We help IT Professionals succeed at work.

Virus Windows Vista HP

I have a HP win Vista laptop with a virus on it. I'm unable to access sys restore and any of the files on the user end. When the laptop boots it only shows the recycle bin. I have run ESET, IO Fighter, Malewarebytes. They all found issues and susposedly cleaned them. The computer is still not allowing me to get files or functioning properly.

Anyone have any idea what could be the issue or a way to resolve it with out formatting immediatly ?

Thanks for your help....
Comment
Watch Question

CERTIFIED EXPERT
Author of the Year 2011
Top Expert 2006
Commented:
It will help if you can give us more details on your symptoms (a screen shot would be great).

You should also take a look at this EE Article - it may be the malware variant you are dealing with:
Windows-XP-Vista-Recovery-rogue-Desktop-icons-missing-Empty-program-files:
Commented:
Hi redbugsbunny

I have worked with ESET for a while and found it is not nearly as effective in cleaning the system when the PC booted normally, Try booting into safe mode and then perform a full scan.

HTH
CERTIFIED EXPERT
Author of the Year 2011
Top Expert 2006
Commented:
Actually, almost all variants of malware need to be scanned for in "Normal Mode". Not only do many variants not start their processes in "Safe Mode", you can blue screen your system by deleting files without the Windows File Protection Service (FPS) running.

Details here:
Malware Fighting – Best Practices

Author

Commented:
I will check all this out, I'm trying to run a repair see if that will re-write windows files, I'm guessing it wont fix the issue. I need to take a look at these replies also.

The pc will boot into safemode and also normal mode and wont do anything else at al just shows recycle bin....

I will post results here shortly as for a screen shot I cant get the laptop to do anything. All icons are gone cant access anything on it even to scan. Ive had it slaved for past 24 hours running scans not successfully...

Thanks all for your replies, I will look into these now...
CERTIFIED EXPERT
Author of the Year 2011
Top Expert 2006
Commented:
As a general comment, most current malware variants are running rogue processes that prevent most scanners/repair tools from running properly.

You MUST run some kind of stopper program immediately (no reboot) prior to starting your scan.

Details here:
Stop-the-Bleeding-First-Aid-for-Malware
Rogue-Killer-What-a-great-name
Commented:
You can try new user account first....user account might be corrupted.



Ded9
CERTIFIED EXPERT
Author of the Year 2011
Top Expert 2006
Commented:
Properly cleaning a virus requires using the same account that allowed the infection - this is a known infected system and the asker needs to step through the proper procedures for cleaning.
CERTIFIED EXPERT
Commented:
Safe mode.
System Restore.
Run Malwarebytes.
Run superantispyware.
Run antivirus program.
Run unhide.exe
Run HijackThis.

If you get success after these then you may be ok.

I found only way with this virus is to back up data after running unhide.exe and then rebuild PC (its a pain but only way to be sure)

This virus usually comes from an email purporting to be from DHL or similar saying there is a package to be collected. The attachment is a zip file which contains an exe (the virus).

Good luck
Boot with windows 7 DVD and click on  Repair Your Computer.
Now select repair using recovery tools.
Select command prompt.
Type regedit and ENTER.

->Click on HKEY_USERS
->goto File-> Load Hive
->select the file C:\WINDOWS\SYSTEM32\SOFTWARE (Note the file SOFTWARE does not have any extension)
->give a name (Eg: keySoft)
->goto HKEY_USERS\keySoft\Microsoft\Windows NT\CurrentVersion\Winlogon

->Check the string value of shell in right pane.. it should be just explorer.exe delete any extra texts.
->Check the value of Userinit.. it should be
C:\Windows\system32\userinit.exe,

-> goto HKEY_USERS\keySoft\Microsoft\Windows\CurrentVersion\Run
Delete all the unwanted startup items on the right pane.

now click on HKEY_USERS\keySoft
goto file unload hive.. press YES.

restart the computer.

Author

Commented:
Rogue Killer worked for time being it alloweed all the desktop icons back and is allowing me to upgrade the computer from vista to 7....it appears to be working more then before the upgrade is almost completed...

Will post results here shortly..Thanks all
CERTIFIED EXPERT
Author of the Year 2011
Top Expert 2006
Commented:
@redbugsbunny,
RogueKiller is designed to be run to allow the user to then scan for malware. It does have some curative ability, but it is a much better procedure to do a thorough scan/clean with Malwarebytes (or some other scanner) prior to continuing any system changes - such as your OS upgrade.

It will be interesting to see if the upgrade completes - fingers crossed.

Commented:
Also follow the steps listed at PCCleaningguide.com to keep you computer clean.
CERTIFIED EXPERT
Author of the Year 2011
Top Expert 2006
Commented:
You can stay right here on EE and get some helpful guidance:
MALWARE - "An Ounce of Prevention..."

Explore More ContentExplore courses, solutions, and other research materials related to this topic.