• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 732
  • Last Modified:

Strange shortcut altering virus

A computer that I am working on has been infected with a virus that hijacks all of my shortcuts and has redirected them to some scamware. The scamware is called Microsoft Security Essentials or something like that. Malware bytes found something, called  a display hijack. I told it to fix it, then checked in the registry where it said the offending entry was, and it was fixed. However, it does not work still. I am facing the same problem, only malware bytes doesn't detect anything anymore. Has anyone run into something similar? Any ideas on how to fix this without reformatting the drive? The infected laptop is running windows 7. I would provide more info, but it is gone for the weekend.

Curtis Long
Curtis Long
1 Solution
Try these
TdssKiller and Hitmanpro.

NOTE:If 7 is 32 bit then you can run Combofix

Run Combofix and post log here

Did you create an image of your system with a cloning tool?

If you did it just do not loose time, save your data if not already done (should be done already if you follow the rules) and restore the system, you will save time and you will be sure to get your genuine system back for sure, manwhile every reparation is always not 100% sure.

If you did not you have to fight it antimalwares or manual removal of the infectious file/s (many viruses open the doors for other malware to come in).

Try to use the tools that the other experts suggested, furthermore you can use virus effect remover, you can download it from::


Actually in this istant the site is down but I guess will be online soon again, you can also look for an alternative download mirror site.
, it contains a tool that attempts to repair the tipical virus' damaged areas of the system registry, vaccinate the drives from autorun.inf files, deactivate the autorun feature on all disks and usb removable disks and have also a lot of other good tools to work with.

In the system registry remove all the suspect entries in the run sections both in localmachine and localuser.

With the avenger:


 you can remove files which are blocked and not deletable if not offline. Take care using the avenger as it can delete whatever you write in its task, if you delete for example a system folder you will ruin your system.

Use an antivirus to scan the pc too, if it is not succesful in removing the found virus/es pick the virus name and search for it on goolge, many times it is possible to find specific procedures that will work with that specific virus.

Post if you suceed or not, and if not describe what happened so to get more help.

You can manually disable this malware, virus, or something like that without any antivirus.
first you must find out exactly where is this infecting malware is locating. its maybe in temp folder or system folders and so on. To acknowledge the location you can use task manager if typically not disabled by virus. Find process named strangely and working actively in task manager and right click on it and choose open file location it opens up its physical location on hdd since it revealed you must to end that process from task manager and delete that executable file.
NOW FOR MOST IMPORTANT. don't miss this step !
now create new text file with exactly same name as that malware or something even its extension
for example: "trojan.exe" is our malware so the newly created text file is name must be exactly same but not "trojan.exe.txt" or something like that.
At last be sure on your move.
if you needed some explanation about this steps let me know i will appreciated to answer again

Yes what PTulgaa writes is correct, you can also create a folder instead of a text.file, it is important to lock it too, so you should right click on it and set the attributes as read only so to lock it, optionally you can also set it as hidden.

By the way, digressing on the topic, in order to vaccinate all drives from the common autorun.inf method place in the root of each one a folder named autorun.inf, right click it and set it as read only and hidden, in this way you will avoid the most of those kind.

Also you can disable the autorun functon of windows for the removable medias, the autorun function is thing that seems to be useful, but in my opinion and experience is only an annoying potential dangerous gadget which might disturb work sessions .

Curtis LongAuthor Commented:
We wound up just formatting and restoring from a backup... oddly enough they didn't want to do that originally...
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now