Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win


Strange shortcut altering virus

Posted on 2010-09-17
Medium Priority
Last Modified: 2012-05-10
A computer that I am working on has been infected with a virus that hijacks all of my shortcuts and has redirected them to some scamware. The scamware is called Microsoft Security Essentials or something like that. Malware bytes found something, called  a display hijack. I told it to fix it, then checked in the registry where it said the offending entry was, and it was fixed. However, it does not work still. I am facing the same problem, only malware bytes doesn't detect anything anymore. Has anyone run into something similar? Any ideas on how to fix this without reformatting the drive? The infected laptop is running windows 7. I would provide more info, but it is gone for the weekend.

Question by:HDM
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 22

Expert Comment

ID: 33705562
Try these
TdssKiller and Hitmanpro.

NOTE:If 7 is 32 bit then you can run Combofix

Run Combofix and post log here

Accepted Solution

Daxit earned 2000 total points
ID: 33705680

Did you create an image of your system with a cloning tool?

If you did it just do not loose time, save your data if not already done (should be done already if you follow the rules) and restore the system, you will save time and you will be sure to get your genuine system back for sure, manwhile every reparation is always not 100% sure.

If you did not you have to fight it antimalwares or manual removal of the infectious file/s (many viruses open the doors for other malware to come in).

Try to use the tools that the other experts suggested, furthermore you can use virus effect remover, you can download it from::


Actually in this istant the site is down but I guess will be online soon again, you can also look for an alternative download mirror site.
, it contains a tool that attempts to repair the tipical virus' damaged areas of the system registry, vaccinate the drives from autorun.inf files, deactivate the autorun feature on all disks and usb removable disks and have also a lot of other good tools to work with.

In the system registry remove all the suspect entries in the run sections both in localmachine and localuser.

With the avenger:


 you can remove files which are blocked and not deletable if not offline. Take care using the avenger as it can delete whatever you write in its task, if you delete for example a system folder you will ruin your system.

Use an antivirus to scan the pc too, if it is not succesful in removing the found virus/es pick the virus name and search for it on goolge, many times it is possible to find specific procedures that will work with that specific virus.

Post if you suceed or not, and if not describe what happened so to get more help.


Expert Comment

ID: 33710943
You can manually disable this malware, virus, or something like that without any antivirus.
first you must find out exactly where is this infecting malware is locating. its maybe in temp folder or system folders and so on. To acknowledge the location you can use task manager if typically not disabled by virus. Find process named strangely and working actively in task manager and right click on it and choose open file location it opens up its physical location on hdd since it revealed you must to end that process from task manager and delete that executable file.
NOW FOR MOST IMPORTANT. don't miss this step !
now create new text file with exactly same name as that malware or something even its extension
for example: "trojan.exe" is our malware so the newly created text file is name must be exactly same but not "trojan.exe.txt" or something like that.
At last be sure on your move.
if you needed some explanation about this steps let me know i will appreciated to answer again

Expert Comment

ID: 33711236

Yes what PTulgaa writes is correct, you can also create a folder instead of a text.file, it is important to lock it too, so you should right click on it and set the attributes as read only so to lock it, optionally you can also set it as hidden.

By the way, digressing on the topic, in order to vaccinate all drives from the common autorun.inf method place in the root of each one a folder named autorun.inf, right click it and set it as read only and hidden, in this way you will avoid the most of those kind.

Also you can disable the autorun functon of windows for the removable medias, the autorun function is thing that seems to be useful, but in my opinion and experience is only an annoying potential dangerous gadget which might disturb work sessions .


Author Closing Comment

ID: 33739395
We wound up just formatting and restoring from a backup... oddly enough they didn't want to do that originally...

Featured Post

Enroll in October's Free Course of the Month

Do you work with and analyze data? Enroll in October's Course of the Month for 7+ hours of SQL training, allowing you to quickly and efficiently store or retrieve data. It's free for Premium Members, Team Accounts, and Qualified Experts!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When you try to extract and to view the contents of a Microsoft Update Standalone Package (MSU) for Windows Vista, you cannot extract the files from the MSU. Here we are going to explain how to extract those hotfix details without using any third pa…
The Windows functions GetTickCount and timeGetTime retrieve the number of milliseconds since the system was started. However, the value is stored in a DWORD, which means that it wraps around to zero every 49.7 days. This article shows how to solve t…
This Micro Tutorial will give you a basic overview of Windows DVD Burner through its features and interface. This will be demonstrated using Windows 7 operating system.
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…
Suggested Courses

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question