annoying startup entry I'm sure we can get shot of that.

I'd noticed nothing much wrong with your English so don't worry about that.

Always pop back and let us know the outcome - thanks


Report •

#18
April 2, 2012 at 15:56:36
Other bad news : Safe Mode doesn't launch anymore... it stops everything after loading DRIVERS\CLASSPNP.SYS

I will try to launch MalwaresByte in normal mode with the process I just described two posts before.


Report •

#19
April 2, 2012 at 16:01:19
✔ Best Answer
OK.

Looks like this is the Bundespolizei Virus (federal police).

If you put the file name "ch810.exe" in Google there are a lot of hits (all in German).
My German is only conversational so it won't help much, and the translators are often difficult to understand.

EDIT:
Some English hits in Google using the string "Bundespolizei Virus" - some even from this website. Sounds like a tricky one although MalwareBytes can get it if you are able to run it. Otherwise it means diving into the registry which is fine if you are familiar in that area, risky if you are not. Seems as if you can get shot of it fairly easily once it is weakened.

Apart from anything in Google there is a program called Rkill. If you can get that to run it kills running viral processes. You then "leave Rkill running" and try MalwareBytes again - or whatever else you care to throw at it.

Always pop back and let us know the outcome - thanks


Report •

#20
April 2, 2012 at 16:18:06
Ok, I think it's exactly what happened to me. It is also known in France as "virus gendarmerie" and also gives some hits on Google.

The process to heal it seems quite complicated though, but I think I could do it on wednesday with the help of my friend.

I am running Malwarebytes (in windows normal mode) for a complete scan. It has already detected one element. Will wait for the scan to end and keep you informed...


Report •

#21
April 2, 2012 at 16:20:00
Sounds good - trust you picked up my edits in #19 (Rkill etc).

Sadly my French is almost non-existent.

Always pop back and let us know the outcome - thanks


Report •

#22
April 2, 2012 at 17:12:12
Yes I saw your edits in #19. I don't read anything about Rkill in the solutions they give on the french website malekal.com but a lot of what they say here goes through Safe Mode, or with Kaspersky Live Cd, or also by editing the registry. If the Safe Mode doesn't work it will probably be hard to apply these solutions so I think I will be going for yours with Rkill.

I am still waiting for Malwarebytes to complete the scan, 31 elements detected until now.


Report •

#23
April 2, 2012 at 17:19:51
I think there is a fair chance that MalwareBytes will get shot of it, or at the very least knock it for six in a big way. After that I doubt you will need Rkill.

Good idea to keep MWB onboard and update it about once a week. It can come in very handy.

Always pop back and let us know the outcome - thanks


Report •

#24
April 2, 2012 at 19:13:44
Ok so as you expected, it seems Malwarebytes solved the problem! I now have my desktop again and Chrome runs smoothly.

However I still had the error message about ch810.exe, I will try to clean this later I think.

Thank you a lot Derek for the time you spent diggin on this problem! I guess I will have to check my software updates and do some cleaning on my computer :-)


Report •

#25
April 3, 2012 at 06:55:20
Consider removing any registry entries mentioned on websites "if you are comfortable doing so".

Another approach is to use CCleaner Lite. This is worth having onboard as it clears unecessary files out of the system and it also has a registry cleaner. I'm not keen on letting registry cleaners remove everything they show (they don't always get it right) but if you uncheck everything it finds except that which you are certain is remnants of this nasty you will be OK.

If the error message still shows type msconfig in the Run box and see if ch810.exe shows in the Startup tab. If you find it and uncheck it there it should at least get rid of the "symptoms".

Anyway, its good news and I've been glad to help. I'm from the UK so this bit of interactivity nicely disproves any myths about UK and France not being able to cooperate together.

Always pop back and let us know the outcome - thanks


Report •

Ask Question