Not able to open windows explorer

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by d0yle, Mar 26, 2005.

  1. d0yle

    d0yle Private E-2

    I can't open any files including My COmputer, My Documents, Recyling Bin or even open a compressed folder. Since Hijack is not recommended to be ran through the desktop what should I do? There is no way for me to open anything in Windows Explorer without receiving an error message. Any help would be appreciated, and thanks in advance.
     
  2. seaside

    seaside Corporal

    hi guy you have to do all the stickys relevent to your problem first
     
  3. d0yle

    d0yle Private E-2

    which sticky are you referring to? It said not to install Hijack This to my desktop, which is all I can access at this time
     
  4. seaside

    seaside Corporal

    do you have the hijack this zip
     
  5. seaside

    seaside Corporal

    : READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal
     
  6. d0yle

    d0yle Private E-2


    right.. ok.. I did that months ago, and it did nothing to repair my problem with not being able to open Windows Explorer.

    It says in the above post to not install it to my desktop... which is all I can access
     
  7. seaside

    seaside Corporal

    you do not say if you download the zip file to your desktop what happens when you try to unzipit to a fresh location like c new folder (call it hijack)
    have you tried this
     
  8. d0yle

    d0yle Private E-2

    I can install it to my hard drive, but there is no way to acess the folder, because Windows Explorer won't open.
     
  9. d0yle

    d0yle Private E-2

    ok I figured out a way to install the program and open it... what am I supposed to do now... my only symptom is merely that I cannot open my Windows Explorer, making it almost impossible to access anything
     
  10. seaside

    seaside Corporal

    run your hijack and post a log one of the nice guys will help you out
     
  11. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    • Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT
    • Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the ZIP file.
    • Before running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.
    • Run HijackThis and save your log file.
    • Post your log as an ATTACHMENT to your next post. (Do NOT copy/paste the log into your post).

     
  12. d0yle

    d0yle Private E-2

    Thank you
     

    Attached Files:

  13. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    Allow me a moment to analyze your log and post you a fix.
     
  14. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    First go to Control Panel's Add/Remove programs and uninstall the following if found:
    LimeWire <--- Limewire contains spyware/adware and should be uninstalled. See: http://www.spywareinfo.com/articles/p2p/
    WeatherBug
    Viewpoint or Viewpoint Manager <-- stuff from AOL that almost no one needs or ever uses.
    WildTangent ot WildTangent CDA <-- more AOL junk
    VBouncer or VirtualBouncer
    MySearch or MySearchBar or MyWay <-- uninstall all of these if found
    AutoUpdate

    Disable SpybotSD TeaTimer because it could interfere with some of the cleanup process.
    To disable TeaTimer, run Spybot and click Mode and select Advanced Mode. Then click Tools and select Resident. Now in the right window pane, uncheck TeaTimer. Also while this is open, in the left column now select IE Tweaks and then in the right pane make sure all the Miscellaneous locks are unchecked. Now quit Spybot!


    Do you want the below Start and Search page settings? If not, add them to the list below of items to fix with HJT.
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://channels.aimtoday.com/search/aimtoolbar.jsp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://aimhome.netscape.com/aimhome.adp
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://channels.aimtoday.com/search/aimtoolbar.jsp
    If you are using WinXP or WinMe, make sure you have system restore disabled (per the tutorial).
    For all OS types, make sure viewing of hidden files is enabled (per the tutorial).

    Please run HijackThis and click on the "Open the Misc Tools Section" button on the open page. Then select "Open process manager" on the left-hand side. Look for the following process (or processes) and one at a time kill them by selecting it and then click "Kill process". Then click yes.
    C:\WINDOWS\system32\mamgnt.exe
    C:\PROGRA~1\AWS\WEATHE~1\Weather.EXE

    After killing all the above processes, click "Back".
    Then please click "Scan" and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    R3 - Default URLSearchHook is missing
    O2 - BHO: (no name) - {00000000-0000-0000-0000-000000002230} - (no file)
    O2 - BHO: BTGrabObj Class - {00000000-F09C-02B4-6EC2-AD0300000000} - C:\WINDOWS\BTGrab.dll
    O2 - BHO: My Search BHO - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL
    O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - (no file)
    O2 - BHO: (no name) - {017C20C1-F86F-11D8-9B25-000ACD002AE3} - C:\WINDOWS\Helper101.dll
    O2 - BHO: (no name) - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - (no file)
    O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
    O2 - BHO: (no name) - {6A6E50DC-BFA8-4B40-AB1B-159E03E829FD} - (no file)
    O2 - BHO: SDWin32 Class - {90133ED4-D3FD-4713-BBFB-F5D7F9958C55} - C:\WINDOWS\System32\fjori.dll
    O2 - BHO: SDWin32 Class - {9D1111D7-9698-436D-8270-55E88BC66EC4} - C:\WINDOWS\System32\zrgig.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O4 - HKLM\..\Run: [tnFf37g] jgmnstnt.exe
    O4 - HKLM\..\Run: [CSV10P70] C:\Program Files\CSBB\CSv10P070.exe
    O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
    O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBouncer\VirtualBouncer.exe
    O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
    O4 - HKCU\..\Run: [cCwpRXM5h] mamgnt.exe
    O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.EXE 1
    O4 - Global Startup: LimeWire 4.0.8.lnk = C:\Program Files\LimeWire\LimeWire 4.0.8\LimeWire.exe
    O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)

    After clicking Fix, exit HJT.

    Boot into safe mode and use Windows Explorer to delete:
    C:\Program Files\AWS\WeatherBug <-- the whole folder
    C:\Program Files\LimeWire <-- the whole folder
    C:\Program Files\WildTangent <-- the whole folder
    C:\Program Files\VBouncer <-- the whole folder
    C:\Program Files\AutoUpdate <-- the whole folder
    C:\Program Files\CSBB <-- the whole folder
    C:\Program Files\MySearch <-- the whole folder
    C:\WINDOWS\BTGrab.dll
    C:\WINDOWS\Helper101.dll
    C:\WINDOWS\System32\fjori.dll
    C:\WINDOWS\System32\zrgig.dll
    C:\WINDOWS\system32\mamgnt.exe
    C:\WINDOWS\system32\jgmnstnt.exe

    If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. If it is, uncheck it and try again. Other wise open Task Manager and kill the process if running then delete the file. Let me know if you had any problems finding or deleting these files (especially if Windows Explorer will still not run).

    Now run Ccleaner (installed while running the READ ME FIRST).
    Now reboot in normal mode and post a new HJT log. And tell us how things are working.
     
  15. d0yle

    d0yle Private E-2

    thanks a ton, everything works peachy now
     
  16. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome, but you should still post the follow up HJT log as requested so we can be sure we got everything.
     
  17. bjgarrick

    bjgarrick MajorGeeks Admin - Malware Expert

    Thanks for picking up on this Chas! I had to run out for a bit!
     
  18. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    No problem! Keep an eye out for the follow up. I'm popping in and out today. Have company for Easter.
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds