Solved

Vista Home Prem - Spyware - I can't get to My Computer to run any Apps

Posted on 2012-03-09
5
724 Views
Last Modified: 2012-03-11
I'm trying to clean up a Vista laptop. It was infected with System Check. In the start menu, everything is missing except shutdown.

How do I clean it up?
0
Comment
Question by:Tony Giangreco
5 Comments
 
LVL 62

Accepted Solution

by:
☠ MASQ ☠ earned 250 total points
ID: 37702640
See how you get on with this
http://www.bleepingcomputer.com/virus-removal/remove-system-check
Please read through completely before starting.
Post if you've any difficulties with he solution.

If you've already started on a repair and just need to get your icons back, start here
http://www.experts-exchange.com/Software/Internet_Email/Anti_Spyware/A_6209-Windows-XP-Vista-Recovery-rogue-Desktop-icons-missing-Empty-program-files.html
0
 
LVL 25

Author Comment

by:Tony Giangreco
ID: 37703041
Ok, I've been following it. I ran MB, Rkill and Rogue Killer. Now all my icons show and it runs better.

I see two problems:

1. When I click Start, my list of programs are blank. If i click All Programs everything shows.
2. The System Check icon is still on the desktop and I verified the executable it points to is still in the c:\program Data folder. I thought MD would have removed it. I'm hesitant in deleteing it because it might start up again.
0
 
LVL 62

Expert Comment

by:☠ MASQ ☠
ID: 37703224
Restart your computer, run RKill again, wait for the window to close and then run another Quick Scan with MBAM. Then reboot and see if the System Check icon persists.  If it does please post the MBAM log.
0
 
LVL 3

Expert Comment

by:StuWhitby
ID: 37703586
If there's malware running on your system and you can't kill it due to it restarting, then there's a heartbeat set up with another malware program.  Get Process Explorer from http://technet.microsoft.com/sysinternals and suspend each process, then kill them.

Configure the displayed columns in Process Explorer to include company name.  This will generally show something dodgy for your malware.  You can also get Autoruns and Rootkit Revealer from there... autoruns will allow you to easily remove any automatically started programs from startup (however they're configured to start) and RKR will scan and remove rootkits from your system.

There are a few articles on Mark's Blog on the same site which explain how to remove this kind of stuff.
0
 
LVL 47

Assisted Solution

by:rpggamergirl
rpggamergirl earned 250 total points
ID: 37704016
Use TheKiller, followed by removal tools as suggested like Mbam, ComboFix, TDSSkiler etc.
http://maliprog.geekstogo.com/explorer.exe

Note that "TheKiller" is renamed as explorer.exe
Double click on it (If running Vista or Windows 7, right click on it and select "Run as an Administrator")
Press OK button after program finish
Do not restart your system after this step. You then run other tools like MalwareBytes, TDSSKiller or ComboFix.

NOTE: If malware blocks TheKiller from running please try to run it  again.



ComboFix by sUBs:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log and attach it in your next reply.
Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

ComboFix tutorial:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix


TDSSKiller:
http://support.kaspersky.com/downloads/utils/tdsskiller.zip
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

If you get continual lockouts after changing your Active Directory password, there are several possible reasons.  Two of the most common are using other devices to access your email and stored passwords in the credential manager of windows.
If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
The Task Scheduler is a powerful tool that is built into Windows. It allows you to schedule tasks (actions) on a recurring basis, such as hourly, daily, weekly, monthly, at log on, at startup, on idle, etc. This video Micro Tutorial is a brief intro…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now