Malware and possible virus removal help

Working on a friend computer to help. Problem having is that windows will load but not able to view/see desktop icons only see background image. I can only access different applications through running task manager. I ran all the scan and some malwares was remove but still not able to get taskbar or desktop icons. Also the screen is not at full view looks as if the screen is 3/4 the size. I ask what was downloaded when things happen and was told that was trying to download a game or something. Please help me. I have attached all files. One thing that didn't seem like it ran was the mgtools. Follow directions to the T, when mgtools ran it started and stop after maybe 3-4 seconds, couldn't catch the error messages that showed in cmd window.

 

there is no mgtools zip file as it didnt run per prev notes.

 

Hi kmac_24,

Please download aswMBR by Avast! to your desktop.

• Double-click aswMBR.exe to run it (Vista and Win7 right-click and select Run as Administrator)
• Select No when asked Would you like to download latest Avast! virus definitions?
• Click the [Scan] button.
  Note: This scan should only take a few seconds to complete.
• On completion of the scan click [Save log], save it to your desktop and attach this log to your next message. (How to attach items to your post)

Please try it again now. There was a problem with the last file. chaslang has corrected this problem. Download and run the new MGtools See if it makes the MGlogs.zip file now. Thanks!

 

Ok I ran both programs again and attached files. MGtools did work. thanks alot on the fix for that. I also took the time and looked in the the alternative and I ran that program thats made Eset to scan for virus and I attached a log for it since it found something also. I installed avast antivirus free program on here and it didn't find a thing. Should i use a different antivirus. I was sure that avast was a real good free one.

 

Please download Unhide by Grinler to your desktop.
Double-click unhide.exe to run it (Vista and Win7 right-click and select Run as Administrator)

Can you see your desktop icons now?

 

Proceed with the below even if Unhide didn't resolve any issues.

Please download Disable/Remove Windows Messenger by Doug Knox to your desktop.
See the download links under this icon:

• Double-click MessengerDisable.exe
• Place a check-mark in Uninstall Windows Messenger
• Click Apply
• Click Exit

Shut down your protection software now to avoid possible conflicts.
Run C:\MGtools\analyse.exe by double-clicking it (Vista and Win7 right-click and select Run as Administrator)
Note: This is actually Trend Micro HiJackThis - v2.0.4
Choose Do a system scan only and select the following lines but do not click fix until you exit all explorer windows and all browser sessions including the one you are reading in right now:

After clicking Fix, exit out of Trend Micro HiJackThis - v2.0.4


Now we need to make use of ComboFix by sUBs

• Make sure that ComboFix.exe that you downloaded while doing the READ & RUN ME is on your desktop but do not run it!
  • If it is not on your desktop, the below will not work.
• Shut down your protection software now (antivirus, antispyware...etc) to avoid possible conflicts.
• Open Notepad and copy/paste the text in the below code box into Notepad:

Code:

[COLOR="DarkRed"]KillAll::[/COLOR]
[COLOR="DarkRed"]File::[/COLOR]
C:\Documents and Settings\Station 2\Local Settings\temp\8jWn25eB.exe.part
[COLOR="DarkRed"]FileLook::[/COLOR]
c:\windows\system32\command.com
[COLOR="DarkRed"]Registry::[/COLOR]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{BBBF39D2-3B6D-4C86-A193-AC2B7E775E4E}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentVersion\RunOnce]
"AvgUninstallURL"=-

• Save the above as CFScript.txt and make sure you save it to the same location (should be on your desktop) as ComboFix.exe
• At this point, you must exit all browsers now before continuing!
• You should have both the ComboFix.exe and CFScript.txt icons on your desktop.
• Now use your mouse to drag CFScript.txt on top of ComboFix.exe.
  
• This shall launch ComboFix.
  Note: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
• Allow ComboFix to update itself if prompted.
• When it finishes, a log will be produced at C:\ComboFix.txt
  Note: If after running ComboFix you discover none of your programs will open up because you receive the following error: Illegal operation attempted on a registry key that has been marked for deletion then you will need to reboot your computer which will normally fix this problem.
• Attach this log to your next message. (How to attach items to your post)

Now install the current version of Sun Java from: Sun Java Runtime Environment

Now run C:\MGtools\GetLogs.bat by double-clicking it (Vista and Win7 right-click and select Run as Administrator)
Then attach C:\MGlogs.zip to your next message. (How to attach items to your post)
Notes:

• This will automatically update all the logs inside MGlogs.zip
• Make sure you click Accept on the License Agreement from Trend Micro HiJackThis - v2.0.4 twice if prompted.

LET ME KNOW HOW THE PC IS RUNNING AFTER YOU HAVE COMPLETED THESE STEPS​

 

will try this and let u know..thanks...

 

I followed everything to a T. Still same results.

 

Reviewed most of your logs, I don't think it's a malware problem.

Can you try this:

While on the desktop.
Right-Mouse click anywhere in the blank space on the desktop
Arrange Icons by >
Make sure Show Desktop Icons is selected.
Look at the below picture for a reference.


Did this help? Was it unchecked?

 

No can't use the mouse for nothing else. No left clicking or right clicking. I've been reading online with others that have had this issue, but haven't found answer yet. I think its a form of trojan or virus.

 

The mouse doesn't work at all? You did all the steps above using keyboard only? What about the CFScript where you had to drag and drop. How did you accomplish this if the mouse doesn't allow you to left click?

 

I followed all your steps..but what I mean is that if i right click or left click i gets no options. Sorry for the misunderstanding.

 

Can you try this? http://www.kellys-korner-xp.com/regs_edits/contextmenu.reg

Download it to your desktop and allow it to merge into the registry.
Does Right Click show options now?

 

no luck....

 

Moving this thread to software as this is not a malware related issue.

If you are not having any other malware problems, it is time to do our final steps:

1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
   • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
   • "%userprofile%\Desktop\combofix" /uninstall
     • Notes: The space between the combofix" and the /uninstall, it must be there.
     • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
3. Go back to step 6 oof the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
7. Go to add/remove programs and uninstall HijackThis if it present
8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders
   related to MGtools and some other items from our cleaning procedures.
9. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
   • Refer to the cleaning procedures pointed to by step 7 of the READ ME
     for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
10. After doing the above, you should work thru the below link:
    • How to Protect yourself from malware!

 

Hi, is there someone here that can help me with the issue that I'm having. My issue was moved here from Malware. I would appreciate the assistance. Thanks.

 

When you go into safe mode, do you still have the same issues?

 

yes, have the same issue.

 

Do you have the ability to do a system restore to a date previous to the issues?

 

I will give it a try. Might have to take me a minute. I will update you on my progress and see what happens...

 

Update..... I have trying to system restore back to the earliest available, still same outcome. My understanding is that this issue has been on going for a little longer than the system restore allows me to go back.

 

Right-click the desktop>Arrange Icons By

Is "Show Desktop Icons" checked?

 

I can't right click to get any prompts.

 

Hi kmac,

Give the following a read: http://windowsxp.mvps.org/slowrightclick.htm

 

I don't think this is going to help my issue and it looks a little complicated. I have taken a few pictures of the laptop. You will see that the screen doesn't take up the whole computer screen and that there is no icons showing, nor task bar. I can only get to everything through the task manager. There is no right click or left click to get anything.

Tried to attach pictures but I get this error when i try to load the pics. only 4.4 mb pics, 2 of them. I get this error.....

"Your submission could not be processed because a security token was missing.

If this occurred unexpectedly, please inform the administrator and describe the action you performed before you received this error."

 

Is there a way or format that I can send the pictures in that will accept?