Desktop Icons don't work/Re-Directs to spam websites

November 16, 2012 at 19:53:54
Specs: Vista
What the hell is going on here? When I boot up my computer in normal mode I click icons and they don't respond. On top of that, when I just simply right click on my desktop, it takes forever to load it. I open up task manager, close programs and everything on my desktop simply disappears. When browsing in safe-mode looking for a solution, I get re-directed to random ass websites. On top of ALL THAT crap, I get connection untrusted notifications when trying to access websites like facebook and twitter. Jesus. I am NOT computer saavy in the least so I don't know man. If anyone can help me fix this, that would be AMAZING. I have a powerpoint presentation I have to finish.

See More: Desktop Icons dont work/Re-Directs to spam websites

Report •

November 17, 2012 at 10:11:44
Go to the link below. Download and install Malwarebytes free version. Allow it to update it's database. Run a deep scan and see what it finds.

Report •

November 17, 2012 at 11:12:18
"What the hell is going on here?"

Almost certainly a virus - mostly caused by unsafe browsing or inadequate virus protection.

Start with suggestion #1 - free version is fine.
May I suggest you use the following link instead of the one already given because
that redirects you to CNet for the free version. I've found CNet try to lumber you
with downloader programs and other unwanted goodies:

Always pop back and let us know the outcome - thanks

Report •

November 17, 2012 at 12:34:39
Okay, I've had Malwarebytes from past experiences, maybe I haven't been using it right. Anywho, just started to run a "full scan" and will report back with the findings. Thanks for helping me get off the ground running here, guys.

I think one of the biggest things was like when I reboot after running and finding the viruses, do I delete them or like store to chest or whatever? I was kinda unclear with all that.

Report •

Related Solutions

November 17, 2012 at 13:52:32
You can never go wrong with quarantine. The reason for this feature is that on rare occasions valid system files get infected, so if they were deleted you could stop Windows rebooting next time. With those you ultimately replace the file with a good one.

Mostly the above situation is rare so deleting is in order. Sometimes virus files are given valid windows names but put in the wrong place. Where they are located can make all the difference to whether or not they are likely to be viral..

Always pop back and let us know the outcome - thanks

Report •

November 17, 2012 at 14:19:06
I see.

And even as I'm typing this response I get re-directed -_-

Here are my results

Malwarebytes Anti-Malware

Database version: v2012.11.17.05

Windows Vista Service Pack 2 x64 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
Brandon :: KOBE [administrator]

11/17/2012 12:33:20 PM
mbam-log-2012-11-17 (12-33-20).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 483337
Time elapsed: 1 hour(s), 28 minute(s), 38 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 28
C:\Windows\Installer\{1716a8e8-c32d-fa0e-7ee4-afe2e23987f3}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.
C:\Windows\Installer\{1716a8e8-c32d-fa0e-7ee4-afe2e23987f3}\U\000000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Windows\Installer\{1716a8e8-c32d-fa0e-7ee4-afe2e23987f3}\U\80000032.@ (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Windows\Installer\{1716a8e8-c32d-fa0e-7ee4-afe2e23987f3}\U\trz163.tmp (Rootkit.0Access.64) -> Quarantined and deleted successfully.
C:\Windows\Installer\{1716a8e8-c32d-fa0e-7ee4-afe2e23987f3}\U\trz27EA.tmp (Rootkit.0Access.64) -> Quarantined and deleted successfully.
C:\Windows\Installer\{1716a8e8-c32d-fa0e-7ee4-afe2e23987f3}\U\trz2823.tmp (Rootkit.0Access.64) -> Quarantined and deleted successfully.
C:\Windows\Installer\{1716a8e8-c32d-fa0e-7ee4-afe2e23987f3}\U\trz292B.tmp (Rootkit.0Access.64) -> Quarantined and deleted successfully.
C:\Windows\Installer\{1716a8e8-c32d-fa0e-7ee4-afe2e23987f3}\U\trz2A69.tmp (Rootkit.0Access.64) -> Quarantined and deleted successfully.
C:\Windows\Installer\{1716a8e8-c32d-fa0e-7ee4-afe2e23987f3}\U\trz3096.tmp (Rootkit.0Access.64) -> Quarantined and deleted successfully.
C:\Windows\Installer\{1716a8e8-c32d-fa0e-7ee4-afe2e23987f3}\U\trz420E.tmp (Rootkit.0Access.64) -> Quarantined and deleted successfully.
C:\Windows\Installer\{1716a8e8-c32d-fa0e-7ee4-afe2e23987f3}\U\trz50FB.tmp (Rootkit.0Access.64) -> Quarantined and deleted successfully.
C:\Windows\Installer\{1716a8e8-c32d-fa0e-7ee4-afe2e23987f3}\U\trz547D.tmp (Rootkit.0Access.64) -> Quarantined and deleted successfully.
C:\Windows\Installer\{1716a8e8-c32d-fa0e-7ee4-afe2e23987f3}\U\trz5FF0.tmp (Rootkit.0Access.64) -> Quarantined and deleted successfully.
C:\Windows\Installer\{1716a8e8-c32d-fa0e-7ee4-afe2e23987f3}\U\trz6BEB.tmp (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Windows\Installer\{1716a8e8-c32d-fa0e-7ee4-afe2e23987f3}\U\trz7BA8.tmp (Rootkit.0Access.64) -> Quarantined and deleted successfully.
C:\Windows\Installer\{1716a8e8-c32d-fa0e-7ee4-afe2e23987f3}\U\trz7D69.tmp (Rootkit.0Access.64) -> Quarantined and deleted successfully.
C:\Windows\Installer\{1716a8e8-c32d-fa0e-7ee4-afe2e23987f3}\U\trz89A4.tmp (Rootkit.0Access.64) -> Quarantined and deleted successfully.
C:\Windows\Installer\{1716a8e8-c32d-fa0e-7ee4-afe2e23987f3}\U\trz8E1E.tmp (Rootkit.0Access.64) -> Quarantined and deleted successfully.
C:\Windows\Installer\{1716a8e8-c32d-fa0e-7ee4-afe2e23987f3}\U\trz926.tmp (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Windows\Installer\{1716a8e8-c32d-fa0e-7ee4-afe2e23987f3}\U\trz9D4D.tmp (Rootkit.0Access.64) -> Quarantined and deleted successfully.
C:\Windows\Installer\{1716a8e8-c32d-fa0e-7ee4-afe2e23987f3}\U\trz9DA3.tmp (Rootkit.0Access.64) -> Quarantined and deleted successfully.
C:\Windows\Installer\{1716a8e8-c32d-fa0e-7ee4-afe2e23987f3}\U\trzB223.tmp (Rootkit.0Access.64) -> Quarantined and deleted successfully.
C:\Windows\Installer\{1716a8e8-c32d-fa0e-7ee4-afe2e23987f3}\U\trzB581.tmp (Rootkit.0Access.64) -> Quarantined and deleted successfully.
C:\Windows\Installer\{1716a8e8-c32d-fa0e-7ee4-afe2e23987f3}\U\trzBF1A.tmp (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Windows\Installer\{1716a8e8-c32d-fa0e-7ee4-afe2e23987f3}\U\trzC601.tmp (Rootkit.0Access.64) -> Quarantined and deleted successfully.
C:\Windows\Installer\{1716a8e8-c32d-fa0e-7ee4-afe2e23987f3}\U\trzE2BF.tmp (Rootkit.0Access.64) -> Quarantined and deleted successfully.
C:\Windows\Installer\{1716a8e8-c32d-fa0e-7ee4-afe2e23987f3}\U\trzE3BA.tmp (Rootkit.0Access.64) -> Quarantined and deleted successfully.
C:\Windows\Installer\{1716a8e8-c32d-fa0e-7ee4-afe2e23987f3}\U\trzFB3B.tmp (Rootkit.0Access.64) -> Quarantined and deleted successfully.


