Solved

Vista Home Prem - Spyware - I can't get to My Computer to run any Apps

Posted on 2012-03-09
5
732 Views
Last Modified: 2012-03-11
I'm trying to clean up a Vista laptop. It was infected with System Check. In the start menu, everything is missing except shutdown.

How do I clean it up?
0
Comment
Question by:Tony Giangreco
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 62

Accepted Solution

by:
☠ MASQ ☠ earned 250 total points
ID: 37702640
See how you get on with this
http://www.bleepingcomputer.com/virus-removal/remove-system-check
Please read through completely before starting.
Post if you've any difficulties with he solution.

If you've already started on a repair and just need to get your icons back, start here
http://www.experts-exchange.com/Software/Internet_Email/Anti_Spyware/A_6209-Windows-XP-Vista-Recovery-rogue-Desktop-icons-missing-Empty-program-files.html
0
 
LVL 25

Author Comment

by:Tony Giangreco
ID: 37703041
Ok, I've been following it. I ran MB, Rkill and Rogue Killer. Now all my icons show and it runs better.

I see two problems:

1. When I click Start, my list of programs are blank. If i click All Programs everything shows.
2. The System Check icon is still on the desktop and I verified the executable it points to is still in the c:\program Data folder. I thought MD would have removed it. I'm hesitant in deleteing it because it might start up again.
0
 
LVL 62

Expert Comment

by:☠ MASQ ☠
ID: 37703224
Restart your computer, run RKill again, wait for the window to close and then run another Quick Scan with MBAM. Then reboot and see if the System Check icon persists.  If it does please post the MBAM log.
0
 
LVL 3

Expert Comment

by:StuWhitby
ID: 37703586
If there's malware running on your system and you can't kill it due to it restarting, then there's a heartbeat set up with another malware program.  Get Process Explorer from http://technet.microsoft.com/sysinternals and suspend each process, then kill them.

Configure the displayed columns in Process Explorer to include company name.  This will generally show something dodgy for your malware.  You can also get Autoruns and Rootkit Revealer from there... autoruns will allow you to easily remove any automatically started programs from startup (however they're configured to start) and RKR will scan and remove rootkits from your system.

There are a few articles on Mark's Blog on the same site which explain how to remove this kind of stuff.
0
 
LVL 47

Assisted Solution

by:rpggamergirl
rpggamergirl earned 250 total points
ID: 37704016
Use TheKiller, followed by removal tools as suggested like Mbam, ComboFix, TDSSkiler etc.
http://maliprog.geekstogo.com/explorer.exe

Note that "TheKiller" is renamed as explorer.exe
Double click on it (If running Vista or Windows 7, right click on it and select "Run as an Administrator")
Press OK button after program finish
Do not restart your system after this step. You then run other tools like MalwareBytes, TDSSKiller or ComboFix.

NOTE: If malware blocks TheKiller from running please try to run it  again.



ComboFix by sUBs:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe 

STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log and attach it in your next reply.
Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

ComboFix tutorial:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix


TDSSKiller:
http://support.kaspersky.com/downloads/utils/tdsskiller.zip
0

Featured Post

Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

As cyber crime continues to grow in both numbers and sophistication, a troubling trend of optimization has emerged over the last year.
If you are looking at this article, you have most likely been hit by some version of ransomware and are trying to find out if there is anything you can do, or what way you should react - READ ON!
The Task Scheduler is a powerful tool that is built into Windows. It allows you to schedule tasks (actions) on a recurring basis, such as hourly, daily, weekly, monthly, at log on, at startup, on idle, etc. This video Micro Tutorial is a brief intro…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question