Strange shortcut altering virus

Posted on 2010-09-17
Medium Priority
Last Modified: 2012-05-10
A computer that I am working on has been infected with a virus that hijacks all of my shortcuts and has redirected them to some scamware. The scamware is called Microsoft Security Essentials or something like that. Malware bytes found something, called  a display hijack. I told it to fix it, then checked in the registry where it said the offending entry was, and it was fixed. However, it does not work still. I am facing the same problem, only malware bytes doesn't detect anything anymore. Has anyone run into something similar? Any ideas on how to fix this without reformatting the drive? The infected laptop is running windows 7. I would provide more info, but it is gone for the weekend.

Question by:HDM
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 22

Expert Comment

ID: 33705562
Try these
TdssKiller and Hitmanpro.

NOTE:If 7 is 32 bit then you can run Combofix

Run Combofix and post log here

Accepted Solution

Daxit earned 2000 total points
ID: 33705680

Did you create an image of your system with a cloning tool?

If you did it just do not loose time, save your data if not already done (should be done already if you follow the rules) and restore the system, you will save time and you will be sure to get your genuine system back for sure, manwhile every reparation is always not 100% sure.

If you did not you have to fight it antimalwares or manual removal of the infectious file/s (many viruses open the doors for other malware to come in).

Try to use the tools that the other experts suggested, furthermore you can use virus effect remover, you can download it from::


Actually in this istant the site is down but I guess will be online soon again, you can also look for an alternative download mirror site.
, it contains a tool that attempts to repair the tipical virus' damaged areas of the system registry, vaccinate the drives from autorun.inf files, deactivate the autorun feature on all disks and usb removable disks and have also a lot of other good tools to work with.

In the system registry remove all the suspect entries in the run sections both in localmachine and localuser.

With the avenger:


 you can remove files which are blocked and not deletable if not offline. Take care using the avenger as it can delete whatever you write in its task, if you delete for example a system folder you will ruin your system.

Use an antivirus to scan the pc too, if it is not succesful in removing the found virus/es pick the virus name and search for it on goolge, many times it is possible to find specific procedures that will work with that specific virus.

Post if you suceed or not, and if not describe what happened so to get more help.


Expert Comment

ID: 33710943
You can manually disable this malware, virus, or something like that without any antivirus.
first you must find out exactly where is this infecting malware is locating. its maybe in temp folder or system folders and so on. To acknowledge the location you can use task manager if typically not disabled by virus. Find process named strangely and working actively in task manager and right click on it and choose open file location it opens up its physical location on hdd since it revealed you must to end that process from task manager and delete that executable file.
NOW FOR MOST IMPORTANT. don't miss this step !
now create new text file with exactly same name as that malware or something even its extension
for example: "trojan.exe" is our malware so the newly created text file is name must be exactly same but not "trojan.exe.txt" or something like that.
At last be sure on your move.
if you needed some explanation about this steps let me know i will appreciated to answer again

Expert Comment

ID: 33711236

Yes what PTulgaa writes is correct, you can also create a folder instead of a text.file, it is important to lock it too, so you should right click on it and set the attributes as read only so to lock it, optionally you can also set it as hidden.

By the way, digressing on the topic, in order to vaccinate all drives from the common autorun.inf method place in the root of each one a folder named autorun.inf, right click it and set it as read only and hidden, in this way you will avoid the most of those kind.

Also you can disable the autorun functon of windows for the removable medias, the autorun function is thing that seems to be useful, but in my opinion and experience is only an annoying potential dangerous gadget which might disturb work sessions .


Author Closing Comment

ID: 33739395
We wound up just formatting and restoring from a backup... oddly enough they didn't want to do that originally...

Featured Post

Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

One of the features I've come to appreciate about Windows 7 and Windows Server 2008 R2 is the ability to pin applications to the task bar. As useful a feature as I've found this, it does have some quirks.  For example, have you ever tried pinning an…
Assume you have an outside contractor who comes in seasonally or once a week to do some work in your office, but you only want to give him access to the programs and files he needs and keep all other documents and programs private. Can you do this o…
This Micro Tutorial will teach you the basics of configuring your computer to improve its speed. It will also teach you how to disable programs that are running in the background simultaneously. This will be demonstrated using Windows 7 operating…
This Micro Tutorial will go in depth within Systems and Security in Windows 7 and will go into detail regarding Action Center, Windows Firewall, System, etc. This will be demonstrated using Windows 7 operating system.
Suggested Courses
Course of the Month8 days, 18 hours left to enroll

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question