• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 841
  • Last Modified:

Cannot right click on desktop or move anything to it.

I removed a machine that had some nasty fake AV on it. After having done that using Malware bytes and a reboot, I was on users desktop, which was blank, nothing at all on it, I went to Documents folder, and his "Desktop folder" does have his files, they just arent showing on on the actual desktop, I tried to move them, but it wont allow me to move(it doesnt even attempt a move).
I've seen this before couple of years ago, its as if the snapshot of my background is covering the real desktop and all the items, and ofcourse I cannot moving anything on to a picture by drag and move or copy and past. I'm not sure if some registry entires were modified by the Torjan/virus.

The client is a Winxp Pro SP3. I created another profile and it runs fine, I can see desktop items, right click, create stuff on it etc.

Is there a .dll file that I can move from working profile over to the user profile with broken desktop?
I wanted to avoid having to delete this users profile and creating it again.

Suggetions please!
0
m2chaudh
Asked:
m2chaudh
  • 4
  • 3
  • 2
  • +3
2 Solutions
 
younghvCommented:
0
 
flubbsterCommented:
Look at the following pls:

Go to Display Properties - Desktop Tab - Customize Button - Web Tab

What is checked/unchecked there?
0
 
rpggamergirlCommented:
If the problem persists, also try RogueKiller Option 6,
http://www.geekstogo.com/forum/files/file/413-roguekiller/ 
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
jeffiepooCommented:
Sounds like you have a nasty rootkit. Hopefully it is less severe. If you have the know how and the equipment to plug the hard drive into another computer (that is properly protected by an active scanner), I would plug it into another computer and run a scan. I've never tried the RogueKiller that rpggamergirl suggested, it looks neat. Another thing you can try that has saved me many times (if you can get it to run) is combofix. You download it and run it.

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

If it won't let you even run these anti-malware tools, to avoid running boot cd's and getting really technical it may be necessary to scan on another computer or give to a professional.

Hope this helps,

-Jeff
0
 
m2chaudhAuthor Commented:
I've already ran Combofix and malwarebytes on it. Combofix first, it found some things, and removed them, then I had this problem, I ran Malwarebytes, which found 10 more trojans, and removed those as well. But this problem didnt go away. BTW, other accounts are fine, so its only one user profile this is causing this problem. I dont want to delete and move his old profile to new one, evcen though thats best working solution. I want to fix it.

flubbster, I cannot right click as I mentioned, so Display properties doesnt work (or more like, it doesnt change anything, I can change the display picture, but that doesnt solve the issue, and I already checked that settings by other means).
0
 
jeffiepooCommented:
It is possible something is running on startup that is causing the problem. Go to the run prompt and type in "msconfig" -> hit enter, and look at the startup items. Try to minimize what is there. If anything looks fishy, try unchecking it. You may also want to look at the other tab where services run (check "hide all microsoft services"

For another thing to try: look at this post, navigate to the registry described there and see if there are any funny keys. (The link tells you how to disable the display settings)

http://www.pctools.com/guides/registry/detail/167/

Another thing that might work is:  go to the run prompt, type "cmd" -> then hit enter to open the command prompt. Now type "sfc /scannow". This could relink some stuff, and possibly fix the problem.

I hope one of these works for you! If not, let me know.

-Jeff
0
 
jeffiepooCommented:
http://www.kellys-korner-xp.com/xp_tweaks.htm

scroll down to 72, download and run it twice (it should have a restore desktop thing and hopefully everything will come back after)

This might also work for you.
0
 
jeffiepooCommented:
http://www.technize.com/cannot-right-click-desktop-or-in-windows-explorer/

try option 2. If this doesn't work I might be stumped.

-Jeff
0
 
younghvCommented:
Both Malwarebytes and ComboFix can be interfered with by rogue processes.
You will need to run one of the 'Rogue Stoppers' before doing your scans.

RogueKiller:
http://www.geekstogo.com/forum/files/file/413-roguekiller/ 

Rkill:
http://www.bleepingcomputer.com/download/anti-virus/rkill

TheKiller
Download TheKiller to your Desktop
http://www.osvemu.com/thekiller/explorer.exe

Note that TheKiller is renamed as explorer.exe
Run it by double click
Press OK button after program finish
Do not restart your system after this step, but immediately run the next scan: MalwareBytes, TDSSKiller, ComboFix

Details in these EE Articles:

http://www.experts-exchange.com/A_5124.html (Stop-the-Bleeding-First-Aid-for-Malware)
http://www.experts-exchange.com/A_4922.html (Rogue-Killer-What-a-great-name)
http://www.experts-exchange.com/A_1940.html (Basic Malware Troubleshooting)
0
 
m2chaudhAuthor Commented:
Client couldnt wait and was getting impatient, so I ended up copying his data and then deleting his current profile and moving the data to new profile. Worked like a charm, just took little longer due to the copy/paste, his PC wasnt in best shape.
0
 
Melannk24Commented:
Just a little test, did you try starting a new instance of explorer.exe?  Use task manager, New Task(Run), explorer.exe.  

If that user's profile is corrupted by the malware, sometimes the malicious code will load it's own "explorer.exe" based on the login which could explain the locked desktop.   Malware's MO is injecting code in legitimate Windows files and processes.
0
 
m2chaudhAuthor Commented:
Yea I did that before I came to EE. Ended explorer.exe and ran it again from taskmanager.
0

Featured Post

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

  • 4
  • 3
  • 2
  • +3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now