Desktop files no longer opening- help?

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by kareri, Feb 9, 2006.

  1. kareri

    kareri Private E-2

    Hi,

    I'm wondering if there's still hope for my computer. I have a Dell Inspiron 8000, running XP home edition. It was top of the line in 2001 but I'm not sure of specifics. My hard drive has died 3 times over the past three or four years, and the last time was just before my warranty was up so Dell sent me another refurbished one, but I had to re-install everything myself. I did so, but I think somehow I managed to render my computer really vulnerable to spyware. In May I got a virus called TVS.exe (I think) that Norton couldn't delete or quarantine, and around that time I had to stop using IE because the quantity of popups would freeze my computer. I installed Netscape instead and things were going okay for awhile... I ran it in safe mode occasionally and manually deleted spyware and trojans I found, because whatever installed itself on my computer also disabled my Spybot, Norton antivirus and popup blocker.

    About two months ago I became innundated with a ton of malware, I guess? At this point I've been trying to read your threads from work and tried to run Hijack This last night on my laptop-- but I can't open or run anything anymore off my computer's desktop and/or control panel. Files, programs, all of it. When I try, it restarts the desktop - doesn't reboot the whole computer, just reloads my desktop and an IE "send error report" jumps up. I can't afford to take my computer in to someone to have them look at it, and it has all of my papers from college on it -- because folders won't open, I can't backup the system.

    Is there anything I can do?
     
  2. Shadow_Puter_Dude

    Shadow_Puter_Dude MG Authorized Malware Fighter

    Welcome to MajorGeeks.com, please follow the steps below:

    - Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
    • Make sure you check version numbers and get all updates.
    After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis:

    Downloading, Installing, and Running HijackThis
     
  3. kareri

    kareri Private E-2

    Thanks--

    I guess I'll just break this down by steps.

    0. Can't open add/remove programs because I can't open my start menu while not in safe mode. While in safe mode, computer wouldn't let me uninstall programs, either.
    1. System restore disabled after running all of the scans.
    2. same thing.
    3. antivirus software is not running/but cannot be removed because of #0.
    4-5. Ccleaner came up with about 11MB of things to delete
    Microsoft windows malicious software did not find anything.
    Ad-Aware SE cleaned up a very large amount of files & viruses.
    Spybot Search & Destroy froze up while in safe mode and won't run.
    Microsoft Antispyware, same thing - it begins, then gets stuck on a virus that freezes up the program; it froze around just under 50,000 instances of one virus, so I'm not sure if that's a glitch. (Dear god I hope it is!)
    CWShredder: found nothing
    Kill2Me: ran.

    6. Have attached both bitdefender and ActiveScan logs.
    7. Cannot run HijackThis, even while in safe mode. It freezes while in mid-scan.


    I'm not sure what to do next.... if you wouldn't mind helping me, I'd appreciate it so much. I'm not a idiot, but not particularly knowledgeable so hopefully I did everything correctly. I was able to get updates, though - after downloading the software programs, I was able to open the folder and install them while I had my taskmanager up and was simultaneously ending programs I knew to be spyware. That seemed to help. Please do let me know if I missed something or if I should try something different.

    Thanks,
    Karin
     

    Attached Files:

  4. Shadow_Puter_Dude

    Shadow_Puter_Dude MG Authorized Malware Fighter

    Download
    - Pocket Killbox
    - ExplorerXP

    Now run Pocket Killbox:

    Choose Tools -> Delete Temp Files and click the RED X.

    Run Killbox.exe. Paste the below filenames into KILL BOX one at a time. Check mark the box that says "Delete on Reboot" and checkmark the box "Unregister DLL" (If available) Click the RED X and it will ask you to confirm the file for deletion…say YES and when the next box opens prompting you to reboot now...click NO...and proceed with the next file. Once you get to the last one click YES and it will reboot. Note many of the file list below may not exist but we need to check for them anyway.
    If Killbox does not reboot or you get a Pending Operations type error message just reboot your PC yourself.


    Now boot into SAFE MODE

    Open ExplorerXP navigate to and DELETE the following: (Some of these may have already been deleted by Pocket Killbox)
    Now run CCleaner. If you have Windows XP delete the contents of C:\WINDOWS\Prefetch.

    Then, as an added precaution, Go to Start -> Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
    Temporary Files
    Temporary Internet Files
    Recycle Bin


    And Click OK.

    REBOOT to Normal Mode.Here are a couple of steps to try and run HijackThis. Follow them in order. If one step doesn't work, continue to the next step:

    Step # 1

    Rename HijackThis.exe to H.exe. Try a scan. If it works, post the log back here. If not, proceed to the next step.

    Step # 2

    Go to this link and download the 1.98.2 version of HijackThis.exe: http://www.merijn.org/files/hijackthis1982.zip

    Try a scan. If it works, post the log back here. If not, proceed to the next step.

    Step # 3

    Click here and download Itty Bitty Process Manager (IBProcMan.zip): http://www.merijn.org/files/ibprocman.zip

    Unzip it to it's own directory and try running it - it will provide a 'taskmanager' like process viewer in which you can stop running processes. Don't stop any yet, just list all that it has so I can check them and give advice. Post the list back here.
     
  5. kareri

    kareri Private E-2

    Internet no longer working

    I entered the files one by one into killbox, and got an error but rebooted myself. Then I went into safe mode and found with explorerXP the remaining files in the list and deleted those.

    I restarted into normal mode and tried to run HijackThis but it froze again - I then went to download the other version of HijackThis and discovered I can't get online anymore. My wireless card is working fine and says I'm connected to our modem, but neither Netscape nor Internet Explorer will load any web pages - I'm not sending nor receiving information via the internet. The problem's not with our modem; I'm on the network on another house computer.

