Clicking My Computer resets windows explorer

When clicking "my computer" on the desktop windows explorer resets. Everything but the background image disappears for a few seconds. The same thing happens when trying to open a folder on the desktop, or starting internet explorer. Internet Explorer will run, but I can see that everything is reset in the background.
I have been using Norton Internet Security, and when this happened the auto protect function got an error and will not turn on again.

I did a full Norton system scan, as well as a SpyWareBot scan, the last found 63 unwanted files.

Any help will be greatly appreciated!!!

Thanks
Ken
paanpilotAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

IndiGenusCommented:
It would help if we could see what was going on with your computer. I suggest that you download, run, and upload a HijackThis log from the link below.

http://www.trendsecure.com/portal/en-US/threat_analytics/hijackthis.php

Click on "Do a system scan and save a log file" button. Post the text from the log file. Do not have HJT fix anything at this point.

Please do not post the log into the comment window. Use "Attach File" under the comment window to post the log.
0
paanpilotAuthor Commented:
Ok, thanks. i will try that and post it asap

Ken
0
paanpilotAuthor Commented:
did as instructed, here is the file

thanks

Ken
hijackthis.log
0
Do You Have a Trusted Wireless Environment?

A Trusted Wireless Environment is a framework for building a complete Wi-Fi network that is fast, easy to manage, and secure.

IndiGenusCommented:
First, the program SpywareBot is not a very reputable program and is listed on the rogue Anti-Spyware Program list at SpywareWarrior. I would suggest you remove it.
http://www.spywarewarrior.com/rogue_anti-spyware.htm

Now for the bad news...looks like Vundo/Conhook Trojan. Let's get to work.

Download and Run ComboFix (by sUBs) You must run it directly from your Desktop.

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Disable your Anti-virus and any real-time Anti-spyware monitors that are running.
Then double click Combofix.exe & follow the prompts.
When finished, it will produce a log for you. Upload that log in your next reply with a new HijackThis log.  

Please do not post the log into the comment window. Use "Attach File" under the comment window to post the log.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall.
Note 2: Remember to re-enable your Anti-virus and Anti-spyware.

NOTE: If you have issues connecting to your network or internet after running combofix you can either simply reboot, or do the following:
* Going to Control Panel > Network Connections.
* Right click on their Network icons & select "Repair"
or
Alternately, if the Network icon appears in the notification area in the lower right corner of Desktop, right-click it, and then click Repair from the shortcut menu.

PLEASE ALSO NOTE: Combofix will typically fix most and sometimes all Malware entries but many times a script is also needed to finish cleaning up. So please keep CF until advised whether you need the script or not.

0
paanpilotAuthor Commented:
I tried to run ComboFix, but after starting it a box appears saying I can't rename combofix as combofix.
0
paanpilotAuthor Commented:
Ok, ran it as administrator. Now it starts, and a blue screen appears, but nothing more happens.
0
IndiGenusCommented:
Let's try this. Delete that version of combofix. Now download it again. This time when you download it rename it to combo-fix.exe. NOTE the dash. Do not rename it AFTER downloading but rename it WHEN you download it.

Then try running it again. I am heading off to sleep but will check in the AM, EST.
0
paanpilotAuthor Commented:
Ok. I will try that. Thanks alot for the help so far!! Really appreciated!
0
paanpilotAuthor Commented:
Ok, tried that.

I get 2 different messages when I run it.
Mostly the blue screen appears, and nothing more happens.
Then I either get "out of memory" or "Access violation, address 77687036, read of address 00200068"

0
IndiGenusCommented:
Please rename HijackThis to something else, like FindVundo.exe (or anything you want), just make sure to keep the .exe part. The rerun it and post the log.

Thanks,
Dave
0
paanpilotAuthor Commented:
Hi.
Ok, renamed Hijackthis. Log is attached.

Thanks
Ken
hijackthis.log
0
IndiGenusCommented:
I believe combofix is having some issues at this point, particularly with Vista machines as you are not the only one having this trouble. I'm sure the developer will get it worked out but for now we will have to use alternate methods.

Download VundoFix.exe to your desktop.
http://www.atribune.org/ccount/click.php?id=4
Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click Yes
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt and a new HiJackThis log.
 
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from Click the Scan for Vundo button when VundoFix appears at reboot.
0
paanpilotAuthor Commented:
Done. Worked like a charm this time.
logs attached

Thanks
Ken
VundoFix.txt
hijackthis.log
0
IndiGenusCommented:
Well it looks like Vundofix ran part way, in finding the Vundo files. But unless the log got cut off it did not remove them. What happened when it went to the removal stage of the fix?
0
paanpilotAuthor Commented:
the screen went blank for a while, just the background picture showed, then the computer rebooted on its own, and vundofix did not restart after the boot

Ken
0
IndiGenusCommented:
Let's try this...

Please download SDFix and save it to your Desktop.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe 

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Double click on SDFix.exe. It should automatically extract a folder called SDFix to your system drive (usually C:\). Please reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.

Open the SDFix folder and double click on RunThis.bat to start the script.
Type Y and press Enter to begin the script.
It will start cleaning your PC and then prompt you to press any key to Reboot.
Press any key to restart the PC.
Your system will take longer than normal to restart as the fixtool will be removing files.
When the desktop loads the Fixtool will complete the removal and display Finished.
Press any key to end the script and to load your desktop icons.

A text file should automatically open,
Please do not post the log into the comment window. Use "Attach File" under the comment window to post the log.

Please also upload a fresh HijackThis log.
0
paanpilotAuthor Commented:
I tried to restart the computer in safe mode.
i got the menu at the start up, selected safe mode and the computer starts the boot process, got to a black screen with a bigger than normal mouse pointer, so lower resolution for safe mode I presume. then the computer restarts on its own in normal mode.

0
IndiGenusCommented:
One more thing to try, but I'm running out of ideas here...

Making sure you have placed ComboFix.exe on your desktop, go to Start -> Run (or for Vista it's the Start button, then copy the command into the "Start Search" box) ,and copy/paste the following. Then click OK or hit your enter key.

"%userprofile%\desktop\ComboFix.exe" /KillAll

This will start ComboFix.


If that doesn't work, it appears as though the Malware here has done some significant system damage. At this point you may want to consider backing up any important data you have and a full system re-install. Before you do that we can try a run at this manually if you like but I'm not sure how successful we will be. Let me know what you would like to do.

Also, if any other experts are looking in here and have some advice it would be appreciated.
0
paanpilotAuthor Commented:
Hey

tried that, but got the same results as last time, either out of memory or an access violation.

I am starting to accept the idea of a reinstall of the OS.

I have a question in that regard. I have a HP Pavillion laptop with dual hard drives. One for the OS and i use the other for important files, documents etc.
If i do the system recovery will it wipe both hard drives?

Thanks alot for the help!
Ken
0
IndiGenusCommented:
Hi Ken,
I don't believe it will wipe out both drives unless you are using a RAID configuration of some kind, where the data is striped or copied across the drives. If your OS is set up simply on one drive it you should only need to format that drive. The only issue here is whether the second drive is infected or not I believe. Before doing anything you may want to run a full virus and spyware scan of that drive, making sure it's not. If it is then you would take the chance of re-infecting yourself after re-installing your OS. You may also want to back up your data to an external source like CD/DVD/USB or ext. hard drive, before making any major changes.

Wish I had some other ideas here...I don't like to give in to the re-install but sometimes you have to cut your losses...

Good luck,
Dave
0
paanpilotAuthor Commented:
Thanks Dave, I really appreciate the help. couldn't have done half of what we tried on my own.
I will do a re-install and then let you know how it worked out.

Ken
0
paanpilotAuthor Commented:
Ok. Did a recovery to factory settings, everything seems to be working fine right now. The backup hard drive was not touched.

As a last question, which anti virus software should I use.
i have had NOD32 and AVG suggested to me. I will not, however, use Norton again. This is the second computer I have had to re-format with Norton installed on it.

Thanks alot for all the help
Ken
0
IndiGenusCommented:
Hi Ken,
Glad you got it sorted out. And having your data on the second drive like that sounds like it made things pretty easy.

NOD32 is good. AVG is good too, especially if you are looking for a free alternative. I also like Kaspersky, and they have a 30 day trial going right now I believe. Keep in mind no one Antivirus or any Antimalware product will stop everything. I do have to agree with you on Norton though, although reviews of their latest products are pretty good, I got away from them years ago more for the fact of how much system resources are used. I've seen it turn many a decent PC into an expensive paperweight.

Good luck,
Dave
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
paanpilotAuthor Commented:
Thanks alot, I think i will go with AVG this time around.

As i said, thanks alot for the help. This web service is awesome, and I will highly recommend it!!

Ken
0
paanpilotAuthor Commented:
Although it didn't work out for me this time, this was not in any way due to you or your help. I found your service excellent, and graded accordingly.

Thanks again.
0
IndiGenusCommented:
Thanks for the kind words, grade, and points here. You were a pleasure to work with also. Wish we could have gotten it with the tools, but sometimes that's the way it goes. Hopefully you can avoid Vundo in the future, it's one of the worst to deal with.

Regards,
Dave
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Security

From novice to tech pro — start learning today.