Restarted and everything is still running extremely sluggish.. sigh. Is avast! a virus? Don't recall installing that. Are there any precautionary measures I can install to prevent things like this from happening again?

Report •

November 17, 2012 at 14:31:47
Okay so avast! keeps giving me pop ups saying malware blocked and to finish the clean up process it recommends a boot time scan and all this crap. Geez.. how can I get infected already with whatever trojans when all I did was go on lol

Report •

November 17, 2012 at 14:55:59
Zero Access can be nasty. I would download and run combo fix. Disable avast before you run it and let it finish. Let it update if it wants to, and there are a few prompts to agree to, but that should help you out.

also in your browser, select "tools" "internet options" and under the "advanced" tab bottom option is to "reset internet explorer", that may help as well if you use IE.

Report •

November 17, 2012 at 15:44:24
downloaded and ran and don't understand how it works. It scanned and went to "On-Access Scan Messages"

Name- nir.pif
firefox.exe and status says deleted? so I just close window after that and I'm done?

Also still getting "Untrusted Connection" notices when I try to go on a site like youtube. I click understand the risks and it then gives me this message: Invalid URL
The requested URL "/", is invalid.

Reference #9.2d200e6b.1353207686.158c481b

Report •

November 21, 2012 at 12:48:24
Does anyone have any tips on how to get rid of zero access? I dont know how to mess with registry files and all that. Please help..

Report •

November 21, 2012 at 13:22:56
Re #9

It's a complex virus that gets everywhere in your computer
(including the registry of-course).

This is about as simple as it gets:

If that's too tricky then the only answer is to get hands-on assistance.

Always pop back and let us know the outcome - thanks

Report •

November 21, 2012 at 16:07:53
wow this thing is nuts..

Report •

November 21, 2012 at 16:52:15
Yep, it's a bad one.

In your shoes I would knock up a Linux Live CD on another computer. This will enable you to get your important stuff off onto a flash drive. I use Puppy Linux 4.3 for that as it is simple and sufficient for this use. You have to put your CD/DVD drive ahead of the hard disk in BIOS and then power on with it in the drive. Once Linux arrives you can drag and drop stuff from your own HD folders onto the flash drive. I can help with this if you go that way.

Then you can either follow the procedure given in the link at #9, or if it comes to the crunch you can format and re-install Windows or do a factory restore (if available on your computer). Your important stuff can be put back once the system is clean.

You will see that folk have managed to sort it out using that link.

Otherwise it's get your local tech to sort it, but you would still be advised to get your important stuff off first because they often don't worry too much about that. Mostly they re-install the whole system.

Always pop back and let us know the outcome - thanks

Report •

Ask Question