Link to home
Start Free TrialLog in
Avatar of m2chaudh
m2chaudh

asked on

Cannot right click on desktop or move anything to it.

I removed a machine that had some nasty fake AV on it. After having done that using Malware bytes and a reboot, I was on users desktop, which was blank, nothing at all on it, I went to Documents folder, and his "Desktop folder" does have his files, they just arent showing on on the actual desktop, I tried to move them, but it wont allow me to move(it doesnt even attempt a move).
I've seen this before couple of years ago, its as if the snapshot of my background is covering the real desktop and all the items, and ofcourse I cannot moving anything on to a picture by drag and move or copy and past. I'm not sure if some registry entires were modified by the Torjan/virus.

The client is a Winxp Pro SP3. I created another profile and it runs fine, I can see desktop items, right click, create stuff on it etc.

Is there a .dll file that I can move from working profile over to the user profile with broken desktop?
I wanted to avoid having to delete this users profile and creating it again.

Suggetions please!
Avatar of younghv
younghv
Flag of United States of America image

Look at the following pls:

Go to Display Properties - Desktop Tab - Customize Button - Web Tab

What is checked/unchecked there?
If the problem persists, also try RogueKiller Option 6,
http://www.geekstogo.com/forum/files/file/413-roguekiller/ 
Sounds like you have a nasty rootkit. Hopefully it is less severe. If you have the know how and the equipment to plug the hard drive into another computer (that is properly protected by an active scanner), I would plug it into another computer and run a scan. I've never tried the RogueKiller that rpggamergirl suggested, it looks neat. Another thing you can try that has saved me many times (if you can get it to run) is combofix. You download it and run it.

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

If it won't let you even run these anti-malware tools, to avoid running boot cd's and getting really technical it may be necessary to scan on another computer or give to a professional.

Hope this helps,

-Jeff
Avatar of m2chaudh
m2chaudh

ASKER

I've already ran Combofix and malwarebytes on it. Combofix first, it found some things, and removed them, then I had this problem, I ran Malwarebytes, which found 10 more trojans, and removed those as well. But this problem didnt go away. BTW, other accounts are fine, so its only one user profile this is causing this problem. I dont want to delete and move his old profile to new one, evcen though thats best working solution. I want to fix it.

flubbster, I cannot right click as I mentioned, so Display properties doesnt work (or more like, it doesnt change anything, I can change the display picture, but that doesnt solve the issue, and I already checked that settings by other means).
It is possible something is running on startup that is causing the problem. Go to the run prompt and type in "msconfig" -> hit enter, and look at the startup items. Try to minimize what is there. If anything looks fishy, try unchecking it. You may also want to look at the other tab where services run (check "hide all microsoft services"

For another thing to try: look at this post, navigate to the registry described there and see if there are any funny keys. (The link tells you how to disable the display settings)

http://www.pctools.com/guides/registry/detail/167/

Another thing that might work is:  go to the run prompt, type "cmd" -> then hit enter to open the command prompt. Now type "sfc /scannow". This could relink some stuff, and possibly fix the problem.

I hope one of these works for you! If not, let me know.

-Jeff
http://www.kellys-korner-xp.com/xp_tweaks.htm

scroll down to 72, download and run it twice (it should have a restore desktop thing and hopefully everything will come back after)

This might also work for you.
SOLUTION
Avatar of jeffiepoo
jeffiepoo
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
ASKER CERTIFIED SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Client couldnt wait and was getting impatient, so I ended up copying his data and then deleting his current profile and moving the data to new profile. Worked like a charm, just took little longer due to the copy/paste, his PC wasnt in best shape.
Just a little test, did you try starting a new instance of explorer.exe?  Use task manager, New Task(Run), explorer.exe.  

If that user's profile is corrupted by the malware, sometimes the malicious code will load it's own "explorer.exe" based on the login which could explain the locked desktop.   Malware's MO is injecting code in legitimate Windows files and processes.
Yea I did that before I came to EE. Ended explorer.exe and ran it again from taskmanager.