We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you two Citrix podcasts. Learn about 2020 trends and get answers to your biggest Citrix questions!Listen Now

x

Boot to desktop - no icons...no taskbar...

Medium Priority
1,375 Views
Last Modified: 2013-11-22
Wierd issue:
Customer's pc will boot to the desktop without icons or taskbar. Ctl-alt-del brings up Tasakmgr, but running explorer.exe does not help.  Most programs will not run (Mbam; HJT; etc.) but some will - (Spybot; Rogue Remover; IEDef Fix etc.). Safe mode (any flavour) boots to the Welcome screen then freezes. Msconfig will not run. Client does not want to format/re-install.
What I have done:
1) Boot from UBCD, run SuperAntiSpyware; remove some Trojans;
2) Repair install of XP ;
3) Run Spybot, remove some infections;
4) Run RegRestore from UBCD, choosing a Restore Point when the client confirms the pc was running normally;
5) Confirmed Registry entries via regedit ('Shell' has a value of 'explorer.exe' etc.);

I'm out of ideas...Any suggestions?

PC is a Dell Dimension 1100 running Win XP Home SP2

Comment
Watch Question

Commented:
my suggestion is to install again windows ina different folder and copy the files from the old profile to the new one.
really simple and no more headaches trying to fix something that is a really mess

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts
CERTIFIED EXPERT
Top Expert 2007
Commented:
Check the registry for explorer.exe in the IFEO subkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe <-- delete it if present.

Did you try renaming those programs? or redownload and rename before saving?
Check to make sure this isn't a virut infection by running Kaspersky's online scan.
CERTIFIED EXPERT
Top Expert 2007

Commented:
Commented:
Other suggestion :

When you open up Task Manager, go to c:\ Windows and find explorer.exe, copy and paste it.
Rename the copy as explorer2.exe then go in the registry :

HKEY_LOCAL_MACHINE /  SOFTWARE /  Microsoft / Windows NT / CurrentVersion,  click on Winlogon then find the key named Shell. Open up the key and rename Explorer.exe as Explorer2.exe
Reboot your system.

Author

Commented:
Thanks everyone for your suggestions:

jomacapa: I have offered to copy crucial data and then re-install, but the client is resistant to this idea;
rpggamergirl: neither explorer.exe nor iexplore.exe are present in the IFEO subkey; I renamed Mbam, SDFix and Combofix to av1, av2 and av3 before downloading them to a flashdrive, but they still will not run;
wsl77: I found the suggestion you posted when I was trawling the net looking for ideas. I followed the procedure, but it did not work...

I really can't see a way forward with this...

Top Expert 2006
Commented:
If you can pull up the task manager you can delete files open up in safe mode goto new task  then the browse option and head for the system32 folder right click arange icons by date modified then goto the bottom.  There you should be able to delete the file causing the issue also check msconfig see if you can find its startup if not its in a different place in the registry let me know how this works out.
Top Expert 2006

Commented:
I had the same virus about 3 weeks ago its a hassle and I dont remember ALL the steps and places I looked but i found the files and deleted enough to get the explorer back and then ran combofix.

Author

Commented:
OK. I made some progress last night:  installed Firefox and managed to run an online scan with Kaspersky. It is still running (21%) but has so far found 208 instances of Virut ("Virus.Win32.Virut.ce").
I'm assuming the pc is totally shot and I will have to give my client some bad news.  Does anyone know of a way forward from Virut?  Dr. Web didn't help, and I can't face replacing hundreds of system files with no guarantee that the infection is gone.  I have seen a forum post about Virut coming back immediately after a format and re-install...

Is there any hope for this computer?



Author

Commented:
Kaspersky scan just completed - 1,349 infected files!!!
Unless anyone knows of a way forward from this level of infection, I'm going to phone the client tonight and tell him he has to reformat his hdd.
Is there any chance of re-infection if I back up the contents of My Documents?

Commented:
Copy the repertory on external hardrive, and scan it with another machine.

You can use multiple online scan to check you repertory.
http://www.secuser.com/antivirus/
http://housecall65.trendmicro.com/
http://www.kaspersky.com/kos/eng/partner/default/languages/english/check.html?n=1234777686656
Top Expert 2006

Commented:
Yeah with that virus sounds like they waited a bit long.  Here is a description on the Virus:
http://www.threatexpert.com/report.aspx?md5=21137806ecfe485376d3b782e5b0bc2d
I said I had it a few weeks ago but i stoped it within an hour so didnt get much of my system infected.

Commented:
My Suggeston, backup everything to a external HD y download the following software www.malwarebytes.org, run this software from a healthy computer and scan the external HD, that software rocks and it is free.
For sure after this step you won't have any virus in your backup./

As I told you from the beginnig you have to reformat that compouter, the damage was almost impossible to fix.
CERTIFIED EXPERT
Top Expert 2007

Commented:
Reformat is the only solution on this one. Virut infection can not be cleaned.
>>>backup everything to a external HD<<<
NO, you mustn't do that.
Tell your client NOT to backup any files with these extensions below as virut infects these files.
.exe, .scr, archives(.rar and .zip), and all .htm and .html files

Author

Commented:
Yes, I intend to back up his photos, music and text documents, and then vaporise everything else...

A question I am often asked by clients is "Why do people write viruses? What's in it for them?".  I usually explain that 15 years ago, viruses were written by teenage boys who wanted to mess up your pc for the fun of it.  Nowadays, viruses are written for scary gangsters who want to steal your money:
scamware trying to get you to pay for a useless download; hijackers trying to take you to a (usually adult) site where you might buy something; backdoor trojans trying to get information on account numbers and passwords;  But what purpose does Virut serve?  Is it an old school virus that just screws up your system for fun?

Author

Commented:
Thanks everyone for your help with this.
A format and re-install has the client back on track...
CERTIFIED EXPERT
Top Expert 2007

Commented:
>>> Is it an old school virus that just screws up your system for fun?<<<

No, but it's a poorly coded virus... apparrently.
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.