Explorer wont work as it should after a virus removal

Hi there,

Hope this is the right area for me to post as its my first time posting here.

Ok, i had a nasty infection(fake antivirus) a few weeks ago which i managed to get rid of but have a bit of a pain to clean up after it.
I have cleaned up most of the damage but the only thing that remains is beyond me.

Basically the biggest damage was done when the virus infected my explorer.exe and the winlogon.exe.
This os is Windows 7 by the way.

I managed to get clean files back on there after removing the rest of the infection, but since then if i click on Start > Computer it will open another program on my system instead(fileseek). Same goes for Control panel, Devices and Printers, Default programs, Documents and anything that should use explorer in the shell.
Basically its as though where ever explorer.exe is called the .exe for fileseek is being called instead.

I have tried Ccleaner to see if this will fix it in the registry but no go. Same with Registry Mechanic.

Only way i could get to anything in the control panel or anything else is to use the Windows 7 Godmode(seems to be the common name for it) hack and go through those links. This is after i managed to create a shortcut to the explorer.exe and set that to start at login.

Also tried restoring anything i can back to default in windows(default programs, file types etc) but this did not help.

So i have my work around but this is still quite frustrating as i keep running into things i cant do because of this.
I dont have any restore points as i deleted those tackling the infection.

Hope my description makes sense to what is happening and someone could point me in the right direction.
So far my google searches have failed me and cant find anything to fix this.

More then happy to provide any info required to help solve this. Just let me know what you need.

Cheers,
Mike

 

Also just tried uninstalling FileSeek in hope that windows will ask me what program it should be calling on. Instead assigned Computer management automatically.
So now when wanting to launch Computer or anything from the right hand side of the Windows 7 start menu it will bring up Computer management.

Hope this helps...

 

check on this reg key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
make sure shell and userinit has the right value

 

Hi there and welcome to the forums sli1, i know you may have already been working hard at it to get yourself back to normal but i would say your first port of call in these forums would be to click on this link http://forums.majorgeeks.com/showthread.php?t=208809 follow all the instructions to the full and then post back with your logs into the malware forum, as you still have issues within your system !

 

Thanks for your reply

Userinit is pointing to the userinit.exe in the system32 folder.
Shell is just pointing to Explorer.exe

I have just entered the userinit.exe in the start searchbox and came up with a fresh explorer window.

The explorer.exe did the same thing, and it worked the same(this was restored during my battle to get back to normal as i had lost the ability to do this at first).

 

Hi rustyjack,

I might give that a go...
I have read through those in the past to get me out of trouble(with great success) but i guess its come time and i need to post in there now hehehe.

Cheers

 

The system file check might correct some of the problems. Try running sfc /scannow from an administrator command prompt.

 

Hi holiday.

Thanks for the suggestion. Tried it and got the following result:
Windows Resource Protection did not find any integrity violations.


Cheers

 

Hi Fitnessbuff1975,

I have been thinking along the same lines of its a windows fault but caused by the original infection. Left over damage.
Im currently going through the Malware FAQ process in the link given below even though i have already done most of those steps in pretty much the same sequence(have removed many variants from client PC's).

Picked up a few left overs and collecting the logs for the post in the malware area.
Only thing im not sure about is how effective these logs will be as i have already gone through most of that, done scans as mentioned below and most of the logs could possibly be already over written with teh fresh ones not showing what they possibly should.

I know the easiest way out is to start fresh and a good opportunity to refresh everything but time around i need to make an exception...

See what happens

Cheers

 

Go into the browser's Internet Options, select the Advanced Tab, and Reset Internet Explorer's Settings.

Most likely, this will get your browser back to normal. Malware can do ALOT of funny things to IE's settings.

 

Hi the_mechanic and thanks for your response.

This is something i have tried as along shot already but being an issue with Windows explorer and not Internet Explorer it didnt work


Cheers