Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1324
  • Last Modified:

Boot to desktop - no icons...no taskbar...

Wierd issue:
Customer's pc will boot to the desktop without icons or taskbar. Ctl-alt-del brings up Tasakmgr, but running explorer.exe does not help.  Most programs will not run (Mbam; HJT; etc.) but some will - (Spybot; Rogue Remover; IEDef Fix etc.). Safe mode (any flavour) boots to the Welcome screen then freezes. Msconfig will not run. Client does not want to format/re-install.
What I have done:
1) Boot from UBCD, run SuperAntiSpyware; remove some Trojans;
2) Repair install of XP ;
3) Run Spybot, remove some infections;
4) Run RegRestore from UBCD, choosing a Restore Point when the client confirms the pc was running normally;
5) Confirmed Registry entries via regedit ('Shell' has a value of 'explorer.exe' etc.);

I'm out of ideas...Any suggestions?

PC is a Dell Dimension 1100 running Win XP Home SP2

0
phototropic
Asked:
phototropic
  • 5
  • 4
  • 3
  • +2
4 Solutions
 
jomacapaCommented:
my suggestion is to install again windows ina different folder and copy the files from the old profile to the new one.
really simple and no more headaches trying to fix something that is a really mess
0
 
rpggamergirlCommented:
Check the registry for explorer.exe in the IFEO subkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe <-- delete it if present.

Did you try renaming those programs? or redownload and rename before saving?
Check to make sure this isn't a virut infection by running Kaspersky's online scan.
0
 
rpggamergirlCommented:
0
2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

 
wsl77Commented:
Other suggestion :

When you open up Task Manager, go to c:\ Windows and find explorer.exe, copy and paste it.
Rename the copy as explorer2.exe then go in the registry :

HKEY_LOCAL_MACHINE /  SOFTWARE /  Microsoft / Windows NT / CurrentVersion,  click on Winlogon then find the key named Shell. Open up the key and rename Explorer.exe as Explorer2.exe
Reboot your system.
0
 
phototropicAuthor Commented:
Thanks everyone for your suggestions:

jomacapa: I have offered to copy crucial data and then re-install, but the client is resistant to this idea;
rpggamergirl: neither explorer.exe nor iexplore.exe are present in the IFEO subkey; I renamed Mbam, SDFix and Combofix to av1, av2 and av3 before downloading them to a flashdrive, but they still will not run;
wsl77: I found the suggestion you posted when I was trawling the net looking for ideas. I followed the procedure, but it did not work...

I really can't see a way forward with this...

0
 
venom96737Commented:
If you can pull up the task manager you can delete files open up in safe mode goto new task  then the browse option and head for the system32 folder right click arange icons by date modified then goto the bottom.  There you should be able to delete the file causing the issue also check msconfig see if you can find its startup if not its in a different place in the registry let me know how this works out.
0
 
venom96737Commented:
I had the same virus about 3 weeks ago its a hassle and I dont remember ALL the steps and places I looked but i found the files and deleted enough to get the explorer back and then ran combofix.
0
 
phototropicAuthor Commented:
OK. I made some progress last night:  installed Firefox and managed to run an online scan with Kaspersky. It is still running (21%) but has so far found 208 instances of Virut ("Virus.Win32.Virut.ce").
I'm assuming the pc is totally shot and I will have to give my client some bad news.  Does anyone know of a way forward from Virut?  Dr. Web didn't help, and I can't face replacing hundreds of system files with no guarantee that the infection is gone.  I have seen a forum post about Virut coming back immediately after a format and re-install...

Is there any hope for this computer?



0
 
phototropicAuthor Commented:
Kaspersky scan just completed - 1,349 infected files!!!
Unless anyone knows of a way forward from this level of infection, I'm going to phone the client tonight and tell him he has to reformat his hdd.
Is there any chance of re-infection if I back up the contents of My Documents?

0
 
wsl77Commented:
Copy the repertory on external hardrive, and scan it with another machine.

You can use multiple online scan to check you repertory.
http://www.secuser.com/antivirus/
http://housecall65.trendmicro.com/
http://www.kaspersky.com/kos/eng/partner/default/languages/english/check.html?n=1234777686656
0
 
venom96737Commented:
Yeah with that virus sounds like they waited a bit long.  Here is a description on the Virus:
http://www.threatexpert.com/report.aspx?md5=21137806ecfe485376d3b782e5b0bc2d
I said I had it a few weeks ago but i stoped it within an hour so didnt get much of my system infected.
0
 
jomacapaCommented:
My Suggeston, backup everything to a external HD y download the following software www.malwarebytes.org, run this software from a healthy computer and scan the external HD, that software rocks and it is free.
For sure after this step you won't have any virus in your backup./

As I told you from the beginnig you have to reformat that compouter, the damage was almost impossible to fix.
0
 
rpggamergirlCommented:
Reformat is the only solution on this one. Virut infection can not be cleaned.
>>>backup everything to a external HD<<<
NO, you mustn't do that.
Tell your client NOT to backup any files with these extensions below as virut infects these files.
.exe, .scr, archives(.rar and .zip), and all .htm and .html files

0
 
phototropicAuthor Commented:
Yes, I intend to back up his photos, music and text documents, and then vaporise everything else...

A question I am often asked by clients is "Why do people write viruses? What's in it for them?".  I usually explain that 15 years ago, viruses were written by teenage boys who wanted to mess up your pc for the fun of it.  Nowadays, viruses are written for scary gangsters who want to steal your money:
scamware trying to get you to pay for a useless download; hijackers trying to take you to a (usually adult) site where you might buy something; backdoor trojans trying to get information on account numbers and passwords;  But what purpose does Virut serve?  Is it an old school virus that just screws up your system for fun?

0
 
phototropicAuthor Commented:
Thanks everyone for your help with this.
A format and re-install has the client back on track...
0
 
rpggamergirlCommented:
>>> Is it an old school virus that just screws up your system for fun?<<<

No, but it's a poorly coded virus... apparrently.
0

Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

  • 5
  • 4
  • 3
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now