    I do get an error message when I restart my computer: Error loading cfgmgr.dll, The specified module could not be found. Safe mode with networking didn't help, either. Somehow my printer's also no longer installed on my computer. I'm not sure what happened in the process of following your directions, so any help would be greatly appreciated. Thanks!
     
  6. Shadow_Puter_Dude

    Shadow_Puter_Dude MG Authorized Malware Fighter

    You may have to reinstal some drivers for your hardware.

    Download the tools you need using the other computer, burn them to CD and transfer to the infected computer.

    I really need a HijackThis log.
     
  7. kareri

    kareri Private E-2

    Reinstalling my printer won't be a problem, but I don't know why my internet would be disabled. I can try to download the other program off of my roommate's computer, but it would be a lot easier to do it from mine if you might have any idea how to restore my internet access.

    Thanks.
     
  8. Shadow_Puter_Dude

    Shadow_Puter_Dude MG Authorized Malware Fighter

  9. kareri

    kareri Private E-2

    Using IBProcMan, this is what it shows when run:

    Process list saved on 5:27:57 PM, on 2/11/2006
    Platform: WinNT 5.01.2600 SP1

    [pid] [full path to filename] [file version] [company name]
    408 C:\WINDOWS\System32\smss.exe 5.1.2600.1106 Microsoft Corporation
    484 C:\WINDOWS\system32\winlogon.exe 5.1.2600.1557 Microsoft Corporation
    528 C:\WINDOWS\system32\services.exe 5.1.2600.0 Microsoft Corporation
    540 C:\WINDOWS\system32\lsass.exe 5.1.2600.1106 Microsoft Corporation
    704 C:\WINDOWS\system32\svchost.exe 5.1.2600.0 Microsoft Corporation
    756 C:\WINDOWS\System32\svchost.exe 5.1.2600.0 Microsoft Corporation
    832 C:\WINDOWS\System32\acs.exe
    1404 C:\WINDOWS\Explorer.exe 6.0.2800.1106 Microsoft Corporation
    1460 C:\WINDOWS\System32\Atievxx.exe 5.1.2482.0 Microsoft Corporation
    1480 C:\WINDOWS\System32\CTSvcCDA.EXE 1.0.1.0 Creative Technology Ltd
    1552 C:\WINDOWS\System32\svchost.exe 5.1.2600.0 Microsoft Corporation
    1636 C:\WINDOWS\System32\MsPMSPSv.exe 7.0.0.1954 Microsoft Corporation
    1668 C:\WINDOWS\System32\xl.exe 1.7.0.39
    1772 C:\WINDOWS\System32\hvodlp.exe 1.1.0.8
    148 C:\Program Files\Logitech\iTouch\iTouch.exe 2.22.289.0 Logitech Inc.
    300 C:\Program Files\HP\hpcoretech\hpcmpmgr.exe 2.1.1.0 Hewlett-Packard Company
    312 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe 50.0.146.0 Hewlett-Packard Co.
    332 C:\Program Files\Logitech\MouseWare\system\em_exec.exe 9.79.25.1 Logitech Inc.
    444 C:\WINDOWS\tuifefm.exe 1.0.0.0 System Service
    460 C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe 10.0.3.58 Musicmatch, Inc.
    664 C:\Program Files\AIM\aim.exe 5.9.3690.0 America Online, Inc.
    696 C:\Program Files\Messenger\msmsgs.exe 4.7.0.41 Microsoft Corporation
    948 C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe 10.0.3.58 Musicmatch, Inc.
    2652 C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.EXE 1.1.0.0 Creative Technology Ltd
    2744 C:\Program Files\Netscape\Netscape Browser\netscape.exe 0.5.0.0 Netscape
    2836 C:\Program Files\D-Link\AirPlus G Wireless Adapter Utility\AirPlus.exe 3.0.7.0 D-Link
    2852 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe 43.1.5.0 Hewlett-Packard Co.
    3032 C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe 43.1.5.0 Hewlett-Packard Co.
    1520 C:\Documents and Settings\Karin Power\Local Settings\Temp\Temporary Directory 1 for ibprocman.zip\IBProcMan.exe 1.4.0.0 Soeperman Enterprises Ltd.
    1300 C:\Documents and Settings\Karin Power\Local Settings\Temp\Temporary Directory 2 for ibprocman.zip\IBProcMan.exe 1.4.0.0 Soeperman Enterprises Ltd.

    Winsock has seemed to fix the problem with my internet. I am also able to run the earlier version of HijackThis, but I'm not sure how to copy the file into a message and not as an attachment - I tried to open the log after saving it, but it won't open properly.

    Thanks so much for your help so far.
     
  10. Shadow_Puter_Dude

    Shadow_Puter_Dude MG Authorized Malware Fighter

    Follow the directions for Running Spy Sweeper. Make sure you update teh definitions before runnoing the scan

    Post the SpySweeper log when finished. After you run HijackThis 1.98.2 click save log and save it to your desktop. Then post it as an attachment.
     
  11. kareri

    kareri Private E-2

    logs

    I can't get the hijackthis log to attach - I'll try again after work this evening. In the meantime, it took a few days, but I got spy sweeper to run properly and have attached that log.
     

    Attached Files:

  12. Shadow_Puter_Dude

    Shadow_Puter_Dude MG Authorized Malware Fighter

    Make sure the file extension is either txt or log, that you aren't using the same filename, add a blank line to the log if necessary, then attach the log. If the log is too large then zip the log and attach it.
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds