paanpilot
asked on
Clicking My Computer resets windows explorer
When clicking "my computer" on the desktop windows explorer resets. Everything but the background image disappears for a few seconds. The same thing happens when trying to open a folder on the desktop, or starting internet explorer. Internet Explorer will run, but I can see that everything is reset in the background.
I have been using Norton Internet Security, and when this happened the auto protect function got an error and will not turn on again.
I did a full Norton system scan, as well as a SpyWareBot scan, the last found 63 unwanted files.
Any help will be greatly appreciated!!!
Thanks
Ken
I have been using Norton Internet Security, and when this happened the auto protect function got an error and will not turn on again.
I did a full Norton system scan, as well as a SpyWareBot scan, the last found 63 unwanted files.
Any help will be greatly appreciated!!!
Thanks
Ken
ASKER
Ok, thanks. i will try that and post it asap
Ken
Ken
ASKER
First, the program SpywareBot is not a very reputable program and is listed on the rogue Anti-Spyware Program list at SpywareWarrior. I would suggest you remove it.
http://www.spywarewarrior.com/rogue_anti-spyware.htm
Now for the bad news...looks like Vundo/Conhook Trojan. Let's get to work.
Download and Run ComboFix (by sUBs) You must run it directly from your Desktop.
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Disable your Anti-virus and any real-time Anti-spyware monitors that are running.
Then double click Combofix.exe & follow the prompts.
When finished, it will produce a log for you. Upload that log in your next reply with a new HijackThis log.
Please do not post the log into the comment window. Use "Attach File" under the comment window to post the log.
Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall.
Note 2: Remember to re-enable your Anti-virus and Anti-spyware.
NOTE: If you have issues connecting to your network or internet after running combofix you can either simply reboot, or do the following:
* Going to Control Panel > Network Connections.
* Right click on their Network icons & select "Repair"
or
Alternately, if the Network icon appears in the notification area in the lower right corner of Desktop, right-click it, and then click Repair from the shortcut menu.
PLEASE ALSO NOTE: Combofix will typically fix most and sometimes all Malware entries but many times a script is also needed to finish cleaning up. So please keep CF until advised whether you need the script or not.
http://www.spywarewarrior.com/rogue_anti-spyware.htm
Now for the bad news...looks like Vundo/Conhook Trojan. Let's get to work.
Download and Run ComboFix (by sUBs) You must run it directly from your Desktop.
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Disable your Anti-virus and any real-time Anti-spyware monitors that are running.
Then double click Combofix.exe & follow the prompts.
When finished, it will produce a log for you. Upload that log in your next reply with a new HijackThis log.
Please do not post the log into the comment window. Use "Attach File" under the comment window to post the log.
Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall.
Note 2: Remember to re-enable your Anti-virus and Anti-spyware.
NOTE: If you have issues connecting to your network or internet after running combofix you can either simply reboot, or do the following:
* Going to Control Panel > Network Connections.
* Right click on their Network icons & select "Repair"
or
Alternately, if the Network icon appears in the notification area in the lower right corner of Desktop, right-click it, and then click Repair from the shortcut menu.
PLEASE ALSO NOTE: Combofix will typically fix most and sometimes all Malware entries but many times a script is also needed to finish cleaning up. So please keep CF until advised whether you need the script or not.
ASKER
I tried to run ComboFix, but after starting it a box appears saying I can't rename combofix as combofix.
ASKER
Ok, ran it as administrator. Now it starts, and a blue screen appears, but nothing more happens.
Let's try this. Delete that version of combofix. Now download it again. This time when you download it rename it to combo-fix.exe. NOTE the dash. Do not rename it AFTER downloading but rename it WHEN you download it.
Then try running it again. I am heading off to sleep but will check in the AM, EST.
Then try running it again. I am heading off to sleep but will check in the AM, EST.
ASKER
Ok. I will try that. Thanks alot for the help so far!! Really appreciated!
ASKER
Ok, tried that.
I get 2 different messages when I run it.
Mostly the blue screen appears, and nothing more happens.
Then I either get "out of memory" or "Access violation, address 77687036, read of address 00200068"
I get 2 different messages when I run it.
Mostly the blue screen appears, and nothing more happens.
Then I either get "out of memory" or "Access violation, address 77687036, read of address 00200068"
Please rename HijackThis to something else, like FindVundo.exe (or anything you want), just make sure to keep the .exe part. The rerun it and post the log.
Thanks,
Dave
Thanks,
Dave
ASKER
I believe combofix is having some issues at this point, particularly with Vista machines as you are not the only one having this trouble. I'm sure the developer will get it worked out but for now we will have to use alternate methods.
Download VundoFix.exe to your desktop.
http://www.atribune.org/ccount/click.php?id=4
Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click Yes
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt and a new HiJackThis log.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from Click the Scan for Vundo button when VundoFix appears at reboot.
Download VundoFix.exe to your desktop.
http://www.atribune.org/ccount/click.php?id=4
Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click Yes
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt and a new HiJackThis log.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from Click the Scan for Vundo button when VundoFix appears at reboot.
ASKER
Well it looks like Vundofix ran part way, in finding the Vundo files. But unless the log got cut off it did not remove them. What happened when it went to the removal stage of the fix?
ASKER
the screen went blank for a while, just the background picture showed, then the computer rebooted on its own, and vundofix did not restart after the boot
Ken
Ken
Let's try this...
Please download SDFix and save it to your Desktop.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.
Double click on SDFix.exe. It should automatically extract a folder called SDFix to your system drive (usually C:\). Please reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.
Open the SDFix folder and double click on RunThis.bat to start the script.
Type Y and press Enter to begin the script.
It will start cleaning your PC and then prompt you to press any key to Reboot.
Press any key to restart the PC.
Your system will take longer than normal to restart as the fixtool will be removing files.
When the desktop loads the Fixtool will complete the removal and display Finished.
Press any key to end the script and to load your desktop icons.
A text file should automatically open,
Please do not post the log into the comment window. Use "Attach File" under the comment window to post the log.
Please also upload a fresh HijackThis log.
Please download SDFix and save it to your Desktop.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.
Double click on SDFix.exe. It should automatically extract a folder called SDFix to your system drive (usually C:\). Please reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.
Open the SDFix folder and double click on RunThis.bat to start the script.
Type Y and press Enter to begin the script.
It will start cleaning your PC and then prompt you to press any key to Reboot.
Press any key to restart the PC.
Your system will take longer than normal to restart as the fixtool will be removing files.
When the desktop loads the Fixtool will complete the removal and display Finished.
Press any key to end the script and to load your desktop icons.
A text file should automatically open,
Please do not post the log into the comment window. Use "Attach File" under the comment window to post the log.
Please also upload a fresh HijackThis log.
ASKER
I tried to restart the computer in safe mode.
i got the menu at the start up, selected safe mode and the computer starts the boot process, got to a black screen with a bigger than normal mouse pointer, so lower resolution for safe mode I presume. then the computer restarts on its own in normal mode.
i got the menu at the start up, selected safe mode and the computer starts the boot process, got to a black screen with a bigger than normal mouse pointer, so lower resolution for safe mode I presume. then the computer restarts on its own in normal mode.
One more thing to try, but I'm running out of ideas here...
Making sure you have placed ComboFix.exe on your desktop, go to Start -> Run (or for Vista it's the Start button, then copy the command into the "Start Search" box) ,and copy/paste the following. Then click OK or hit your enter key.
"%userprofile%\desktop\Com
This will start ComboFix.
If that doesn't work, it appears as though the Malware here has done some significant system damage. At this point you may want to consider backing up any important data you have and a full system re-install. Before you do that we can try a run at this manually if you like but I'm not sure how successful we will be. Let me know what you would like to do.
Also, if any other experts are looking in here and have some advice it would be appreciated.
Making sure you have placed ComboFix.exe on your desktop, go to Start -> Run (or for Vista it's the Start button, then copy the command into the "Start Search" box) ,and copy/paste the following. Then click OK or hit your enter key.
"%userprofile%\desktop\Com
This will start ComboFix.
If that doesn't work, it appears as though the Malware here has done some significant system damage. At this point you may want to consider backing up any important data you have and a full system re-install. Before you do that we can try a run at this manually if you like but I'm not sure how successful we will be. Let me know what you would like to do.
Also, if any other experts are looking in here and have some advice it would be appreciated.
ASKER
Hey
tried that, but got the same results as last time, either out of memory or an access violation.
I am starting to accept the idea of a reinstall of the OS.
I have a question in that regard. I have a HP Pavillion laptop with dual hard drives. One for the OS and i use the other for important files, documents etc.
If i do the system recovery will it wipe both hard drives?
Thanks alot for the help!
Ken
tried that, but got the same results as last time, either out of memory or an access violation.
I am starting to accept the idea of a reinstall of the OS.
I have a question in that regard. I have a HP Pavillion laptop with dual hard drives. One for the OS and i use the other for important files, documents etc.
If i do the system recovery will it wipe both hard drives?
Thanks alot for the help!
Ken
Hi Ken,
I don't believe it will wipe out both drives unless you are using a RAID configuration of some kind, where the data is striped or copied across the drives. If your OS is set up simply on one drive it you should only need to format that drive. The only issue here is whether the second drive is infected or not I believe. Before doing anything you may want to run a full virus and spyware scan of that drive, making sure it's not. If it is then you would take the chance of re-infecting yourself after re-installing your OS. You may also want to back up your data to an external source like CD/DVD/USB or ext. hard drive, before making any major changes.
Wish I had some other ideas here...I don't like to give in to the re-install but sometimes you have to cut your losses...
Good luck,
Dave
I don't believe it will wipe out both drives unless you are using a RAID configuration of some kind, where the data is striped or copied across the drives. If your OS is set up simply on one drive it you should only need to format that drive. The only issue here is whether the second drive is infected or not I believe. Before doing anything you may want to run a full virus and spyware scan of that drive, making sure it's not. If it is then you would take the chance of re-infecting yourself after re-installing your OS. You may also want to back up your data to an external source like CD/DVD/USB or ext. hard drive, before making any major changes.
Wish I had some other ideas here...I don't like to give in to the re-install but sometimes you have to cut your losses...
Good luck,
Dave
ASKER
Thanks Dave, I really appreciate the help. couldn't have done half of what we tried on my own.
I will do a re-install and then let you know how it worked out.
Ken
I will do a re-install and then let you know how it worked out.
Ken
ASKER
Ok. Did a recovery to factory settings, everything seems to be working fine right now. The backup hard drive was not touched.
As a last question, which anti virus software should I use.
i have had NOD32 and AVG suggested to me. I will not, however, use Norton again. This is the second computer I have had to re-format with Norton installed on it.
Thanks alot for all the help
Ken
As a last question, which anti virus software should I use.
i have had NOD32 and AVG suggested to me. I will not, however, use Norton again. This is the second computer I have had to re-format with Norton installed on it.
Thanks alot for all the help
Ken
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks alot, I think i will go with AVG this time around.
As i said, thanks alot for the help. This web service is awesome, and I will highly recommend it!!
Ken
As i said, thanks alot for the help. This web service is awesome, and I will highly recommend it!!
Ken
ASKER
Although it didn't work out for me this time, this was not in any way due to you or your help. I found your service excellent, and graded accordingly.
Thanks again.
Thanks again.
Thanks for the kind words, grade, and points here. You were a pleasure to work with also. Wish we could have gotten it with the tools, but sometimes that's the way it goes. Hopefully you can avoid Vundo in the future, it's one of the worst to deal with.
Regards,
Dave
Regards,
Dave
http://www.trendsecure.com/portal/en-US/threat_analytics/hijackthis.php
Click on "Do a system scan and save a log file" button. Post the text from the log file. Do not have HJT fix anything at this point.
Please do not post the log into the comment window. Use "Attach File" under the comment window to post the log.