[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 748
  • Last Modified:

Vista Home Prem - Spyware - I can't get to My Computer to run any Apps

I'm trying to clean up a Vista laptop. It was infected with System Check. In the start menu, everything is missing except shutdown.

How do I clean it up?
0
Tony Giangreco
Asked:
Tony Giangreco
2 Solutions
 
☠ MASQ ☠Commented:
See how you get on with this
http://www.bleepingcomputer.com/virus-removal/remove-system-check
Please read through completely before starting.
Post if you've any difficulties with he solution.

If you've already started on a repair and just need to get your icons back, start here
http://www.experts-exchange.com/Software/Internet_Email/Anti_Spyware/A_6209-Windows-XP-Vista-Recovery-rogue-Desktop-icons-missing-Empty-program-files.html
0
 
Tony GiangrecoAuthor Commented:
Ok, I've been following it. I ran MB, Rkill and Rogue Killer. Now all my icons show and it runs better.

I see two problems:

1. When I click Start, my list of programs are blank. If i click All Programs everything shows.
2. The System Check icon is still on the desktop and I verified the executable it points to is still in the c:\program Data folder. I thought MD would have removed it. I'm hesitant in deleteing it because it might start up again.
0
 
☠ MASQ ☠Commented:
Restart your computer, run RKill again, wait for the window to close and then run another Quick Scan with MBAM. Then reboot and see if the System Check icon persists.  If it does please post the MBAM log.
0
 
StuWhitbyCommented:
If there's malware running on your system and you can't kill it due to it restarting, then there's a heartbeat set up with another malware program.  Get Process Explorer from http://technet.microsoft.com/sysinternals and suspend each process, then kill them.

Configure the displayed columns in Process Explorer to include company name.  This will generally show something dodgy for your malware.  You can also get Autoruns and Rootkit Revealer from there... autoruns will allow you to easily remove any automatically started programs from startup (however they're configured to start) and RKR will scan and remove rootkits from your system.

There are a few articles on Mark's Blog on the same site which explain how to remove this kind of stuff.
0
 
rpggamergirlCommented:
Use TheKiller, followed by removal tools as suggested like Mbam, ComboFix, TDSSkiler etc.
http://maliprog.geekstogo.com/explorer.exe

Note that "TheKiller" is renamed as explorer.exe
Double click on it (If running Vista or Windows 7, right click on it and select "Run as an Administrator")
Press OK button after program finish
Do not restart your system after this step. You then run other tools like MalwareBytes, TDSSKiller or ComboFix.

NOTE: If malware blocks TheKiller from running please try to run it  again.



ComboFix by sUBs:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe 

STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log and attach it in your next reply.
Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

ComboFix tutorial:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix


TDSSKiller:
http://support.kaspersky.com/downloads/utils/tdsskiller.zip
0

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot has fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now